Performs comparison of IP address/subnet/supernet to IP address/subnet/supernet, or parses 4 binary bytes into an IPv4 dotted quad address


IP::addr <addr1>[/<mask>] equals <addr2>[/<mask>]
IP::addr parse [-swap] <binary field> [<offset>]
IP::addr <addr1> mask <mask>

v11 Additions/Changes:
IP::addr parse [-ipv6|-ipv4 [-swap]] <bytearray> [<offset>]

IP address comparison

Performs comparison of IP address/subnet/supernet to IP address/subnet/supernet.
Returns 0 if no match, 1 for a match.
Use of IP::addr is not necessary if the class (v10+) or matchclass (v9) command is used to perform the address-to-address comparison.
Does NOT perform a string comparison. To perform a literal string comparison, simply compare the 2 strings with the appropriate operator (equals, contains, starts_with, etc) rather than using the IP::addr comparison.
For versions 10.0 - 10.2.1, use the “slash notation” such as “/16” or “/24” instead of dotted decimal for the netmask like “/”. The latter dotted decimal netmask notation passes iRule validation in versions 10.0 - 10.2.1, but does not reliably work. You can, however, specify the IP and mask as follows: “ mask” (no slash at all with double quotes). The dotted decimal notation for / is restored in version 10.2.2. (bug id 347628)

IP address parsing (10.2.0-HF2 or higher only)

Parses the value in <binary field> into an IPv4 dotted quad address, starting at the given offset in bytes. The value of binary field must be 4 or more binary bytes intended to be parsed as an IP address. If the -swap option is specified, network byte order conversion is performed on the bytes before parsing the address.

Network ID Query

Calculates the network ID of the given IP address and netmask for use in such constructs as switch statements.

Route Domains

The address parameter does not pick up the partition default Route Domain. This is ID476920. When matching an address with a Route Domain, the Route Domain must be specified.


To perform comparison of IP address with subnet (Will return 1, since it is a match.)
[IP::addr equals]

To perform comparison of client-side IP address with subnet (Will return 1 or 0, depending on client IP address.)
[IP::addr [IP::client_addr]/8 equals]

[IP::addr " mask" equals [IP::client_addr]]

[IP::addr equals]: 1
[IP::addr equals]: 1
[IP::addr " mask" equals]: 1
[IP::addr equals " mask"]: 1

To select a specific pool for a specific client IP address.
   if { [IP::addr [IP::client_addr] equals] } {
      pool my_pool

To perform a comparison of IP address with a list of addresses in a Data Group List, use class (v10) or matchclass (v9) instead:
[class match equals client_ip_class]

[matchclass equals myIPs]

To validate an IP address, you can use catch statement (by natty76)
set a ""
log local0. "catch $a => [catch {IP::addr $a mask} ]"

set a ""
log local0. "catch $a => [catch {IP::addr $a mask} ]"

To convert 4 binary bytes into an IPv4 address (10.2.0-HF2 or higher only):
    set input_option [TCP::option get 28]
    # since the option kind 28 data begins with a 1-byte version code,
    # and we just want the address that follows it, use offset 1
    set forwarded_ip [IP::addr parse $input_option 1]
    log local0. "The IP address was $forwarded_ip"

To use a switch statement to utilize different networks:
    switch [IP::addr [IP::client_addr] mask] {
        "" -
        "" {
            pool pool_http_server_1
        default {