Forum Discussion
NimbostratusLimiting Service that pass through F5
Hi,
I have a question about creating VS service traffic separation.
so, i have 2 server and i install an application that runs multiple service on those server ( like http, https, and smpt ), and i want to do the load balance.
the problem is that i want all users access http and https through F5, but if they need smpt service they will not through F5.
Here is the illustration for it :
you can see the topology above, let me explain it,
i have a firewall, it carry the NAT service, that translate the virtual server ip to ip public, and then there's F5 that translate the Virtual Server IP to the Server's real private IP,
So, let me clear it, the traffic from public is :
User - Firewall ( 1.1.1.1 to 10.10.10.10.) - F5 (10.10.10.10 to 192.168.1.1 ) - Server (192.168.1.1)
Is there any command in iRule that can make it happen?
(NB : user access the server via domain, so address 1.1.1.1 to example.com)
aapersonCirrus
These are the basic steps:
1) Create Nodes
2) Create Pool
3) Add Members to Pool
3a) A Member is a Node with port
4) Create Virtual Server
4a) Add Pool to Virtual Server
Roughly speaking, if Member 192.168.140.1:80 exists in a Pool and 192.168.140.1:443 does not, then the Virtual Server will answer to port 80 traffic, but not answer to port 443 traffic. If 192.168.140.1:25 doesn't exist in the Pool, then the Virtual Server won't answer to port 25 traffic.
Good luck!
Bianca_Ssorry i forget explain something, this is the right topology :so it's a public server, and the nat ip is on the firewall, the firewall translate it to IP VS in F5, then F5 translate it to the real ip.
So how can i separate the traffic between the services? is there any iRule command that i can use?
M_2Altocumulus
HI,
It all depends on the Virtual setup and the members you configure.
you can create 3 different virtuals for https/http/smtp
1 Virtual-HTTPs -- Member1:443 Member2:443
2. Virtual-HTTP -- Member1:80 & Member2:80
3. Virtual-SMTP - Member1:25