Forum Discussion
Ajit
Altostratus
AltostratusCan we configure same members in different VIP's
Currently i have one VIP which has 2 members in its pool. The members are 192.168.0.22:443 & 192.168.0.23:443. The IP of my VIP is a private IP address and the NAT translation happens on the firewall which is fine. Now, i need to create a new VIP for https with a different IP address and use the same members 192.168.0.22:443 & 192.168.0.23:443. Is that possible? I think i can use the same nodes but different ports.
Please advise.
Thanks in advance.
16 Replies
- nitass
Employee
Now, i need to create a new VIP for https with a different IP address and use the same members 192.168.0.22:443 & 192.168.0.23:443. Is that possible?
why not? :)
AjitHow will the return traffic know which VIP to go to? Suppose i have 2 VIP's with different IP addresses with same pool and pool members. What i think is that the nodes in the pool can be same i.e 192.168.0.22 & 192.168.0.23 but they need to communicate on different ports i.e. other than 443. I am not sure if using the same will work.
nitass_89166Noctilucent
Now, i need to create a new VIP for https with a different IP address and use the same members 192.168.0.22:443 & 192.168.0.23:443. Is that possible?
why not? :)
- AjitHow will the return traffic know which VIP to go to? Suppose i have 2 VIP's with different IP addresses with same pool and pool members. What i think is that the nodes in the pool can be same i.e 192.168.0.22 & 192.168.0.23 but they need to communicate on different ports i.e. other than 443. I am not sure if using the same will work.
- nitass
How will the return traffic know which VIP to go to?
source port on serverside (between bigip and pool member) will be different.
- nitass
e.g.
config root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar1 ltm virtual bar1 { destination 172.28.24.201:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 44 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar2 ltm virtual bar2 { destination 172.28.24.202:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 45 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo ltm pool foo { members { 200.200.200.101:80 { address 200.200.200.101 } } } trace [root@ve11a:Active:In Sync] config tcpdump -nni 0.0 -s0 port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes // bar1 12:25:16.007296 IP 172.28.24.1.38806 > 172.28.24.201.80: S 1487006438:1487006438(0) win 5840 in slot1/tmm0 lis= 12:25:16.007383 IP 172.28.24.201.80 > 172.28.24.1.38806: S 521107622:521107622(0) ack 1487006439 win 4380 out slot1/tmm0 lis=/Common/bar1 12:25:16.021530 IP 172.28.24.1.38806 > 172.28.24.201.80: . ack 1 win 5840 in slot1/tmm0 lis=/Common/bar1 12:25:16.023088 IP 172.28.24.1.38806 > 172.28.24.201.80: P 1:157(156) ack 1 win 5840 in slot1/tmm0 lis=/Common/bar1 12:25:16.023246 IP 172.28.24.201.80 > 172.28.24.1.38806: . ack 157 win 4536 out slot1/tmm0 lis=/Common/bar1 12:25:16.024639 IP 200.200.200.14.38806 > 200.200.200.101.80: S 2841845909:2841845909(0) win 4380 out slot1/tmm0 lis=/Common/bar1 12:25:16.378735 IP 200.200.200.101.80 > 200.200.200.14.38806: S 533865806:533865806(0) ack 2841845910 win 5792 in slot1/tmm0 lis=/Common/bar1 12:25:16.378767 IP 200.200.200.14.38806 > 200.200.200.101.80: . ack 1 win 4380 out slot1/tmm0 lis=/Common/bar1 12:25:16.378788 IP 200.200.200.14.38806 > 200.200.200.101.80: P 1:157(156) ack 1 win 4380 out slot1/tmm0 lis=/Common/bar1 12:25:16.584536 IP 200.200.200.101.80 > 200.200.200.14.38806: . ack 157 win 6432 in slot1/tmm0 lis=/Common/bar1 12:25:23.780423 IP 200.200.200.101.80 > 200.200.200.14.38806: P 1:244(243) ack 157 win 6432 in slot1/tmm0 lis=/Common/bar1 12:25:23.780494 IP 172.28.24.201.80 > 172.28.24.1.38806: P 1:244(243) ack 157 win 4536 out slot1/tmm0 