{"id":2391,"date":"2015-10-30T18:00:14","date_gmt":"2015-10-30T22:00:14","guid":{"rendered":"https:\/\/infotechguy.net\/?p=2391"},"modified":"2025-02-22T11:26:46","modified_gmt":"2025-02-22T16:26:46","slug":"bigip-f5-irule-server-selection-based-on-client-source-address-and-port","status":"publish","type":"post","link":"https:\/\/infotechguy.net\/?p=2391","title":{"rendered":"F5 BIGIP &#8212; iRule Server Selection based on Client Source Address and Port"},"content":{"rendered":"<p>A interesting request came up today regarding a Web Service we provide to multiple clients, all of whom have peering points connecting their IP network to ours using private address. The request was to have certain clients hit a particular Web box in a Server Pool, while others hitting the other. At the same time only for certain ports. Some of our web applications use a variety of ports because of the proprietary application running. Ports include, all <strong>TCP, 80, 443, 5555, 6050<\/strong>.\u00a0 So I set off to create an <a href=\"https:\/\/infotechguy.net\/f5-irules\/\" target=\"_blank\" rel=\"noopener noreferrer\">iRule<\/a> to handle this and have it log to show how everything is being mapped, start to finish for each connection.<\/p>\n<p><strong>A Service little info:<\/strong><\/p>\n<ul>\n<li>Client PAT = 10.99.29.10<\/li>\n<li>PrimaryWebCluster = 10.43.1.6<\/li>\n<li>Web01 = 10.43.4.231<\/li>\n<li>Web02 = 10.43.4.232<\/li>\n<li>Ports = 80, 443, 5555, 6050<\/li>\n<\/ul>\n<p><strong>iRule: irule_SrvSelection_byClientSrcAndPort<\/strong><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">when CLIENT_ACCEPTED {    \n     if { [TCP::local_port] == 80 } {  \n        if { [IP::addr [IP::client_addr] equals 10.99.29.10] } {        \n        pool pool_ct_primarywebcluster_80 member 10.43.4.231 80\n        log local0. \"[IP::client_addr] is Web01\"            \n        } else {        \n         pool pool_ct_primarywebcluster_80 member 10.43.4.232 80    \n        log local0. \"[IP::client_addr] is Web02\"          \n        }\n    }\n    if { [TCP::local_port] == 443 } {\n        if { [IP::addr [IP::client_addr] equals 10.99.29.10] } {        \n        pool pool_ct_primarywebcluster_443 member 10.43.4.231 443\n        log local0. \"[IP::client_addr] is Web01\"            \n        } else {        \n         pool pool_ct_primarywebcluster_443 member 10.43.4.232 443\n        log local0. \"[IP::client_addr] is Web02\"  \n        }\n    }\nif { [TCP::local_port] == 5555 } {\n        if { [IP::addr [IP::client_addr] equals 10.99.29.10] } {        \n        pool pool_ct_primarywebcluster_5022 member 10.43.4.231 5022\n        log local0. \"[IP::client_addr] is Web01\"   \n        } else {        \n         pool pool_ct_primarywebcluster_5022 member 10.43.4.232 5022\n        log local0. \"[IP::client_addr] is Web02\"  \n        }\n    }\n}\n\nif { [TCP::local_port] == 6050 } {\n        if { [IP::addr [IP::client_addr] equals 10.99.29.10] } {        \n        pool pool_ct_primarywebcluster_5022 member 10.43.4.231 5022\n        log local0. \"[IP::client_addr] is Web01\"   \n        } else {        \n         pool pool_ct_primarywebcluster_5022 member 10.43.4.232 5022\n        log local0. \"[IP::client_addr] is Web02\"  \n        }\n    }\n}\nwhen SERVER_CONNECTED {\n  log local0. \"Connection from [IP::client_addr]:[TCP::client_port]. \\\n    Mapped to F5 Floating IP [serverside {IP::local_addr}]:[serverside {TCP::local_port}] \\\n    --&gt;&gt; [IP::server_addr]:[serverside {TCP::remote_port}]\"\n}<\/pre>\n<p>&nbsp;<\/p>\n<p>And to check, SSH into the P<strong>rimary F5 in the pair<\/strong> and type <strong>bash<\/strong> to give you shell access. (<em>BIGIP v11.5+<\/em>),<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">tailf \/var\/log\/ltm<\/pre>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">tmm3[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02\ntmm3[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:22524. to VIP 10.43.1.6  --&gt;&gt; 10.43.4.232:443\ntmm3[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02\ntmm3[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:10972. to VIP 10.43.1.6  --&gt;&gt; 10.43.4.232:443\ntmm[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02\ntmm[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:53187. to VIP 10.43.1.6  --&gt;&gt; 10.43.4.232:443\ntmm2[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02\ntmm2[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:15709. to VIP 10.43.1.6  --&gt;&gt; 10.43.4.232:443\ntmm3[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02\ntmm3[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:62364. to VIP 10.43.1.6  --&gt;&gt; 10.43.4.232:443\ntmm3[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02\ntmm3[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:62496. to VIP 10.43.1.6  --&gt;&gt; 10.43.4.232:443\ntmm[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02\ntmm[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:42691. to VIP 10.43.1.6  --&gt;&gt; 10.43.4.232:443\ntmm1[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02\ntmm1[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:28510. to VIP 10.43.1.6  --&gt;&gt; 10.43.4.232:443\ntmm3[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02\ntmm3[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:40464. to VIP 10.43.1.6  --&gt;&gt; 10.43.4.232:443\ntmm1[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02\ntmm1[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : Connection from 10.99.29.10:4082. to VIP 10.43.1.6  --&gt;&gt; 10.43.4.232:443\ntmm[14225]: Rule \/Common\/irule_SrvSelection_byClientSrcAndPort : 10.99.29.10 is Web02<\/pre>\n<p>Nice!!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A interesting request came up today regarding a Web Service we provide to multiple clients, all of whom have peering points connecting their IP network to ours using private address. The request was to have&#46;&#46;&#46;<\/p>\n","protected":false},"author":2,"featured_media":4241,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[65,82],"class_list":["post-2391","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-f5","tag-f5","tag-irule-2"],"_links":{"self":[{"href":"https:\/\/infotechguy.net\/index.php?rest_route=\/wp\/v2\/posts\/2391","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infotechguy.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infotechguy.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infotechguy.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/infotechguy.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2391"}],"version-history":[{"count":1,"href":"https:\/\/infotechguy.net\/index.php?rest_route=\/wp\/v2\/posts\/2391\/revisions"}],"predecessor-version":[{"id":4149,"href":"https:\/\/infotechguy.net\/index.php?rest_route=\/wp\/v2\/posts\/2391\/revisions\/4149"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/infotechguy.net\/index.php?rest_route=\/wp\/v2\/media\/4241"}],"wp:attachment":[{"href":"https:\/\/infotechguy.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2391"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infotechguy.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2391"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infotechguy.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2391"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}