Verify iRule Syntax

Question

Hello all
I am trying to write an iRule that will check for the incoming port, and then, check source IP address, and choose a Pool accordingly. This is my first iRule. Please let me know if this looks like I am programming it correctly. Obviously the X.X.X.X entries will have my desired IPs inserted. The Virtual Server has a default pool assigned that should catch anything that does not get caught by the iRule. There is also a Default Persistence Profile on the Virtual Server that I do not want used if a match is found in the iRule, thus the "persist none" entries. Please let me know if that is correct also.
Thanks!!!
Eric
when CLIENT_ACCEPTED {
if {[TCP::local_port] equals 7002 or [TCP::local_port] equals 443 or [TCP::local_port] equals 8443} {

if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP1
    }

if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP2
    }

if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP3
    }

if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP4
    }

if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP5
    }
}
if {[TCP::local_port] equals 7001 or [TCP::local_port] equals 80} {
    if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP1
    }

if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP2
    }

if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP3
    }

if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP4
    }

if { [IP::addr [IP::client_addr] equals X.X.X.X] } {
        persist none
        pool APP5
    }
}

}

lee_sutcliffe · Answer

I would try to avoid using so many repeated 'if' statements as it can be come quite cumbersome and small changes could ended up breaking your iRule. 
Using a datagroup with IP to pool mappings can be a cleaner way to achieve the same result. Switch statements are also faster and are a good alternative to using successive 'or' operators.
Also the second 'if' block looks like it could be placed within the first - for this reason I've included it within the same switch 'or' block.
Datagroup
ltm data-group internal my_dg {
    records {
        10.1.1.1 {
            data pool_a
        }
        10.1.1.2 {
            data pool_b
        }
    }
    type string
}

iRule
when CLIENT_ACCEPTED {
    switch [TCP::local_port] {
        "7002" -
        "443" -
        "8443" -
        "7001" -
        "80" {
            if {[set my_app [class match -value [IP::addr[IP::client_addr] equals "my_dg"]]]} {
                persist none
                pool $my_app
            }
        }
    }
}

Forum Discussion

Verify iRule Syntax

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Active- Active HA setup

syslog server connection

Cannot see floating MAC address outside of ESXi

Rewrite uri translation not working

Related Content

Verified Design: SSL Orchestrator with Palo Alto NGFW Virtual Edition-Part 1

Verified Design: SSL Orchestrator with McAfee Web Gateway-Part 1

Verified Design: SSL Orchestrator with Cisco Firepower Virtual Edition-Part 1

what's wrong with my syntax in this iRule?

Verified Design: SSL Orchestrator with Cisco Firepower Virtual Edition-Part 2