Forum Discussion

alex_372679's avatar
alex_372679
Icon for Nimbostratus rankNimbostratus
Nov 12, 2018

GTM eDNS request

hello, for a GTM, i tried to have it distribute traffic "manually" using the source+destination@ as the persistence the idea is to send the source a.a.a.a and b.b.b.b and c.c.c.c to @IP.A and the non matching traffic to @IP.B

 

is it correct this way ?

 

when DNS_REQUEST {

 

set ldns [IP::client_addr]

 

log local0. "LDNS LOC: $ldns [whereis $ldns]" if { [DNS::edns0 exists] &! [catch { DNS::edns0 subnet address }] } {

 

set gtm_ecs_address [DNS::edns0 subnet address] set gtm_ecs_source [DNS::edns0 subnet source]

 

set gtm_ecs_scope [DNS::edns0 subnet scope]

 

set ldns $gtm_ecs_address

 

} if {([$gtm_ecs_address match "1.1.0.0/16"]) or ([$gtm_ecs_address match "1.2.0.0/16"]) or ([$gtm_ecs_address match "1.3.0.0/16"])}{ pool A } else { pool B } }

 

3 Replies

  • trying to make it readable :)

     

    when DNS_REQUEST { set ldns [IP::client_addr] if { [DNS::edns0 exists] &! [catch { DNS::edns0 subnet address }] } { set gtm_ecs_address [DNS::edns0 subnet address] log "ip-- $gtm_ecs_address" set gtm_ecs_source [DNS::edns0 subnet source] log "subnet source $gtm_ecs_source" set gtm_ecs_scope [DNS::edns0 subnet scope] set ldns $gtm_ecs_address if {([$gtm_ecs_address match "1.1.0.0/16"]) or ([$gtm_ecs_address match "1.2.0.0/16"]) or ([$gtm_ecs_address match "1.3.0.0/16"])}{ log "pool_A" } else { log "pool_B" } } }

     

  • in the end, we updated the irule to when DNS_REQUEST { set ldns [IP::client_addr] if { ([string tolower [DNS::question name]] equals "x.x.x.com")} { if { [DNS::edns0 exists] &! [catch { DNS::edns0 subnet address }] } { set gtm_ecs_address [DNS::edns0 subnet address] set gtm_ecs_source [DNS::edns0 subnet source] set gtm_ecs_scope [DNS::edns0 subnet scope] set ldns $gtm_ecs_address if {([class match $gtm_ecs_address equals condicion_A])}{ DNS::answer insert "[DNS::question name]. 10 [DNS::question class] [DNS::question type] 1.1.0.1" DNS::return } else { DNS::answer insert "[DNS::question name]. 10 [DNS::question class] [DNS::question type] 1.2.0.1" DNS::return } } } }

     

    we feel like there is a feeling of slowness, can yhou confirm if normal behavior

     

  • Any time you use an iRule (over just built-in functionality), things will process more slowly, hence the need to make iRule code as efficient as possible. Here are a couple of observations:

     

    • Your iRule sets a lot of variables that it doesn't seem to need, since it never references these variables after setting them. These include ldns, gtm_ecs_source, and gtm_ecs_scope (unless they're used by another iRule on the same connection, which I suspect they're not since you're providing the query response in this iRule). If you don't need them, don't set them. It might also mean you really don't even need gtm_ecs_address as you can use [DNS::edns0 subnet address] on the CLASS MATCH command instead. Setting and referencing variables in an iRule causes overhead.

       

    • Also, I can't tell for sure but from your specs it looks like you are using a data group for what appears to be just three different IP address ranges (whatever a.a.a.a, b.b.b.b, and c.c.c.c are). If only three or so possibilities to check against, a compound IF statement will probably run faster. You could using timing statistics or, if v13.1, the new Rule Profiler to make that determination.

       

    Having said all that, in BIG-IP v14.0, you can do this without an iRule (with a wide IP and topology load balancing, for example). For more information, see Eric Chen's article here: Using Client Subnet in DNS Requests