Forum Discussion
hung_37471
Nimbostratus
NimbostratusHow to config PBR
hi all
can you help me , how to config PBR on the BIg Ip ?
on the web GUI , i can't see anywhere to config PBR
thanks all
nitass
Employee
Employeethe end client is not hitting the virtual address directly.
the virtual server address is not self ip, is it?
Sumanta_88744Cirrus
The virtual server is on floating VIP. Let me clarify a bit more. A sample packet coming from end client has Src Addr: 10.1.0.100/24 Src port: (>1024); Dst Addr: google.com Dst port: 80/443. This traffic needs to go to virtual server with floating IP 10.206.0.4 and load balanced to the real server pool. Other traffic, say Src Addr: 10.1.0.100/24 Src port: (>1024); Dst Addr: www.f5.com Dst port: SFTP needs to go directly to the ISP gateway. We need to do this routing in F5. Usually, for F5 advised set-up, we directly hit the virtual server address, but not here. User transparently goes to the Internet, not knowing an F5 is sitting in between LAN and ISP.- nitassis pool /Common/WHTTP cache server pool? if yes, you may create new virtual servers on port 80 and port 443 (i.e. 0.0.0.0/0:80 and 0.0.0.0/0:443) and use /Common/WHTTP as a pool.
- Sumanta_88744yes Nitaas, WHTTP is a pool of proxy cache servers. How do I post diagram here?
- nitassyou can post image by clicking at insert image icon. by the way, are virtual servers on port 80 and port 443 usable?
- Sumanta_88744Hi Nitass, I could not understand your last point. Create new virtual servers on port 80 and port 443. Why will the address be 0.0.0.0/0:80 and not VIP 10.206.0.4:80? Will 0.0.0.0/0:80 be able to fwd traffic to real pool servers?
- Sumanta_88744Hi Nitass, I think I am getting what you say. I will create the below to intercept port 80/443 traffic (directed to Internet IP, subset of 0.0.0.0/0) and send rest to ISP next hop. Pls correct me if I am wrong. And do we need address/port translation in this case? How will I do the default next hop to ISP? See below config:- ltm virtual /Common/WHTTP_vs { description "WHTTP virtual server" destination /Common/0.0.0.0:80 ip-protocol tcp mask 0.0.0.0 persist { /Common/Persistence-1 { default yes } } pool /Common/WHTTP profiles { /Common/fastL4 { } } source 10.1.0.0/24 translate-address enabled translate-port enabled vlans { /Common/external_vlan } vlans-enabled } ltm virtual /Common/WHTTPs_vs { description "WHTTPs virtual server" destination /Common/0.0.0.0:443 ip-protocol tcp mask 0.0.0.0 persist { /Common/Persistence-1 { default yes } } pool /Common/WHTTP profiles { /Common/fastL4 { } } source 10.1.0.0/24 translate-address enabled translate-port enabled vlans { /Common/external_vlan } vlans-enabled } ltm virtual /Common/forward-to-Internet_vs { description "Outbound traffic to Internet" destination /Common/0.0.0.0:0 ip-forward ip-protocol tcp mask any profiles { /Common/IP-Gateway { } } source 0.0.0.0/0 translate-address disabled translate-port disabled vlans { /Common/internal_vlan } vlans-enabled } ltm virtual /Common/Internet_vs { description "Default traffic to Internet" destination /Common/0.0.0.0:0 ip-forward ip-protocol tcp mask any profiles { /Common/IP-Gateway { } } source 0.0.0.0/0 translate-address disabled translate-port disabled vlans { /Common/external_vlan } vlans-enabled }
- nitassplease take a look Stephan's answer
