Forum Discussion
belias21_8982
Nimbostratus
NimbostratusConnect to Virtual Server from different VLAN
OK, this one is probably simple, but way complicated to explain. Here are the relevant pieces. I was looking at somekind of VIP Bounceback solution, but not sure it applies.
-----------
| Router |
-----------
|
|
10.10.9.250 (Self-IP)
|
-----------
| LTM |
-----------
| \
| \
| \
10.10.11.250 \
10.10.14.250
VLAN9 - VLAN between LTM and router
VLAN11 - Web servers (10.10.11.[121-123] LTM Self-IP 10.10.11.250)
VLAN14 - App servers (10.10.14.[181-183] LTM Self-IP 10.10.14.250)
Servers behind LTM use that VLAN's Self-IP as gateway.
Virtual Servers:
10.10.9.200 --> Nodes are the web servers in VLAN11
10.10.9.181 --> Nodes are the app servers in VLAN14
Inbound traffic from the internet have no issues with connecting to either VS.
I need to be able to loadbalance traffic from Web (VLAN11) to App (VLAN14). If I try to connect to VS 10.10.9.181 (App VS) from the web servers, the connection fails. Is there an inherent issue with connecting to a VS on a different VLAN? All are directly connected, so I wouldn't see it as a routing issue. I thought it might be a VIP bounceback-like issue wherein the traffic was getting there and just not making it back, but a packet capture on the app servers does not show me ANY traffic related to my test queries coming from the web servers.
Hope this makes sense. I am stuck, and could really use some guidance.
Thanks in advance,
Brian
hoolioCirrostratus
Hi Brian,
If the 10.10.9.181 VS is enabled on the VLAN the client is on, it should work fine. Do you see stats incrementing on the VS? What about on the pool?
Can you enable SNAT (automap is a simple way to test) on the virtual server and retry? If that doesn't work, try capturing a tcpdump on LTM filtering on the client and server IP addresses:
tcpdump -ni 0.0 host CLIENT_IP or host SERVER_IP
If these are hosts are processing live traffic you may want to add more specific filters to the tcpdump to eliminate the live traffic from the trace.
If you need help capturing or analyzing the tcpdump, you can open a case with F5 Support.
Aaron- The_BhattmanHi Brian,
To add - do you any virtual forwarding server configured?
thanks,
CB 
belias21_8982OK, the 10.10.9.181 VS has all VLANs enabled on it. I checked and saw that the VS has incrementing stats, but the pool does not. The monitor on the node is green, so I know it is alive. I turned on SNAT AutoMap on the VS - didn't seem to make a difference. Also, to answer CB's question - I do not have any forwarding VS configured. Working on geting a tcpdump, but the environment isn't very accessible (long story).- The_BhattmanI think you need a VS configured for outbound requests. Try setting up a wildcard VS with ANY ports.
CB - hoolioAnother possibility is that port translation is disabled on the VIP and the VIP and pool members are defined on different ports.
Aaron
