Forum Discussion
Nick_68106
Nimbostratus
NimbostratusiRule to route traffic to different pool when pool members down in default pool
Greetings, We are running a transparent proxy in our environment and have decided that when the both proxy servers in our proxy server pool become unavailable we would like to route the traffic out th...
nitass
Employee
Employeei do not have transparent proxy in lab, so i have to enable translate address and service on virtual server. also, snat is required in my lab.
from my test, you will see when proxy_pool was down, bigip sent traffic to web server directly. the destination address (98.137.149.56) and port number (80) were not translated since forward command disabled them.
C:\>nslookup www.yahoo.com
Server: xxx.xxx.xxx
Address: 192.168.204.178
Non-authoritative answer:
Name: any-fp3-real.wa1.b.yahoo.com
Addresses: 72.30.2.43
98.137.149.56
Aliases: www.yahoo.com
fp3.wg1.b.yahoo.com
sg-fp3-lfb.wg1.b.yahoo.com
any-fp3-lfb.wa1.b.yahoo.com
[root@ve1023:Active] config b virtual bar list
virtual bar {
translate address enable
translate service enable
snat automap
pool proxy_pool
destination any:any
mask 0.0.0.0
ip protocol 6
rules myrule
profiles {
http {}
tcp {}
}
}
[root@ve1023:Active] config b pool proxy_pool list
pool proxy_pool {
members 192.168.12.105:3128 {}
}
[root@ve1023:Active] config b pool gateway_pool list
pool gateway_pool {
members 172.28.19.254:any {}
}
[root@ve1023:Active] config b rule myrule list
rule myrule {
when HTTP_REQUEST {
if {[string tolower [HTTP::host]] equals "www.google.com" or \
[active_members [LB::server pool]] < 1} {
forward
pool gateway_pool
}
}
}
curl -I http://www.yahoo.com/
[root@ve1023:Active] config tcpdump -nni 0.0 port 80 or port 3128
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
02:58:14.159318 IP 200.200.200.101.37253 > 72.30.2.43.80: S 2842128339:2842128339(0) win 5840
02:58:14.159349 IP 72.30.2.43.80 > 200.200.200.101.37253: S 1156550803:1156550803(0) ack 2842128340 win 4380
02:58:14.160283 IP 200.200.200.101.37253 > 72.30.2.43.80: . ack 1 win 46
02:58:14.160301 IP 200.200.200.101.37253 > 72.30.2.43.80: P 1:157(156) ack 1 win 46
02:58:14.160443 IP 172.28.19.80.37253 > 192.168.12.105.3128: S 668650010:668650010(0) win 4380
02:58:14.260381 IP 72.30.2.43.80 > 200.200.200.101.37253: . ack 157 win 4536
02:58:14.325384 IP 192.168.12.105.3128 > 172.28.19.80.37253: S 1758187351:1758187351(0) ack 668650011 win 5792
02:58:14.325401 IP 172.28.19.80.37253 > 192.168.12.105.3128: . ack 1 win 4380
02:58:14.325412 IP 172.28.19.80.37253 > 192.168.12.105.3128: P 1:157(156) ack 1 win 4380
02:58:14.491573 IP 192.168.12.105.3128 > 172.28.19.80.37253: . ack 157 win 5792
02:58:14.491592 IP 192.168.12.105.3128 > 172.28.19.80.37253: P 1:365(364) ack 157 win 5792
02:58:14.491617 IP 72.30.2.43.80 > 200.200.200.101.37253: P 1:365(364) ack 157 win 4536
02:58:14.491621 IP 192.168.12.105.3128 > 172.28.19.80.37253: F 365:365(0) ack 157 win 5792
02:58:14.491628 IP 172.28.19.80.37253 > 192.168.12.105.3128: . ack 366 win 4744
02:58:14.491631 IP 72.30.2.43.80 > 200.200.200.101.37253: F 365:365(0) ack 157 win 4536
02:58:14.492247 IP 200.200.200.101.37253 > 72.30.2.43.80: . ack 365 win 54
02:58:14.492255 IP 200.200.200.101.37253 > 72.30.2.43.80: F 157:157(0) ack 366 win 54
02:58:14.492262 IP 72.30.2.43.80 > 200.200.200.101.37253: . ack 158 win 4536
02:58:14.492266 IP 172.28.19.80.37253 > 192.168.12.105.3128: F 157:157(0) ack 366 win 4744
02:58:14.657271 IP 192.168.12.105.3128 > 172.28.19.80.37253: . ack 158 win 5792
[root@ve1023:Active] config b pool proxy_pool monitor all fake
[root@ve1023:Active] config b pool proxy_pool|grep -i pool\ member
+-> POOL MEMBER proxy_pool/192.168.12.105:3128 inactive,down
curl -I http://www.yahoo.com/
[root@ve1023:Active] config tcpdump -nni 0.0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
02:59:18.619344 IP 200.200.200.101.39373 > 98.137.149.56.80: S 1710494010:1710494010(0) win 5840
02:59:18.619379 IP 98.137.149.56.80 > 200.200.200.101.39373: S 1489332666:1489332666(0) ack 1710494011 win 4380
02:59:18.620321 IP 200.200.200.101.39373 > 98.137.149.56.80: . ack 1 win 46
02:59:18.620349 IP 200.200.200.101.39373 > 98.137.149.56.80: P 1:157(156) ack 1 win 46
02:59:18.620418 IP 172.28.19.80.39373 > 98.137.149.56.80: S 3312724555:3312724555(0) win 4380
02:59:18.720813 IP 98.137.149.56.80 > 200.200.200.101.39373: . ack 157 win 4536
02:59:18.800356 IP 98.137.149.56.80 > 172.28.19.80.39373: S 3513074640:3513074640(0) ack 3312724556 win 5792
02:59:18.800377 IP 172.28.19.80.39373 > 98.137.149.56.80: . ack 1 win 4380
02:59:18.800391 IP 172.28.19.80.39373 > 98.137.149.56.80: P 1:157(156) ack 1 win 4380
02:59:18.981489 IP 98.137.149.56.80 > 172.28.19.80.39373: . ack 157 win 27
02:59:19.011277 IP 98.137.149.56.80 > 172.28.19.80.39373: P 1:835(834) ack 157 win 27
02:59:19.011315 IP 98.137.149.56.80 > 200.200.200.101.39373: P 1:835(834) ack 157 win 4536
02:59:19.012420 IP 200.200.200.101.39373 > 98.137.149.56.80: . ack 835 win 59
02:59:19.012441 IP 200.200.200.101.39373 > 98.137.149.56.80: F 157:157(0) ack 835 win 59
02:59:19.012451 IP 98.137.149.56.80 > 200.200.200.101.39373: . ack 158 win 4536
02:59:19.012456 IP 172.28.19.80.39373 > 98.137.149.56.80: F 157:157(0) ack 835 win 5214
02:59:19.195404 IP 98.137.149.56.80 > 172.28.19.80.39373: F 835:835(0) ack 158 win 27
02:59:19.195434 IP 172.28.19.80.39373 > 98.137.149.56.80: . ack 836 win 5214
02:59:19.195441 IP 98.137.149.56.80 > 200.200.200.101.39373: F 835:835(0) ack 158 win 4536
02:59:19.196481 IP 200.200.200.101.39373 > 98.137.149.56.80: . ack 836 win 59
