Forum Discussion
nacejj_65488
Nimbostratus
NimbostratusHeader Rewrite & Port Translation Issues (Oracle App Servers)
I am currently load balancing a 10.2.1 LTM to two legacy Oracle applications (Tru64 Alpha Server) The applications need to be accessed on port 8895. Everything in my config is on the same subnet besides our mgt port. I am trying to access the application via http://VS_Domain:8895/oracle/directory.
I know its load balancing correctly because I am able to access http://VS_domain and the apache web server page pops up. I am also able to access each node individually through the network through the F5 and completely access the application (F5 acting as a switch instead of load balancing)http://Node_domain:8895/oracle/directory.
The Oracle App Servers don't seem to answer to IP addresses so I implemented this iRule and the corresponding data strings. http://devcentral.f5.com/wiki/iRules.rewrite_host_header_to_server_name.ashx
ipaddress := http://Node_Domain:8895/Oracle/Directory. I thought this would also solve the port issues because its right there in the new rewritten header pulled from the data string. (40 executions no failures).
Like I said the application is fully functional when just trying to access one of the nodes hostnames but it is using the F5 as a switch instead of load balancing.
PS. The IP address of our virtual server is added to our DNS records, the VS is set to all ports, and the pool is set to all ports.
Let me know if you have any ideas.
19 Replies
Michael_YatesHi nacejj,
If you have your application behind the BIG-IP then why are you not using the Port Translation Feature that is enabled by Default.
If you configure the Virtual Server to listen on Port 80, and configure the Server in the pool to be 10.10.10.10:8895, then the BIG-IP will translate the communication from 80 to 8895 (less to worry about).
Depending on how your application is configured it might be trying to talk to itself (since you said that the Virtual Server owns the DNS Entry). You should try enabling SNAT Automap and see if your application begins to behave properly. If it does then you have several options.
1. Leave SNAT Automap Enabled.
2. Configure a SNAT iRule to compensate for your application functionality.
Hope this helps.
nacejj_65488I have always had SNAT & port translation enabled.
I changed the pool to listen on port 8895 instead of all ports but no results.
This is what I found in my debug log produced by my header rewrite iRule (http://devcentral.f5.com/wiki/iRules.rewrite_host_header_to_server_name.ashx)
/var/log/ltm
Oct 19 15:03:53 local/tmm1 info tmm1[5055]: Rule VS_iRule : **CLIENT_IP_ADDRESS**:59366: New GET request to VS:8895/oa/US/tqanca.html
Oct 19 15:03:53 local/tmm1 info tmm1[5055]: Rule VS_iRule : **CLIENT_IP_ADDRESS**:59366: Looked up NODE_IP_ADDRESS, found: .
Scrubbed NODE_IP_ADDRESS & CLIENT_IP_ADDRESS
I wanted it to rewrite somethign like http://NODE_HOSTNAME:8895/oa/US/tqanca.html not just a period at the end...
It doesn't seem to grab what i had placed in my data string.
What type of SNAT iRule do you suggest?- Michael_YatesCan you post the iRule that you are currently using so that we can take a look at it?
- nitass
Employee
just wondering whether it helps if you map Node_Domain to virtual server address in PC hosts file. - nacejj_65488Here's the header rewrite iRule I got from http://devcentral.f5.com/wiki/iRules.rewrite_host_header_to_server_name.ashx
NOTE: This iRule was tested on a previous version and I current am on 10.2.1when HTTP_REQUEST_SEND { set host_debug 1 clientside { if {$host_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: New [HTTP::method] request to [HTTP::host][HTTP::uri]"} set host_header_value [findclass [LB::server addr] ip_to_host_class " "] if {$host_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Looked up [LB::server addr], found: $host_header_value."} if {$host_header_value ne ""}{ HTTP::header replace Host $host_header_value if {$host_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Replaced Host header with $host_header_value."} } } }
nitass I had already added it to the PC host file. - nitassnitass I had already added it to the PC host file.is it possible to remove the header rewrite irule and use only PC local hosts file? so, when accessing virtual, url will be http://Node_Domain:8895/oracle/directory.
if it still does not help, i think packet capture may be a good way to go.
cheer! - nacejj_65488I just tried what you suggested and still coming up with the same HTTP 400 bad request error.
I used wireshark to see that its tryin to address the node on the right port (which it is), but what else should I be looking for within those packet captures within wireshark?
Source: Destination: Protocol: Length: Info:
CLIENT_IP_ADDRESS VS_IP_ADDRESS TCP 60 58805 > 8895 [FIN, ACK] Seq=1 Ack=1 Win=4284 Len=0
VS_IP_ADDRESS CLIENT_IP_ADDRESS TCP54 8895 > 58805 [ACK] Seq=1 Ack=2 Win=4817 Len=0
INTERNAL_VLAN NODE_IP_ADDRESS TCP54 58805 > 8895 [FIN, ACK] Seq=1 Ack=1 Win=4764 Len=0
NODE_IP_ADDRESS INTERNAL_VLAN TCP60 8895 > 58805 [ACK] Seq=1 Ack=2 Win=62780 Len=0 - nitasstcpdump would contain 2 side of connections; one is between client and f5 (client-side) and the other one is between f5 and server (server-side). you may filter syn packet first by using tcp.flags.syn eq 1. then, you may follow tcp stream to check what client sends in client-side connection, does f5 send it to server in server-side, what is respond from server in server-side, etc.
since 8895 is not default http port, you have to tell wireshark to decode port 8895 as http by right clicking at any packet, select decode as and choose port 8895 as http.
cheer! - nacejj_65488My tcpdumps have been solid with the port translaiton and IP Scheme. Client to VS - Internal VLAN to Node - Node to Internal VLAN - VS to Client. Source and destination ports are looking good too. 8895 on the Node.
The only thing that doesn't look right is when I bring up the tcpdump in wireshark the TCP connection isn't green like it normally is, it's grey. - nacejj_65488I removed my iRule and the tcpdump looks the same.
