Forum Discussion

Alvaro_3931's avatar
Alvaro_3931
Icon for Nimbostratus rankNimbostratus
Nov 29, 2007

Create a pool with port forwarding

Hi,

 

 

I have the following scenario:

 

We have developed a service running in jboss which is running in a backend server behind the f5. A virtual server (ui.service.com) forwards the request made to port 80 to the backend host at port 8080. Until here is a easy virtual server setup.

 

 

Morover the jboss is listening to 3 ports say 2001, 2002 and 2003 that needs to be contacted by a client. I would like that the client uses the same front end address (ui.service.com) with the port 2001 and the jboss forward the port to the backend host.

 

 

Right now I have just 1 host in the service pool, but I would like to have 2. But one of them woul d be inactive. In case of something goes bad we can manually switch to the other host (both servers can not be running at the same time because of database access problems)

 

 

how can I configure the F5 to forward the ports?

 

idea (a) is to create a virtual server for each port I want to forward, but I don't like it. I now already how to do this. But, actually I would like to implement idea (b), in which I configure the virtual server to listen all ports and the poll to listen serve all ports as well. But I would need to create some iRule to drop the packets that do not go to ports 2001,2002 or 2003

 

 

1) What would be the best approach to solve this problem?

 

2) In case that idea (b) is possible, what is the statement in iRules to drop a packet/connection?

 

 

Thanks in advance for your help

 

 

Alvaro
config
design

2 Replies

  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Nov 29, 2007
    Honestly, it sounds to me as though the best approach would be to create individual VIPs to listen to the three ports you actually want to pass traffic on, since it would be additional overhead to block/drop everything else manually.

    This could certainly be done, though, so option B is definitely possible. The statement you'd want in your iRule would be something like:

    
when HTTP_REQUEST {
  switch [TCP::local_port] {
    2001 -
    2002 -
    2003 { pool jbossPool }
    default { discard }
  }
}

    This would look for anything that comes in destined to port 2001, 2001 or 2003 and send them along to a pool, in this example named jbossPool, and discard everything else.

    HTH,

    Colin
  • Alvaro_3931's avatar
    Alvaro_3931
    Icon for Nimbostratus rankNimbostratus
    Nov 30, 2007
    Thanks Colin for your answer.

     

     

    Do you mean b VIP using Virtual IP. That would mean one virtual server for every port I want to serve?

     

    I understood that and implemented it because you said it will give less overload to the F5. Did I understand right?

     

     

    Thanks,

     

     

     

    Alvaro