Forum Discussion

Steven_111985's avatar
Steven_111985
Icon for Nimbostratus rankNimbostratus
Jun 14, 2012

backend clients communicating to other pools via external virtual servers

Hi There

 

 

First post so hope I'm posting this in the right section.

 

We have 2x F5 Big-IP LTM 11.1 VE's in HA, with 3 subnets/vlans as follows:

 

 

1.1.1.0/26

 

[public tier]

 

|

 

|

 

[ F5 Big-IP LTM 11.1 ]

 

| |

 

| |

 

| |

 

[Web Tier] [App Tier]

 

172.16.1.0/24 172.16.2.0/24

 

 

Each tier has a Self IP for each F5 and a Floating SelfIP.

 

Standard Virtual Servers are enabled on the public tier and direct client traffic to server pools in the web tier, and Standard virtual servers are enabled on the Web Tier that direct traffic from clients in the web tier to server pools in the app tier.

 

 

What i want to be able to do is have clients in the web tier talk to existing virtual servers enabled on the public tier and therefor talk to another different load balanced pool of servers in the same web tier. And the same for the app tier, ie have clients in this tier talk to the standard virtual servers enabled on the web tier and be load balanced to a different

 

pool in the app tier. All communications would just be HTTP/S Traffic.

 

 

I have created an intelligent SNAT iRule and enabled it on the virtual servers i want this to happen on. And i have created a wildcard forwarding virtual server.

 

 

I can't however get this to work. What i do see when running a tcpdump on the Active F5 is the intial SYN packet going out, and the F5's self IP, arp requesting for the virtual server..

 

 

17:27:54.286884 IP 172.16.1.111.49766 > 1.1.1.12.https: S 733502483:733502483(0) win 8192

 

 

17:27:54.286975 arp who-has 1.1.1.12 tell 1.1.1.1

 

 

Where:

 

172.16.1.111 is the requesting web tier client,

 

1.1.1.12 is the standard virtual server ip address on public tier

 

1.1.1.1 is the self ip for the active F5 on the public tier.

 

 

SNAT iRule is this one i found here:

 

https://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/2379/showtab/groupforums/Default.aspx

 

 

when LB_SELECTED {

 

if {[IP::addr "[IP::client_addr]/24" equals "[LB::server addr]/24"]} {

 

snat automap

 

log local0. "snat automap"

 

}}

 

 

 

I'm hoping somebody can assist or point me in the right direction. Am i doing something wrong or what have i missed?

 

  • Hi Steven,

     

     

    Do you have the public 1.1.1.12 VS enabled on the web tier VLAN as well as the public VLAN?

     

     

    Aaron
  • Hi Aaron

     

    Aaha, that's done it, no I did not originally. It was only enabled on the vlan it was supposed to be for.

     

    Thanks very much.

     

     

     

    -Steven