Forum Discussion

swo0sh_gt_13163's avatar
swo0sh_gt_13163
Icon for Altostratus rankAltostratus
Sep 16, 2013

undefined procedure error in iRule

Hello Folks,

Could you please help me correcting my following iRule?

================================================================ when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 172.22.64.0/24] } { snat 172.22.64.68 log local0. "SNATTed of SiteB" pool Test_pool }

elseif { [IP::addr [IP::remote_addr] equals 2.2.2.0/24] }

    {
        snatpool NAME_OF_SNAT_POOL
        pool Pool_Name
        log local0. "SNATTed of SiteA"
    }

else { pool Normal }

}

I am getting following errors while adding it to my F5.

"01070151:3: Rule [/Common/Test] error: line 11: [undefined procedure: elseif] [elseif { [IP::addr [IP::remote_addr] equals 2.2.2.0/24] }] line 15: [undefined procedure: snatpool NAME_OF_SNAT_POOL pool Pool_Name log local0. "SNATTed of SiteA" ] [{ snatpool NAME_OF_SNAT_POOL pool Pool_Name log local0. "SNATTed of SiteA" }] line 21: [undefined procedure: else] [else { pool Normal }]"

I am newbie to programming, hence I couldn't figure out the syntax error. :( Seek for your help.

Thanks, Darshan

  • Hi Stephan,

     

    In case if I am using VS IP address to SNAT my traffic from one site to another site, will it be working?

     

    For eg. I am an ISP, I have a customer which has 2 sites hosted and I am managing his network between both the sites, along with load balancing.

     

    So I have F5 to load balance the traffic between both the sites. The requirement is to SNAT the traffic originated from SiteA with 1.1.1.1 IP address and SNAT the traffic originated from siteB with 2.2.2.2 IP address.

     

    And I have 2 virtual server hosted with the same IP addresses 1.1.1.1 and 2.2.2.2, do you think that above iRUle would be helpful to achieve this requirement?

     

    Sorry to stretch you for a long.

     

    Regards, Darshan

     

  • Hi Darshan,

     

    if the traffic is getting a site specific SNAT, then this information will be kept in the BIG-IP´s connection table.

     

    So in case there is a response coming back from a server, it will point to one of the SNAT addresses. Due to the existing connection table entry it will matched to the related peer and the response will be forwarded with the tuple information the client is expecting.

     

    That´s why there is no need to configure additional virtual servers to handle responses.

     

    I hope I got your question right. Will be on the move now ...

     

    Best regards, Stephan

     

  • Hi Stephan,

     

    Thanks for your response. I might couldn't describe the question well.

     

    Let me rephrase it, Is it possible to use an existing Virutal server IP addresses as an SNAT address to manage the traffic coming from a specific network to F5?

     

    Thanks again Stephan!

     

  • Hi Darshan, yes. The same IP can be used for both SNAT and to act as a Virtual server. Best regards, Stephan