Forum Discussion
NimbostratusF5 VIP forward to backend on certain ports
Hey everyone,
I'm looking to accomplish something, but not sure how yet. I've got two virtual servers that are configured for the same IP address, but different ports. I'm proxying these connections through the F5 as usual using the standard layer 7 virtual server. However, I would like to configure it to where users connecting to this IP address on another port do not get proxied. I would prefer the F5 to just forward traffic coming in on this port to the backend servers.
I'm looking at the virtual server types and I see the option for Forwarding (IP), but it doesn't seem to allow me to specify the virtual server AND the backend node to forward it to. Instead it just gives me the standard Destination IP but no pool (as expected). I still would have figured this would require a backend destination to forward to though.
Am I going about this the wrong way? Is what I'm attempting possible?
14 Replies
Yann_Desmarest_Nacreous
Hi,
I think Forwarding IP is not a good option, You can write an irule to disable HTTP and/or SSL proxying :
when CLIENT_ACCEPTED { if { [IP::client_addr] eq "x.x.x.x" } { SSL::disable HTTP::disable node y.y.y.y 80 } }- Yann_Desmarest_and you apply this irule on a standard VS
- Yann_Desmarest_You can also disable other events if required
SysTopherHi Yann, I'm looking to do this for ports other than SSL and HTTP. The two virtual servers I have are for the same IP, but for ports 80 and 8083. So users can connect to this one IP address on ports 80 or 8083, but I want users who connect to this IP address on port 8080 to be forwarded to a different IP address. Any way you can think of to accomplish this?
Yann_DesmarestCirrus
Hi,
I think Forwarding IP is not a good option, You can write an irule to disable HTTP and/or SSL proxying :
when CLIENT_ACCEPTED { if { [IP::client_addr] eq "x.x.x.x" } { SSL::disable HTTP::disable node y.y.y.y 80 } }- Yann_Desmarestand you apply this irule on a standard VS
- Yann_DesmarestYou can also disable other events if required
- SysTopherHi Yann, I'm looking to do this for ports other than SSL and HTTP. The two virtual servers I have are for the same IP, but for ports 80 and 8083. So users can connect to this one IP address on ports 80 or 8083, but I want users who connect to this IP address on port 8080 to be forwarded to a different IP address. Any way you can think of to accomplish this?
- Yann_Desmarest_
You can also use a datagroup instead of just a static ip addr :
when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals NOT_PROXYIED_CLIENT] } { SSL::disable HTTP::disable node y.y.y.y 80 } }
Vijay_EI haven't read the complete requirements but to add to Yann's previous iRule, I would recommend using a separate pool with the right member in it instead of the node command as it can break persistence, if required and I have seen it cause issues when migrating between code versions.
- Yann_Desmarest
You can also use a datagroup instead of just a static ip addr :
when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals NOT_PROXYIED_CLIENT] } { SSL::disable HTTP::disable node y.y.y.y 80 } }- Vijay_EI haven't read the complete requirements but to add to Yann's previous iRule, I would recommend using a separate pool with the right member in it instead of the node command as it can break persistence, if required and I have seen it cause issues when migrating between code versions.
