ltm rule command IP addr
iRule(1) BIG-IP TMSH Manual iRule(1)
IP::addr
IP address comparison.
SYNOPSIS
IP::addr IP_ADDR_MASK 'equals' IP_ADDR_MASK
DESCRIPTION
IP address comparison
Performs comparison of IP address/subnet/supernet to IP address/subnet/supernet.
Returns 0 if no match, 1 for a match.
Use of IP::addr is not necessary if the class (v10+) or matchclass (v9) command is used to perform the
address-to-address comparison.
Does NOT perform a string comparison. To perform a literal string comparison, simply compare the 2 strings
with the appropriate operator (equals, contains, starts_with, etc) rather than using the IP::addr comparison.
For versions 10.0 - 10.2.1, use the "slash notation" such as "/16" or "/24" instead of dotted decimal for the
netmask like "/255.255.255.0". The latter dotted decimal netmask notation passes iRule validation in versions
10.0 - 10.2.1, but does not reliably work. You can, however, specify the IP and mask as follows: "10.1.1.0
mask 255.255.255.0" (no slash at all with double quotes). The dotted decimal notation for / is restored in
version 10.2.2. (bug id 347628)
IP::addr 'parse' ((('-swap')? BINARY_FIELD (OFFSET)?) |
(('-ipv4')? BINARY_FIELD (OFFSET)?) |
(('-ipv6')? BINARY_FIELD (OFFSET)?) |
(('-swap' '-ipv4')? BINARY_FIELD (OFFSET)?)
)
DESCRIPTION
Parses the value in into an IPv4 dotted quad address, starting at the given offset in bytes.
The value of binary field must be 4 or more binary bytes intended to be parsed as an IP address. If the -swap
option is specified, network byte order conversion is performed on the bytes before parsing the address.
IP::addr IP_ADDR 'mask' IP_MASK
DESCRIPTION
RETURN VALUE
Returns 0 IF NO MATCH, 1 for a match.
VALID DURING
ANY_EVENT
EXAMPLES
# To perform comparison of IP address 10.10.10.1 with subnet 10.0.0.0. (Will return 1, since it is a match.)
[IP::addr 10.10.10.1 equals 10.0.0.0/8]
# To perform comparison of client-side IP address with subnet 10.0.0.0. (Will return 1 or 0, depending on client IP address.)
[IP::addr [IP::client_addr]/8 equals 10.0.0.0]
[IP::addr "10.0.0.0 mask 255.0.0.0" equals [IP::client_addr]]
[IP::addr 10.42.2.0/24 equals 10.42.2.1]: 1
[IP::addr 10.42.2.2 equals 10.42.2.0/24]: 1
# To select a specific pool for a specific client IP address.
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
pool my_pool
}
}
# To perform a comparison of IP address 10.10.10.1 with a list of addresses in a Data Group List, use class (v10) or matchclass (v9) instead:
[class match 10.10.10.1 equals client_ip_class]
[matchclass 10.10.10.1 equals myIPs]
# To validate an IP address, you can use catch statement (by natty76)
set a "1.1.1.1"
log local0. "catch $a => [catch {IP::addr $a mask 255.255.255.255} ]"
set a "256.256.256.256"
log local0. "catch $a => [catch {IP::addr $a mask 255.255.255.255} ]"
# To convert 4 binary bytes into an IPv4 address (10.2.0-HF2 or higher only):
when CLIENT_ACCEPTED {
set input_option [TCP::option get 28]
# since the option kind 28 data begins with a 1-byte version code,
# and we just want the address that follows it, use offset 1
set forwarded_ip [IP::addr parse $input_option 1]
log local0. "The IP address was $forwarded_ip"
}
# To use a switch statement to utilize different networks:
when HTTP_REQUEST {
switch [IP::addr [IP::client_addr] mask 255.255.255.0] {
"10.10.4.0" -
"192.168.4.0" {
pool pool_http_server_1
}
default {
reject
}
}
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-9.0.0 --First introduced the command.
BIG-IP 2020-06-23 iRule(1)