lis=/Common/bar1 12:25:23.780503 IP 200.200.200.14.38806 > 200.200.200.101.80: . ack 244 win 4623 out slot1/tmm0 lis=/Common/bar1 12:25:23.782055 IP 172.28.24.1.38806 > 172.28.24.201.80: . ack 244 win 6432 in slot1/tmm0 lis=/Common/bar1 12:25:23.782329 IP 172.28.24.1.38806 > 172.28.24.201.80: F 157:157(0) ack 244 win 6432 in slot1/tmm0 lis=/Common/bar1 12:25:23.782329 IP 172.28.24.201.80 > 172.28.24.1.38806: . ack 158 win 4536 out slot1/tmm0 lis=/Common/bar1 12:25:23.782329 IP 200.200.200.14.38806 > 200.200.200.101.80: F 157:157(0) ack 244 win 4623 out slot1/tmm0 lis=/Common/bar1 12:25:23.849842 IP 200.200.200.101.80 > 200.200.200.14.38806: . ack 158 win 6432 in slot1/tmm0 lis=/Common/bar1 12:25:24.382187 IP 200.200.200.101.80 > 200.200.200.14.38806: F 244:244(0) ack 158 win 6432 in slot1/tmm0 lis=/Common/bar1 12:25:24.382248 IP 200.200.200.14.38806 > 200.200.200.101.80: . ack 245 win 4623 out slot1/tmm0 lis=/Common/bar1 12:25:24.382260 IP 172.28.24.201.80 > 172.28.24.1.38806: F 244:244(0) ack 158 win 4536 out slot1/tmm0 lis=/Common/bar1 12:25:24.383288 IP 172.28.24.1.38806 > 172.28.24.201.80: . ack 245 win 6432 in slot1/tmm0 lis=/Common/bar1 // bar2 12:25:35.223999 IP 172.28.24.1.60353 > 172.28.24.202.80: S 383028358:383028358(0) win 5840 in slot1/tmm1 lis= 12:25:35.224070 IP 172.28.24.202.80 > 172.28.24.1.60353: S 3453733638:3453733638(0) ack 383028359 win 4380 out slot1/tmm1 lis=/Common/bar2 12:25:35.225749 IP 172.28.24.1.60353 > 172.28.24.202.80: . ack 1 win 5840 in slot1/tmm1 lis=/Common/bar2 12:25:35.225923 IP 172.28.24.1.60353 > 172.28.24.202.80: P 1:157(156) ack 1 win 5840 in slot1/tmm1 lis=/Common/bar2 12:25:35.225985 IP 200.200.200.14.60353 > 200.200.200.101.80: S 3760426868:3760426868(0) win 4380 out slot1/tmm1 lis=/Common/bar2 12:25:35.225993 IP 172.28.24.202.80 > 172.28.24.1.60353: . ack 157 win 4536 out slot1/tmm1 lis=/Common/bar2 12:25:35.305729 IP 200.200.200.101.80 > 200.200.200.14.60353: S 1256281240:1256281240(0) ack 3760426869 win 5792 in slot1/tmm1 lis=/Common/bar2 12:25:35.305756 IP 200.200.200.14.60353 > 200.200.200.101.80: . ack 1 win 4380 out slot1/tmm1 lis=/Common/bar2 12:25:35.305775 IP 200.200.200.14.60353 > 200.200.200.101.80: P 1:157(156) ack 1 win 4380 out slot1/tmm1 lis=/Common/bar2 12:25:35.318241 IP 200.200.200.101.80 > 200.200.200.14.60353: . ack 157 win 6432 in slot1/tmm1 lis=/Common/bar2 12:25:36.095816 IP 200.200.200.101.80 > 200.200.200.14.60353: P 1:244(243) ack 157 win 6432 in slot1/tmm1 lis=/Common/bar2 12:25:36.095872 IP 172.28.24.202.80 > 172.28.24.1.60353: P 1:244(243) ack 157 win 4536 out slot1/tmm1 lis=/Common/bar2 12:25:36.095881 IP 200.200.200.14.60353 > 200.200.200.101.80: . ack 244 win 4623 out slot1/tmm1 lis=/Common/bar2 12:25:36.097815 IP 172.28.24.1.60353 > 172.28.24.202.80: . ack 244 win 6432 in slot1/tmm1 lis=/Common/bar2 12:25:36.098165 IP 172.28.24.1.60353 > 172.28.24.202.80: F 157:157(0) ack 244 win 6432 in slot1/tmm1 lis=/Common/bar2 12:25:36.098186 IP 172.28.24.202.80 > 172.28.24.1.60353: . ack 158 win 4536 out slot1/tmm1 lis=/Common/bar2 12:25:36.098194 IP 200.200.200.14.60353 > 200.200.200.101.80: F 157:157(0) ack 244 win 4623 out slot1/tmm1 lis=/Common/bar2 12:25:36.106357 IP 200.200.200.101.80 > 200.200.200.14.60353: F 244:244(0) ack 158 win 6432 in slot1/tmm1 lis=/Common/bar2 12:25:36.106393 IP 200.200.200.14.60353 > 200.200.200.101.80: . ack 245 win 4623 out slot1/tmm1 lis=/Common/bar2 12:25:36.106402 IP 172.28.24.202.80 > 172.28.24.1.60353: F 244:244(0) ack 158 win 4536 out slot1/tmm1 lis=/Common/bar2 12:25:36.108395 IP 172.28.24.1.60353 > 172.28.24.202.80: . ack 245 win 6432 in slot1/tmm1 lis=/Common/bar2- AjitThanks a lot Nitass. You have answered my doubt perfectly. I only need to know if i need to enable SNAT automap in my VIP for this to work?
