How to access the real server(node)?pls help me

yeah,you are right.it's a flat subnet,but the default route of the server 10.18.3.1 and 10.18.3.2 is the ip address of the f5 bigip,and the route of the bigip is the next route address ,so all the traffic to the server will be going via the f5 device.

 

Now the problem is that the server 10.18.3.1 and 10.18.3.2 both can access outside network and the test laptop computer can access the vip service on f5 bigpip ,but the test laptop computer can not access the any services of the server 10.18.3.1.

 

 

As you said,i use the tcpdump,when i initiate a connect to server 10.18.3.1,on the test computer ,i dumped the network packets,and i find out that there was just SYN packet to server 10.18.3.1, but no ACK response packet. On the server(10.18.3.1)side ,the packet shows that the server(10.18.3.1) responsed the SYN request of the test computer with ACK+SYN,but got a RST response packet of the test computer meantime,but the test computer definitely did not response the RST packet. That is why i am curious. I think that the f5 bigip device captured the responding packet from the server to test computer and response a RST packet to server with the ip of the test computer(10.18.2.25).

 

 

So i want know how to config the f5 bigip device so that the packet can pass through the f5 bigip to the test computer correctly.

 

Finally ,thank you very much for your help ,and i hope you can give me some more suggestion in this condition. I vary appreciate you help . Thank you very much again.

 

 

 

 

Guessing that the first packet (Syn) goes directly from the router to the real server, but the real server is sending the response back via the f5. The F5 has never heard of it and resets the connection.

 

 

Routing via the F5 would need static routes on the router, but its all a very big mess trying to do it that way and doesn't really follow network design principles. I'd say the servers should either be in their own subnet, or the traffic should be going via the router.

 

 

Have a look at the F5 training for suggested deployment scenarios

Thank you very much, I get your means.

 

Thanks again.

Is there a static on the the real server that points to 10.18.3.62 as the next hop to get to 10.18.2.x network?

 

 

 

Bhattman

there is a static route on the real server that points to f5 device ip ,and there is also a static route on f5 device points to 10.18.3.62.

 

if the static route onthe real server point to 10.18.3.62 ,then there will be a problem about virtual server,test computer can not access the vip ,cause of the flat subnet.

 

Steve Scott is right about the whole thing.but i hope that there will be a configuration about f5 device which can route the packet from real server to test computer even the packet not via the f5 bigip while incoming.

I suppose another way to approach this is to use Policy Based Routing. Where you point the server towards the router and the router performs a "next-hop" based on the certain routing conditions.

 

 

Bhattman

If this network is indeed flat you shouldn't need to add a route as they're all able to see each other at layer 2. I'd double check the VMWare setup: on mine, .1 is 'reserved' and in use by the vmware networking setup. It's been so long that I can't remember if this is a stock setup or not (someone please correct me here if I am wrong).

 

 

Do you have a firewall running on this system, by chance?

 

 

-Matt