Forum Discussion
MR_RJ
Cirrus
CirrusAdvanced configuration with one local node and one external
Hi,
Trying to configure the following.
BigIP v10.x.
I have a NTP server placed on a DMZ, 10.0.0.1. I got a LB IP (VS) 10.0.0.2 with SNAT.
That part works just fine.
I would now like to add another node, but the node is located on internet, so when the local server goes down or is in maintenance, the requests shall go to ntp server on internet.
How should I solve this?
If I just put the public-internet-ip as a node, the incoming traffic will be SNATed and the LB dont know where to send this since it doesnt really know a default gw on the subnet 10.0.0.0/24.
My first though was to create a iRule like:
when CLIENT_ACCEPTED {
if { [active_members NTP] == 0 } {
snat automap
pool DMZ_GW
}
}
...but it doesn't work :|
Any ideas how to solve this?
I've searched the forum for similar solutions without success.
//Rob
7 Replies
ArieAltostratus
The first thing you'll want to check is to see whether your node with the public address can route out to the remote server. If you're lucky it'll respond to a ping. If not you can use a customized monitor for the remote pool member (e.g. http).
MR_RJHi,
Thanks for the answer.
The LTM can't route out to Internet since doesnt have a default route like that. I would hope that it is possible to create a iRule that says "no active member found in pool NTP, then SNAT the request, send it to external.ip via nexthop "default-gw".
There must be a way :)
Any ideas how?- MR_RJSomething like this:
when CLIENT_ACCEPTED {
if { [active_members NTP] == 0 } {
snat automap
nexthop 10.0.0.254
pool NTP-external
log local0. "ntp irule executed"
}
}
...but it doesnt work :x - hoolio
Cirrostratus
Can you add a host route for the external NTP server?
Aaron - MR_RJWill that work?
Not sure exactly how the device handles routing in that kind of way.
Will BigIP then know that it should send requests to that gateway via the selfip located at 10.0.0.0/24? (since I must SNAT it here)?
I though a host route only affects the management traffic?
Thanks
Robert - MR_RJA small update on this one. I just got back from a few weeks off so sorry for the late update.
As hoolio suggested. The solution is to add a route under Network / routes.
I did a /32 route and put the destination for the route to the network gw on the VLAN that i tried with a iRule before.
Everything seems to work just fine.
I did a priority group, so all NTP requests goes to our NTP-server but if it goes down, the request will be forwarded to this /32 host on the internet.
Thanks everyone! - hoolioGlad to hear that worked for you RJ. Thanks for confirming.
Aaron
