Forum Discussion

VinceBlack's avatar
VinceBlack
Icon for Altocumulus rankAltocumulus
Feb 19, 2023

Help with Local Traffic Policy with streaming app. and basic understanding.

This is a homelab to have a better understanding of F5 BIG-IP and appercaite any help.

For testing purpose I have setup a PLEX server for streaming service and will be setting up a Horizon View UAGs. I only have one public IP address and thanks to others I have setup a external VIP using a local traffic policy.  I am running into couple issues with the policy. I have been doing a lot of reading but still missing something. I created a local traffic policy that matches "HTTP Host to abc.domain.com" that points to a virtual server for PLEX. If the VS is set to use the policy PLEX works via the web interface and the macOS apps works however using PLEX iOS/iPadOS app fails. It does not connect back. I have changed "forward traffic to pool and node" and still same problem.  If I change the resourse setting to use "default pool" to the PLEX pool and remove the policy.  The app works.  I have done a tcpdump on F5 as well proxy capture of an iOS device and cipher suite are correct. I have looked at the ltm log but not seeing any errors.  I have made multiple changes with SSL Profile on client/server but no luck.  Any suggestions what would cause the app not to work using policy but works when default pool is set? What other troubleshooting should I look at?

 

  • Hey, Paulius, thank you again for the tcpdump switches.  That helped me find the reset message.  I started looking into how to debug this more, which has been a great learning experience.  I noticed in the log that when trying from the mobile device, the HTTP_Request for the Host has :443, but accessing from a web GUI or macOS app, it did not.  Both policy and iRule had equal to abc.domain.com.  I updated the iRule and policy to include or and now it works.  See below for iRule.  I like the policy features, but it was great to work with iRules too.  

    if { [HTTP::host] equals "abc.domain.com" or [HTTP::host] equals "abc.domain.com:443" }

  • VinceBlack Can you provide the configuration of the virtual server when it isn't working for everything excep the web interface? My guess is that the mobile device version of the app isn't sending something that your traffic policy is missing. You might consider running the following tcpdump to see if you can catch anything when you connect from one of the mobile devices. If you had this in an iRule instead you could log the event when it is hit and then you could have a catchall action and log that as well to see if you notice any differences in them.

    tcpdump -nni 0.0:nnp host <mobile_device_client_IP>
    • VinceBlack's avatar
      VinceBlack
      Icon for Altocumulus rankAltocumulus

      Hey Paulius

      After running the tcpdump switches,  I see that the F5 sent a reset with the message "No server selected." I'll look into creating an iRule as well. Also, I'm going to research this error.

      • VinceBlack's avatar
        VinceBlack
        Icon for Altocumulus rankAltocumulus

        According to F5 docs.  "Couldn't open a connection to a pool member. This is typically the result of an iRule, Policy, or configuration that prevents the BIG-IP from choosing a pool member." I'll keep poking around and see why this happening.