Forum Discussion
breddy_11660
Nimbostratus
Nimbostratusirules with internal and external IP address pools
We have a pair of BIP-IP 3600, running 10.2.2, in datacenter (dca) performing
load balancing for a 6 node web farm.
In datacenter (dcb), we have a stand alone static virtualhost that we need to
redirect some but not all traffic for a website hosted in on the 6 node farm in (dca).
The question is:
Is it feasible to create an external IP address pool, that includes the IP addresses
for the web server(s) in (dcb), as part of a working set of iRules for the web farm
in (dca) that appropriately redirects website traffic between the two datacenters ?
naladar_65658Altostratus
I don't see why that would be a problem at all. I do that with external servers that we do not host. I have an iRule that sends some traffic to our servers, other traffic to their servers and I just run basic HTTP monitors to make sure their servers are up.
breddy_11660It seems a simple thing, but our current data center operations are advising that it's impossible.
We are understandably skeptical of that answer.- breddy_11660Unfortunately we need to demonstrate to the datacenter (dca) a proven method for splitting internal
and external redirection from a sample set of pools, and iRules.
There is some complexity currently splitting the website in question between CMS web farm, and a busy
transactional web farm. That configuration currently has both web farms on internal, but separate VLANs.
The difference in the proposed case is that the CMS portion will be hosted externally to the transactional
environment.
We currently have pool-1 (172.28.14.x) which is the VLAN the 6 node transactional farm resides on.
We have pool-2 (172.28.6.x) which is the VLAN, the 2 node CMS is hosted on.
Both pool-1 and pool-2 are internal addresses NAT'ed to public IP's.
The iRules have all traffic going to the 6 node farm defined in pool-1, with exceptions for a list of several
dozen URL's that are found on the CMS nodes defined in pool-2.
What is being considered is having an external pool, pool-3 which would contain the server IP's for the
web site as hosted in the new datacenter (dcb), but the NOC for (dca) has balked, claiming that redirecting
traffic to an external pool cannot be done in our current configuration. 
hooleylistCirrostratus
You could also potentially proxy the requests for DCA from DCB using an iSession tunnel. This would allow you to send the traffic directly over an optimized and encrypted tunnel without redirecting the client.
Manual Chapter: Implementing Paired Tunneling
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_implementations_guide_10_0_0/sol_paired_tunneling_ltm.html
Aaron- breddy_11660Thanks Aaron,
That's a decent starting point. We have the 3600's in datacenter (dca) and I believe a range of F5 hardware in (dcb), including another pair of 3600's. I was trying to float the feasibility of adding an external IP pool, to work with the existing iRules we're using in (dca).
The project is still on the whiteboard, but in terms of definitively answering whether we can use internal and external IP pools, it looks like there are a few options for providing that flexibility. 
nitassEmployee
What is being considered is having an external pool, pool-3 which would contain the server IP's for the
web site as hosted in the new datacenter (dcb), but the NOC for (dca) has balked, claiming that redirecting
traffic to an external pool cannot be done in our current configuration.if there is routing, i do not understand why it cannot be done. didn't they give you more explanation??