Forum Discussion
schulerb_82266
Nimbostratus
NimbostratusForwarding Virtual Server not working
I am attempting to have hosts on the internal vlan connect to hosts on the other side of the F5.
------
65.x.x.x untrust
11.1.1.1 trust
11.1.1.20 self-ip of external
10.1.1.20 self-ip of internal
10.1.1.130 server
------
The BigIp has a default gateway to 11.1.1.1. The web-server (10.1.1.130) has the gateway as 10.1.1.20.
I have a vip on the F5 (10.1.1.25) that hits 10.1.1.130:80.
Everything seems to work ok. A host at 11.1.1.99 can hit 11.1.1.20 and 10.1.1.25 ok.
The F5 can see 11.1.1.1 and beyond (internet) and 10.1.1.130 and the vip 10.1.1.25.
The web-server can get to 10.1.1.20, but not beyond.
I have created a forwarding virtual server on the F5.
virtual forward-all {
ip forward
destination any:any
mask none
}
But, no luck. After looking at a load of these posts, I think I am on the right track, but am missing something obvious.
Any gotchas that I am missing?
Ben
schulerb_82266I should have mentioned that this is a LTM-1500, running 9.x.
kykong_107132Hi Ben,
can you try to create a gateway_pool with F5 gateway as the pool member, associate this pool to a wildcard_VS. the wildcard_VS should use Performance Layer 4 and select All protocols.
pool gw_pool {
members 11.1.1.1:any
}
virtual wildcard_vs {
pool gw_pool
destination any:any
mask none
}
if still not working, you can try to use tcpdump to capture both vlan traffic.
regards,
KY- schulerb_82266Thanks for the reply KYY. I've implemented your suggestion. Unfortunately, I am in the same spot.
From the bigip.conf:
route default inet {
gateway 11.1.1.1
}
pool gw_pool {
member 11.1.1.1:any
}
virtual ip_forward {
destination any:any
pool gw_pool
mask none
}
On the F5, I ran 'tcpdump -n -i 0.0 tcp port 8093'.
From 10.1.1.130 with its gateway of 10.1.1.20, I ran to a known working IP -- 'telnet 12.162.xx.xxxx 8093'.
The F5 captured:
17:49:19.399399 802.1Q vlan4094 P0 10.1.1.130.36542 > 12.162.xx.xxxx.8093: S 168
875122:168875122(0) win 5840 2> (DF) [tos 0x10]
17:49:19.399468 802.1Q vlan4093 P0 10.1.1.130.36542 > 12.162.xx.xxxx.8093: S 168
875122:168875122(0) win 5840 2> (DF)
17:49:22.399520 802.1Q vlan4094 P0 10.1.1.130.36542 > 12.162.xx.xxxx.8093: S 168
875122:168875122(0) win 5840 2> (DF) [tos 0x10]
17:49:22.399546 802.1Q vlan4093 P0 10.1.1.130.36542 > 12.162.xx.xxxx.8093: S 168
875122:168875122(0) win 5840 2> (DF)
17:49:27.062530 802.1Q vlan4094 P0 12.162.xx.xxxx.8093 > 10.1.1.130.36542: R 0:0
(0) ack 168875123 win 0 (DF)
4093 is the external vlan and 4094 is the internal.
If I am reading this correctly, the .130 hosts connects to the internal vlan, which connects to the external, but then nothing more.
From the F5, I am able to run the telnet command successfully. I don't think it is routing, but I am in need of a clue as to what to look at next.
This is the same results I got with my original configuration attempt.
Ben - schulerb_82266
I think I have a switch issue (between the web-server and the F5). On the web-server, I explicitly set the interface to 100/full/autoneg off and things started working.
I don't get it.
Ben