Forum Discussion

MR_RJ's avatar
MR_RJ
Icon for Cirrus rankCirrus
Jun 20, 2012

Advanced configuration with one local node and one external

Hi,

 

 

Trying to configure the following.

 

BigIP v10.x.

 

 

I have a NTP server placed on a DMZ, 10.0.0.1. I got a LB IP (VS) 10.0.0.2 with SNAT.

 

That part works just fine.

 

I would now like to add another node, but the node is located on internet, so when the local server goes down or is in maintenance, the requests shall go to ntp server on internet.

 

How should I solve this?

 

If I just put the public-internet-ip as a node, the incoming traffic will be SNATed and the LB dont know where to send this since it doesnt really know a default gw on the subnet 10.0.0.0/24.

 

My first though was to create a iRule like:

 

 

when CLIENT_ACCEPTED {

 

if { [active_members NTP] == 0 } {

 

snat automap

 

pool DMZ_GW

 

}

 

}

 

 

...but it doesn't work :|

 

 

Any ideas how to solve this?

 

I've searched the forum for similar solutions without success.

 

 

//Rob

 

  • Arie's avatar
    Arie
    Icon for Altostratus rankAltostratus
    The first thing you'll want to check is to see whether your node with the public address can route out to the remote server. If you're lucky it'll respond to a ping. If not you can use a customized monitor for the remote pool member (e.g. http).
  • Hi,

     

     

    Thanks for the answer.

     

    The LTM can't route out to Internet since doesnt have a default route like that. I would hope that it is possible to create a iRule that says "no active member found in pool NTP, then SNAT the request, send it to external.ip via nexthop "default-gw".

     

     

    There must be a way :)

     

    Any ideas how?
  • Something like this:

     

    when CLIENT_ACCEPTED {

     

    if { [active_members NTP] == 0 } {

     

    snat automap

     

    nexthop 10.0.0.254

     

    pool NTP-external

     

    log local0. "ntp irule executed"

     

    }

     

    }

     

     

    ...but it doesnt work :x

     

  • Will that work?

     

    Not sure exactly how the device handles routing in that kind of way.

     

    Will BigIP then know that it should send requests to that gateway via the selfip located at 10.0.0.0/24? (since I must SNAT it here)?

     

     

    I though a host route only affects the management traffic?

     

     

    Thanks

     

    Robert
  • A small update on this one. I just got back from a few weeks off so sorry for the late update.

     

     

    As hoolio suggested. The solution is to add a route under Network / routes.

     

    I did a /32 route and put the destination for the route to the network gw on the VLAN that i tried with a iRule before.

     

     

    Everything seems to work just fine.

     

    I did a priority group, so all NTP requests goes to our NTP-server but if it goes down, the request will be forwarded to this /32 host on the internet.

     

     

    Thanks everyone!

     

  • Glad to hear that worked for you RJ. Thanks for confirming.

     

     

    Aaron