Forum Discussion

David_Gill's avatar
Jul 08, 2021

iRule access to route table

I have two types of users connecting to the same Big-IP APM using the F5 Access VPN client. Both users reach internal servers via the route table which is populated via BGP. So far, so good. The challenge is that these two groups of users each require a different default route and I am trying to avoid the use of route domains. I can differentiate between the users based on lease pool address and/or session variables. My thought was to create a virtual with a destination IP of 0.0.0.0 along with an associated iRule which would dynamically assign a pool where the pool would be the next hop router. This also is straight forward however the issue is that I would only want to assign a pool IF the traffic needs to go out the default route (aka route of last resort). In other words, if there is already a route pointing to the intranet, then I would NOT want to redirect the traffic somewhere else therefore I would not assign a pool. If I had access to the routing table from within the iRule I could check to see if there is a route to get where I need to go and if not then I would set the pool to the correct next hop based on the user type.

 

So the question is, how can I read the routing table from an iRule? Sideband connection or perhaps iRule LX ?

1 Reply

  • If your nexthops are distinguishable and consistent, the safest path forward would be to use LINK::nexthop for this (and in conjunction with LINK::vlan_id if necessary)

     

    If you really want to pull the routing table in, you could write an iCall script to periodically read the routing table and set iStats variables then use an ISTATS::get call to pull the right information based on your key. But if I'm understanding your ask correctly, I think the LINK::nexthop approach is the best bet.