Forum Discussion
Richie_77270
Nimbostratus
NimbostratusHHTP Requests not getting through
I have a new LTM 1600 that I've got all setup.
I've got an external and internal VLAN setup with self IPs, etc, etc.
I can ping everything just fine.
I setup a virtual server, created a pool, assigned the default IIS profile and tried to start testing when I ran into trouble.
For some reason requests are getting reset when sent through the F5. When I test straight to individual server members through a separate host header in IIS requests are just fine.
I ran a wireshark capture on the server and noticed that when it comes through the load balancer I do not see the actual http content within the packet as compared to when it succeeds individually where everything is normal.
Is there something I'm missing here that I'm not doing right? Is there something specific for IIS that I need to do?
Any help is appreciated.
6 Replies
hoolioCirrostratus
Is the web server default gateway set to the LTM's self IP on the server's VLAN? If not, you'll need to enable SNAT on the VIP to ensure the server response comes back through LTM instead of the gateway. SNAT automap on the VIP is the simplest option to test with to start.
Aaron
Richie_77270Your right, the default gateway for the servers is not the LTM. I can make it the LTM, that's not a problem, since this vlan is dedicated to the server nodes. However, when I do that, I lose all connection to my other vlans which my servers need to be able to go to so they can access database servers, etc.
I've got the default route on the LTM to point to the external vlan's default gateway which is where my other vlans are routed off of. Am I missing something on how the route is working through the LTM?
Thanks- hoolioIf you don't need to see the client IP as the source of the load balanced packets to the servers, you could enable SNAT automap on the VIP. This will ensure the servers respond back to LTM for the VIP traffic but allow you to keep the default gateway on the servers set to the other router. For HTTP/S traffic, you can enable X-Forwarded-For insertion on a custom HTTP profile. This allows LTM to pass the original client IP in a custom HTTP header in requests to the pool members.
If you did want to have LTM act as the default route for the servers, you could configure forwarding VIPs enabled only on the server VLAN to allow LTM to route the non-load balanced traffic from the servers. If you want details on this option, let us know.
Aaron - Richie_77270For various tracking reasons we need the IP logged with the web servers to be the client IP address. So could you please explain to me how these forwarding VIPs work to route non-load balanced traffic from the servers.
Thank you. - Richie_77270I found what I needed to do. I setup a forwarding VIP for 0.0.0.0 0.0.0.0 Service Port 0 and it worked. However, I'm still having a problem with external requests coming through. Requests that come from a LAN Client work just fine but when I try to have it come through from the internet it doesn't go through. I did a packet capture on my firewall and it showed the packets passing through the firewall towards the load balancer but no response packets.
Any help is appreciated. Thanks - hoolioI'd suggest you only enable the forwarding VIP on the servers' VLAN. Else, you're basically opening LTM up to be a hub with the forwarding VIP.
Are you having issues with traffic to the main VIP you're using to load balance the IIS servers? If so, can you run a tcpdump on LTM checking on the client and serverside VLANs to see if the response comes back to LTM and LTM sends the response back to the external client? You can use a command like this to filter for the client and server addresses on all switch ports:
tcpdump -ni 0.0 -s0 "host CLIENT_IP and (host VIP_IP or host SERVER_IP_1 or host SERVER_IP_2)"
Also, as long as you have auto lasthop enabled (which it is by default), LTM should send the response back to the same MAC address/VLAN as the request was received from.
Aaron
