Forum Discussion
Nimbostratuscan't access the web application through F5 LTM
i have configured one webservice application on F5 box as below
VIP: 10.10.10.3:443 (vlan 10 on DR) Node 10.20.20.4:8543 (Vlan 20 on DC) 10.20.30.4:8543 (vlan 30 on DC)
i have basically 2 location (DR-F5 VIP and real servers are on main DC) .i am able to telnet on specific ports from DR-F5 trace,ping,telnet all works. Pool members shows up but cant access the application
I have tried adding static route ,but once i try to add static route on F5 pool member is marking down.\ i have tried taken the packet capture on DR-F5 but i see (RST,ACK from VIP to my PC IP) so checked all routing from source to destination ,but i did not observe any issue with routing.
can someone assist on this.
Thanks in Advance.
cjuniorNacreous
Hi, maybe the connections are traversing the mgmt gateway instead of the self ip network or maybe it have some issue when some profile breaking the SSL requests.
Could you share the VS, pool and route here? e.g.
tmsh list /ltm virtual VIRTUAL_SERVER_NAME list /ltm pool POOL_NAME show /net route lookup 10.20.20.4 show /net route lookup 10.20.30.4Plus, have the port 8543 a SSL traffic?
Regards.
TridipLenka_316Thanks Cjunior for response...here are the below details \
1) ltm virtual abc.app/abc_vs { app-service /Common/abc.app/abc destination 10.10.10.3:https fallback-persistence abc.app/abc_source-addr-persistence ip-protocol tcp mask 255.255.255.255 persist { abc.app/abc_cookie-persistence { default yes } } pool abc.app/abc_pool profiles { abc.app/abc_client-ssl { context clientside } abc.app/abc_http { } abc.app/abc_oneconnect { } abc.app/abc_optimized-caching { } abc.app/abc_server-ssl { context serverside } abc.app/abc_tcp-lan-optimized { context serverside } abc.app/abc_tcp-wan-optimized { context clientside } } source 0.0.0.0/0 translate-address enabled translate-port enabled vs-index 24
2)ltm pool abc.app/abc_pool { app-service /Common/abc.app/abc load-balancing-mode least-connections-member members { 10.20.20.4:8543 { address 10.20.20.4 app-service /Common/abc.app/abc session monitor-enabled state up } 10.20.30.4:8543 { address 10.20.30.4 app-service /Common/abc.app/abc session monitor-enabled state up } } monitor abc.app/abc_https_monitor slow-ramp-time 300 }
3)show /net route lookup 10.20.20.4
Net::Routes
Name Destination Type NextHop Origin10.20.20.4/32 10.20.20.4/32 interface /Common/internal static
4) same as 3..but after adding static route pool member is marked as down
5) SSL handshake is getting finished
- cjunior
It looks fine when you have deployed from an app.
If I'm not wrong, you have created route like this way:create net route 10.20.20.4/32 interface /Common/internalDid you try to create a route to a gateway on internal vlan? e.g.
create net route 10.20.20.4/32 gw 192.168.1.1If possible, share the internal selfip addresses here. (e.g. tmsh list net self)
Regards.
- TridipLenka_316
you mean gateway is selfip ? if yes while adding static route and giving gateway as self it..it does not accept. internal is my extended vlan
- cjunior
No, I didn't. I mean the gateway for the internal vlan that reaches the 10.20.20.4 network.
- TridipLenka_316
appreciate for your quick response and help!!! i was trying to add that vlan gateway for 10.20.20.4 since beginning it is not working now too.i dont see any connection/hit to this pool member. added the gateway for 10.20.30.4 --application is working but request only coming to this node.
- cjunior
Now, If monitor is running and it's OK, and a client request isn't work, you may need to do a SNAT or review the route back to BIG-IP. I think you can try to SNAT first. Have this option on iApp you used?