Forum Discussion
NimbostratusBIG-IP production traffic flow.
We are connecting ‘externally’ using ‘https://www.xyz.zbc.com/yyy/123 which is then ‘translated’ to correct url in reverse proxy config. Secure communication is terminated on first BigIP. Second BigIP acts as load balancer. Port 8080 is to be used through the whole ‘chain’ to Presentation server(real server behind the second LB).
We observe that even when connecting on port 8080, the Presentation server responds on 8043. The BigIP and/or reverse proxy expects response on the same port as sent, meaning it’s expecting response on port 8080 (not 8043).
Any suggestions or doubts on why this may be happening?
dragonflymrCirrostratus
Hi,
Nothing more that you have to find out why Presentation server receiving connection to port 8080 replies from port 8043.
To be honest it's not possible from TCP protocol point of view, tere is no way to have one TCP connection where dst port for incoming packet is 8080 and src port for returning packet is 8043.
There has to be two separate connections, like:
- Presentation serer negotiates 3WHS with BIG-IP on port 8080 then accepts request and close TCP connection.
- Next Presentation server is trying to setup new TCP connection (3WHS) from port 8043 to some port on BIG-IP - or if there is no SNAT and Presentation has DG set to BIG-IP self IP - directly to client IP:port to send response.
This will never work for standard HTTP reverse proxy setup - except maybe if you will have SNAT object set with Presentation server IP as Origin to allow such Presentation srv initiated connection to go out via BIG_IP (could be as well wildcard VS on internal VLAN, or NAT object) or your intention was to use nPath configuration (Direct Server Return)
Piotr