Forum Discussion
NimbostratusConfigure load balance for web application and mobile application
Hi I have a client that have in the same server and in the same port working web application and mobile application and using the same certificate
backend web server: 172.x.x.10: 443 mobile application: 172.x.x.10: 443 vs: 10.x.x.10
When use tcp_lan_optimized in tcp client profile all work fine for web application but mobile application not work, if I change the profile for tcp_mobile_optimized the mobile application work fine but the web application not work.
Which considerations I need to have, or which changes I need to do to solve the problem
Regards
RaghavendraSY_7Cumulonimbus
You are using same virtual server for both web and mobile applications? Is this possible to create seperate services (diferrent port) on backend servers for mobile and web applications.
- RaghavendraSY_7
Can you please provide your virtual server configurations.
RaghavendraSYAltostratus
You are using same virtual server for both web and mobile applications? Is this possible to create seperate services (diferrent port) on backend servers for mobile and web applications.
- RaghavendraSY
Can you please provide your virtual server configurations.
Ricardo_Raza_14Hi, the client said that is not possible tho change anything in their configuration.
The configuration of vs is
ltm virtual /Common/vs_prod_xxx { destination /Common/10.x.x.10:443 disabled ip-protocol tcp mask 255.255.255.255 pool /Common/pool_xxxx_produccion profiles { /Common/cliente_ssl_xxx_prod { context clientside } /Common/http_xxx { } /Common/server_ssl_xxx_prod { context serverside } /Common/tcp-lan-optimized-xxx { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled}
________________________________________________________________________________ Pools ________________________________________________________________________________ltm pool /Common/pool_xxx_produccion { members { /Common/nodo_xxx_prod10:0 { address 172.x.x.10 } /Common/nodo_xxx_prod11:0 { address 172.x.x.11 } /Common/nodo_xxx_prod12:0 { address 172.x.x.12 } /Common/nodo_xxx_prod5:0 { address 172.x.x.5 } /Common/nodo_x.x_prod6:0 { address 172.x.x.6 } /Common/nodo_xxx_prod7:0 { address 172.x.x.7 } /Common/nodo_xxx_prod8:0 { address 172.x.x.8 } /Common/nodo_xxx_prod9:0 { address 172.x.x.9 } } monitor /Common/gateway_icmp}
________________________________________________________________________________ Profiles ________________________________________________________________________________ltm profile client-ssl /Common/cliente_ssl_xxx_prod { alert-timeout indefinite allow-dynamic-record-sizing disabled allow-non-ssl disabled app-service none cache-size 262144 cache-timeout 3600 cert /Common/xxx_prod.crt cert-key-chain { xxx_prod { cert /Common/xxx_prod.crt key /Common/xxx_prod.key } } chain none cipher-group none ciphers DEFAULT defaults-from /Common/clientssl generic-alert enabled handshake-timeout 10 inherit-certkeychain false key /Common/xxx_prod.key max-active-handshakes indefinite max-aggregate-renegotiation-per-minute indefinite max-renegotiations-per-minute 5 maximum-record-size 16384 mod-ssl-methods disabled mode enabled notify-cert-status-to-virtual-server disabled ocsp-stapling disabled options { dont-insert-empty-fragments } passphrase none peer-no-renegotiate-timeout 10 proxy-ssl disabled proxy-ssl-passthrough disabled renegotiate-max-record-delay indefinite renegotiate-period indefinite renegotiate-size indefinite renegotiation enabled secure-renegotiation require server-name none session-mirroring disabled session-ticket disabled session-ticket-timeout 0 sni-default false sni-require false ssl-sign-hash any strict-resume disabled unclean-shutdown enabled}
ltm profile http /Common/http_xxx { accept-xff disabled app-service none basic-auth-realm none defaults-from /Common/http encrypt-cookies none enforcement { max-header-count 128 max-header-size 327680 max-requests 0 } header-erase none header-insert none insert-xforwarded-for disabled lws-separator none lws-width 80 oneconnect-transformations enabled proxy-type reverse redirect-rewrite none request-chunking preserve response-chunking selective response-headers-permitted none server-agent-name BigIP sflow { poll-interval-global no sampling-rate-global no } via-request preserve via-response preserve xff-alternative-names none}
ltm profile server-ssl /Common/server_ssl_xxx_prod { alert-timeout indefinite app-service none bypass-on-client-cert-fail disabled bypass-on-handshake-alert disabled cache-size 262144 cache-timeout 3600 cert /Common/xxx_prod.crt chain none cipher-group none ciphers DEFAULT defaults-from /Common/serverssl generic-alert enabled handshake-timeout 10 key /Common/xxx_prod.key max-active-handshakes indefinite mod-ssl-methods disabled mode enabled options { dont-insert-empty-fragments } proxy-ssl disabled proxy-ssl-passthrough disabled renegotiate-period indefinite renegotiate-size indefinite renegotiation enabled secure-renegotiation require-strict server-name none session-mirroring disabled session-ticket disabled sni-default false sni-require false ssl-forward-proxy disabled ssl-forward-proxy-bypass disabled ssl-sign-hash any strict-resume disabled unclean-shutdown enabled}
ltm profile tcp /Common/tcp-lan-optimized-xxx { app-service none close-wait-timeout 30 defaults-from /Common/tcp-lan-optimized fin-wait-2-timeout 300 fin-wait-timeout 30 idle-timeout 300 keep-alive-interval 1800 minimum-rto 1000 reset-on-timeout disabled time-wait-recycle enabled time-wait-timeout 5000 zero-window-timeout 50000}
- RaghavendraSY
both applications are working fine with default tcp profile?
- Ricardo_Raza_14
Hi, no both applications not working with default tcp.
- RaghavendraSY
Can you please provide working packet capture and non working packet captures.Mean time you can open a ticket with F5 vendor too.