Forum Discussion
uni
Altocumulus
AltocumulusConfirm design relying on auto_lasthop
Can someone confirm my proposed configuration will work as desired?
I have a need to configure the BigIP to load-balance http amongst a
cluster of proxy servers. Non-http traffic is forwarded straight out,
thus we are using a vlan group to create a layer 2 bridge. It is
important that the client IP is preserved all the way, both in the BigIP
and in the proxies.
Client----- Router1 --VLAN1-- BigIP --VLAN2-- Router2 ----- Internet
|
VLAN3
|
+-------------+-------------+
| | |
Proxy1 Proxy2 Proxy3
BigIP is a transparent bridge: VLAN1, VLAN2, VLAN3 are in a VLAN group.
non-port 80 traffic is forwarded from vlan1 to vlan2.
A virtual listening on vlan1, 0.0.0.0:80 load-balances to one of the proxies on vlan3 (no SNAT)
Proxy creates a new connection with original client IP and forwards to Router2.
Will auto_lasthop forward replies to the original proxy?
3 Replies
HamishCirrocumulus
If a connection table entry exists for the return traffic, then it should do. Not that I've ever played with bridge groups much (We stopped using them when dhcp broadcasts wouldn't pass through them a couple of years ago).
I think that the source port used by the proxy would have to be guaranteed to be different from the clients src port though. Otherwise the connection table entry would clash for the second connection between the proxy and the destination server...
H
uniOn re-reading the description of auto_lasthop, it looks like this only happens when the traffic is forwarded through a virtual. Thus, I think my example also needs a virtual server on vlan3, also listening on 0.0.0.0:80, with router 2 as the pool member.
Can someone verify my thinking here?- HamishIn order to ever forward any traffic you need a virtual. So the point about requiring one for auto-lasthop is moot.
BigIP is a proxy not a router, so you always need a virtual server to do anything (Ignoring the transparent bridging).
H