- nitasssnat is not needed as long as pool member sends return traffic to bigip (e.g. bigip is its default gateway). in my lab, pool member default gateway is not bigip. so, i have to enable snat automap.
- AjitGot it. Thanks a lot for your time & help. Appreciate it :)
- nitass_89166
e.g.
config root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar1 ltm virtual bar1 { destination 172.28.24.201:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 44 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar2 ltm virtual bar2 { destination 172.28.24.202:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 45 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo ltm pool foo { members { 200.200.200.101:80 { address 200.200.200.101 } } } trace [root@ve11a:Active:In Sync] config tcpdump -nni 0.0 -s0 port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes // bar1 12:25:16.007296 IP 172.28.24.1.38806 > 172.28.24.201.80: S 1487006438:1487006438(0) win 5840 in slot1/tmm0 lis= 12:25:16.007383 IP 172.28.24.201.80 > 172.28.24.1.38806: S 521107622:521107622(0) ack 1487006439 win 4380 out slot1/tmm0 lis=/Common/bar1 12:25:16.021530 IP 172.28.24.1.38806 > 172.28.24.201.80: . ack 1 win 5840 in slot1/tmm0 lis=/Common/bar1 12:25:16.023088 IP 172.28.24.1.38806 > 172.28.24.201.80: P 1:157(156) ack 1 win 5840 in slot1/tmm0 lis=/Common/bar1 12:25:16.023246 IP 172.28.24.201.80 > 172.28.24.1.38806: . ack 157 win 4536 out slot1/tmm0 lis=/Common/bar1 12:25:16.024639 IP 200.200.200.14.38806 > 200.200.200.101.80: S 2841845909:2841845909(0) win 4380 out slot1/tmm0 lis=/Common/bar1 12:25:16.378735 IP 200.200.200.101.80 > 200.200.200.14.38806: S 533865806:533865806(0) ack 2841845910 win 5792 in slot1/tmm0 lis=/Common/bar1 12:25:16.378767 IP 200.200.200.14.38806 > 200.200.200.101.80: . ack 1 win 4380 out slot1/tmm0 lis=/Common/bar1 12:25:16.378788 IP 200.200.200.14.38806 > 200.200.200.101.80: P 1:157(156) ack 1 win 4380 out slot1/tmm0 lis=/Common/bar1 12:25:16.584536 IP 200.200.200.101.80 > 200.200.200.14.38806: . ack 157 win 6432 in slot1/tmm0 lis=/Common/bar1 12:25:23.780423 IP 200.200.200.101.80 > 200.200.200.14.38806: P 1:244(243) ack 157 win 6432 in slot1/tmm0 lis=/Common/bar1 12:25:23.780494 IP 172.28.24.201.80 > 172.28.24.1.38806: P 1:244(243) ack 157 win 4536 out slot1/tmm0 lis=/Common/bar1 12:25:23.780503 IP 200.200.200.14.38806 > 200.200.200.101.80: . ack 244 win 4623 out slot1/tmm0 lis=/Common/bar1 12:25:23.782055 IP 172.28.24.1.38806 > 172.28.24.201.80: . ack 244 win 6432 in slot1/tmm0 lis=/Common/bar1 12:25:23.782329 IP 172.28.24.1.38806 > 172.28.24.201.80: F 157:157(0) ack 244 win 6432 in slot1/tmm0 lis=/Common/bar1 12:25:23.782329 IP 172.28.24.201.80 > 172.28.24.1.38806: . ack 158 win 4536 out slot1/tmm0 lis=/Common/bar1 12:25:23.782329 IP 200.200.200.14.38806 > 200.200.200.101.80: F 157:157(0) ack 244 win 4623 out slot1/tmm0 lis=/Common/bar1 12:25:23.849842 IP 200.200.200.101.80 > 200.200.200.14.38806: . ack 158 win 6432 in slot1/tmm0 lis=/Common/bar1 12:25:24.382187 IP 200.200.200.101.80 > 200.200.200.14.38806: F 244:244(0) ack 158 win 6432 in slot1/tmm0 lis=/Common/bar1 12:25:24.382248 IP 200.200.200.14.38806 > 200.200.200.101.80: . ack 245 win 4623 out slot1/tmm0 lis=/Common/bar1 12:25:24.382260 IP 172.28.24.201.80 > 172.28.24.1.38806: F 244:244(0) ack 158 win 4536 out slot1/tmm0 lis=/Common/bar1 12:25:24.383288 IP 172.28.24.1.38806 > 172.28.24.201.80: . ack 245 win 6432 in slot1/tmm0 lis=/Common/bar1 // bar2 12:25:35.223999 IP 172.28.24.1.60353 > 172.28.24.202.80: S 383028358:383028358(0) win 5840 in slot1/tmm1 lis= 12:25:35.224070 IP 172.28.24.202.80 > 172.28.24.1.60353: S 3453733638:3453733638(0) ack 383028359 win 4380 out slot1/tmm1 lis=/Common/bar2 12:25:35.225749 IP 172.28.24.1.60353 > 172.28.24.202.80: . ack 1 win 5840 in slot1/tmm1 lis=/Common/bar2 12:25:35.225923 IP 172.28.24.1.60353 > 172.28.24.202.80: P 1:157(156) ack 1 win 5840 in slot1/tmm1 lis=/Common/bar2 12:25:35.225985 IP 200.200.200.14.60353 > 200.200.200.101.80: S 3760426868:3760426868(0) win 4380 out slot1/tmm1 lis=/Common/bar2 12:25:35.225993 IP 172.28.24.202.80 > 172.28.24.1.60353: . ack 157 win 4536 out slot1/tmm1 lis=/Common/bar2 12:25:35.305729 IP 200.200.200.101.80 > 200.200.200.14.60353: S 1256281240:1256281240(0) ack 3760426869 win 5792 in slot1/tmm1 lis=/Common/bar2 12:25:35.305756 IP 200.200.200.14.60353 > 200.200.200.101.80: . ack 1 win 4380 out slot1/tmm1 lis=/Common/bar2 12:25:35.305775 IP 200.200.200.14.60353 > 200.200.200.101.80: P 1:157(156) ack 1 win 4380 out slot1/tmm1 lis=/Common/bar2 12:25:35.318241 IP 200.200.200.101.80 > 200.200.200.14.60353: . ack 157 win 6432 in slot1/tmm1 lis=/Common/bar2 12:25:36.095816 IP 200.200.200.101.80 > 200.200.200.14.60353: P 1:244(243) ack 157 win 6432 in slot1/tmm1 lis=/Common/bar2 12:25:36.095872 IP 172.28.24.202.80 > 172.28.24.1.60353: P 1:244(243) ack 157 win 4536 out slot1/tmm1 lis=/Common/bar2 12:25:36.095881 IP 200.200.200.14.60353 > 200.200.200.101.80: . ack 244 win 4623 out slot1/tmm1 lis=/Common/bar2 12:25:36.097815 IP 172.28.24.1.60353 > 172.28.24.202.80: . ack 244 win 6432 in slot1/tmm1 lis=/Common/bar2 12:25:36.098165 IP 172.28.24.1.60353 > 172.28.24.202.80: F 157:157(0) ack 244 win 6432 in slot1/tmm1 lis=/Common/bar2 12:25:36.098186 IP 172.28.24.202.80 > 172.28.24.1.60353: . ack 158 win 4536 out slot1/tmm1 lis=/Common/bar2 12:25:36.098194 IP 200.200.200.14.60353 > 200.200.200.101.80: F 157:157(0) ack 244 win 4623 out slot1/tmm1 lis=/Common/bar2 12:25:36.106357 IP 200.200.200.101.80 > 200.200.200.14.60353: F 244:244(0) ack 158 win 6432 in slot1/tmm1 lis=/Common/bar2 12:25:36.106393 IP 200.200.200.14.60353 > 200.200.200.101.80: . ack 245 win 4623 out slot1/tmm1 lis=/Common/bar2 12:25:36.106402 IP 172.28.24.202.80 > 172.28.24.1.60353: F 244:244(0) ack 158 win 4536 out slot1/tmm1 lis=/Common/bar2 12:25:36.108395 IP 172.28.24.1.60353 > 172.28.24.202.80: . ack 245 win 6432 in slot1/tmm1 lis=/Common/bar2- AjitThanks a lot Nitass. You have answered my doubt perfectly. I only need to know if i need to enable SNAT automap in my VIP for this to work?
- nitass_89166snat is not needed as long as pool member sends return traffic to bigip (e.g. bigip is its default gateway). in my lab, pool member default gateway is not bigip. so, i have to enable snat automap.
- AjitGot it. Thanks a lot for your time & help. Appreciate it :)
- nitass
will they be able to communicate with each other locally. i.e. If there is another PC/server in the same network 200.200.200.0/24 wants to access the websites bar1 & bar2.
in that case, you need snat (e.g. snat automap) to force return traffic from pool member going to bigip. otherwise, return traffic from pool member will go directly to client which will break a connection (asymmetric traffic).
How the internal return traffic will flow from loadbalancer? How will it identify which website to go to using the member 200.200.200.101:80 in this case?
it is the same concept i.e. source port on serverside will be different.
