Forum Discussion
NimbostratusIP forwarding
Hi Group,
we are migrating from PA address space to our own PI address space. Cooperation partners using domains like this: my.company.partner.com which point to our main IP address i.e 1.1.1.1, because I do not own the domain I can't change the IP by my own. Now we are migrating from 1.1.1.1 to lets assume 2.2.2.2 located on another HA pair of BigIPs.
The URL have to be the same because our application use it to decide which content have to be delivered.
How can I redirect / forward traffic for domain my.company.partner.com which points to 1.1.1.1 on bigip pair 1 to 2.2.2.2 on bigip pair 2 without changing the URL?
Any help is appreciated.
Best
Frank
22 Replies
What_Lies_Bene1Cirrostratus
I'm not sure an iRule could be used to redirect the traffic as a HTTP redirect would by definition require a different FQDN. It's not a great solution but the only other thing I can think of is to configure a forwarding/performance Virtual Server and have the new Virtual Server (2.2.2.2) configured as the sole Member of a Pool attached to the old Virtual Server. Does that make sense?
It's not great but however you do it, there is an unwanted dependency on the old BIG-IP(s).
HamishCirrocumulus
You could... In advance, setup an A record in DNS that resolves to your old address. The get everyone who DOES own the domains to replace their A records with CNAMES.
Cutover then is as simple as changing the A record all the CNAMES resolve to.
Or do you still have a problem with even getting the partners to all update their DNS at any time?
H- nitass
Employee
can we just use "node" command pointing to 2.2.2.2? by the way, you will eventually change dns to 2.2.2.2, won't you?
e.g.[root@ve10:Active] config b virtual bar list virtual bar { snat automap destination 1.1.1.1:80 ip protocol 6 rules myrule } [root@ve10:Active] config b rule myrule list rule myrule { when CLIENT_ACCEPTED { node 2.2.2.2 } } 
frank_thyes_309Yes the DNS will be changed after a short transition phase. You suggested solution does unfortunately not work. The old lb pair with the PA adresses don't know the new address. I assume your solution works like a charme when den new address space is reachable through a directly attached vlan.
Best Frank
- nitassThe old lb pair with the PA adresses don't know the new address.
i thought 1.1.1.1 and 2.2.2.2 are public routable ip addresses (virtual server ip address).
- frank_thyes_309
Yes that's the point, we need an independent solution. Our partners are big with very long processes... you know what I mean?
Best
Frank
- frank_thyes_309
Thanks for you reply.
I'm afraid we are running into same problem as by the solution suggested from nitass. The old pair does not reach the new address through any directly attached vlan.
virtual fart {
destination 1.1.1.1:http
pool mypool
ip protocol tcp
}
pool mypool {
lb method observed
monitor all tcp_half_open
members {
2.2.2.2.2:80 {}
}
}
bigtop -n -once | grep 2.2.2.2.2
2.2.2.2.:80 11520 0 6 0 0 0 UP
$ curl -v my.partner.company.de
* About to connect() to my.partner.company.de port 80 (0)
* Trying 1.1.1.1... connected
> GET / HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: my.partner.company.de
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
If I connect directly to 2.2.2.2 the request succeed.Best Frank
- frank_thyes_309
They are.
- frank_thyes_309
They are, Maybe I'm doing it wrong.
virtual test {
destination 1.1.1.1:http
ip protocol 6
snat automap
rules myrule
}
rule myrule {
when CLIENT_ACCEPTED {
node 2.2.2.2:80
}
}From the BigIP with the old address space the new one is reachable.
ping -c 2.2.2.2
PING 2.2.2.2 (2.2.2.2) 56(84) bytes of data.
64 bytes from 2.2.2.2: icmp_seq=1 ttl=61 time=12.7 ms
--- 2.2.2.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 12.781/12.781/12.781/0.000 msChecking from a Host outside the network.
~$ curl -v test.abc.com
* About to connect() to test.abc.com port 80 (0)
* Trying 1.1.1.1... connected
> GET / HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: test.abc.com
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peerAny Ideas?
Best
Frank
- nitasscan you try this on the old bigip?
curl -v http://2.2.2.2 -H "Host: test.abc.com"
