How does F5 virtual server forwards request based on LTM policies to another virtual server
- I just wanted to know how the forwarded virtual server (the request forwarded by one VS to another VS using either iRule or LTM policies) works in the context of a TCP in f5 big-ip?
- And on the last forwarded virtual server where the requests are destinated, why don't we need to specify the exact service port of the node on the virtual server service port?
This is the configuration of the virtual server:
Used LTM Policies:
The actual client IP - 10.250.250.6
Destinated Virtual Server: 192.168.180.129:80 (VS-LINUX-HTTP)
Forwared to virtual server - 192.168.180.129:8080 (VS-LINUX-HTTP-8080)
Node IP: 192.168.180.226:3000
When the user with IP address 10.250.250.6 destinated to virtual server with IP address 192.168.180.129 listening on port 80, based on the attached LTM policies, all the requests are directed to a virtual server with IP address 192.168.180.129 listening on port 8080. However, the service port listening on node is 3000 on the virtual server - 192.168.180.129:8080
With the packet captured in F5 BIG-IP, there are two SYN packets flagged as IN and OUT from the same source IP: 10.250.250.6, one for the port 80 and the other for the port 8080.
Outgoing SYN: SYN packet initiated by a device (usually a client) to establish a connection with another device (usually a server).
Incoming SYN: SYN packet received by a device (usually a server) from another device (usually a client) attempting to establish a connection.
As per my understanding, on the basis of the wireshark illustration, the client 10.250.250.6 initiated a second TCP connection with the forwarded virtual server 192.168.180.129:8080, right?
I also checked the active connection on the f5 big-ip and correlated it with the packet capture. The f5 big-ip didn't displayed the forwarded virtual server (192.168.180.129:8080) connection as the virtual server address and port only the initial virtual server - 192.168.180.129:80 was displayed.
Regarding the forwarded virtual server 192.168.180.129:8080, we don't necessarily need to configure the actual service port of the node (192.168.180.226:3000) on the virtual server until and unless the actual service port pool is attached to the destinated virtual server, since all the requests will be forwarded to the destinated virtual server.
So I want to know exactly how the forwarded virtual server works in context of a TCP in f5 big-ip? Does it complete its initial TCP handshake with the first destinated virtual server, and based on iRUle or LTM policies, a second TCP connection is initiated with the forwarded virtual server?