Working iRule does not have support in the new code version.
We recently moved to a new 7200 F5 box which is running on code version “BIG-IP 11.4.1 Build 637.0 Hotfix HF3”.
What we seen was the iRules associated with many of our VIP’s did not work as expected and these were essentially just doing an SNAT for server behind the F5 which were trying to contact the VIP IP address. Similar iRules are working in the existing F5 very well.
It started with few applications failing over to the DR site and not working. We removed iRules and all applications started working. After that I just wrote the same iRule in a different manner and those also worked fine.
This is the existing iRule:
when CLIENT_ACCEPTED { if { [matchclass [IP::client_addr] equals $::app_nodes]} { app_nodes consists of 192.168.249.6 & 192.168.249.7
snat automap } }
This is the new iRule:
when CLIENT_ACCEPTED { if { ( [IP::addr [IP::client_addr] equals 192.168.249.0/24] ) } { snat automap }
What could be the reason the original iRule is failing? Is there something with the new code that does not support some logic in the iRule?
Thanks, N.
This is due to syntax change for calling data group list. Dollar Sign is not required now.
Try this one.
when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals app_nodes]} { snat automap } }