Redirect traffic based on Destination IP
Hi guys
I´m trying to redirect traffic based on destination IP using an Aflex, for example if a internal user sends traffic to 20.20.20.20 the A10 will redirect the traffic to a specified service group
Aflex:
Test #1
when CLIENT_ACCEPTED {
if { [IP::addr [IP::remote_addr] equals 20.20.20.20] } {
pool APACHE
}
}
Test #2
when CLIENT_ACCEPTED {
if { [IP::addr [clientside {IP::remote_addr}] equals 20.20.20.20 ] } {
pool APACHE
}
}
Virtual Server config:
slb virtual-server WILDCARD 0.0.0.0
port 0 others
aflex RED
service-group ISP-2-TCP
use-rcv-hop-for-resp
port 0 tcp
aflex RED
service-group ISP-2-TCP
use-rcv-hop-for-resp
port 0 udp
aflex RED
service-group ISP-2-UDP
use-rcv-hop-for-resp
Traffic Debugged
@4335587800 i( 2, 1)> ip 172.16.30.100 > 20.20.20.20 tcp 64987 > 443 S 7281f5f5:0(0) <msw, m=1460,w=8>
@4335587800 o( 4, 0)> ip 172.16.30.100 > 20.20.20.20 tcp 64987 > 443 S 7281f5f5:0(0) <msw, m=1460,w=8>
@4335587807 i( 2, 1)> ip 172.16.30.100 > 20.20.20.20 tcp 64988 > 443 S d0ce6dba:0(0) <msw, m=1460,w=8>
@4335587807 o( 4, 0)> ip 172.16.30.100 > 20.20.20.20 tcp 64988 > 443 S d0ce6dba:0(0) <msw, m=1460,w=8>
Comments
I suspect the IP returned with IP::remote_addr is not the expected value. Note the usage of this statement:
This command will return the IP address of the host at the far end of the connection. From the clientside position, this is the client IP address. From the serverside position, this is the node IP address. The IP::client_addr and IP::server_addr commands can also be specified.
This may be simpler to implement with one of these approaches:
One other thought is that traditionally wildcard VIPs, especially those used for NHLD, have "no-dest-nat" configured, so selecting a different pool will not perform a DNAT on the traffic. Would one of the above approaches work for your use-case?