BIG-IP F5 LTM – Geolocation

One great feature of the F5 Local Traffic Manager is ability to distribute traffic basic on its geographical location. This feature was introduced within v10.1 thanks to F5`s partnership with Neustar (previously) Quova.

The geolocation component uses a (local) IP geolocation database (on the F5) to determine the geographically location of the IP address. To perform a geolocation look-up on an IP address the ‘whereis’ iRule command is used.
To update the database you can either update it manually using the latest geolocation database. Obtained via https://downloads.f5.com

Note : A license is required via Neustar to either use the geolocation data within your application or to obtain city level geolocation features.

 

iRule Example

Below is an example of an iRule utilizing geolocation. Note :

  • Traffic is permitted based on the continent or country from which the connection originated from.
  • Additional countries/continents are added via the relevant datagroups named ‘country/continent’.
  • Also any IP that is not known within the database is automatically forwarded.

ltm rule IRULE-GEOLOCATION {
    # Allow traffic based on GeoLocation.
    # Access is granted via the country/continent datagroups.
    #
    # Country Reference   – http://www.iso.org/iso/country_codes/iso_3166_code_lists/country_names_and_code_elements.htm
    # Continent Reference – http://en.wikipedia.org/wiki/List_of_sovereign_states_and_dependent_territories_by_continent_%28data_file%29

    when CLIENT_ACCEPTED {
    if {  ([class match [whereis [IP::client_addr] continent] equals continent ] or [class match [whereis [IP::client_addr] country] equals country ])} {
      log local0. “irule – Permit IP: [IP::client_addr] from continent [whereis [IP::client_addr] continent] and country [whereis [IP::client_addr] country]”
      pool pool-example
    }
    elseif { [whereis [IP::client_addr] continent] equals “” and [whereis [IP::client_addr] country] equals “” } {
      log local0. “irule – Permit IP: [IP::client_addr] from continent <UNKNOWN> and country <UNKNOWN>”
      pool pool-example
    }
    else
    {
      drop
      log local0. “irule – Deny IP: [IP::client_addr] from continent [whereis [IP::client_addr] continent] and country [whereis [IP::client_addr] country]” }
    }
    }

 

 

Rick Donato

Want to become an F5 Loadbalancers expert?

Here is our hand-picked selection of the best courses you can find online:
F5 BIG-IP 101 Certification Exam – Complete Course
F5 BIG-IP 201 Certification Exam – Complete Course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial