For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

doshoru_24091's avatar
doshoru_24091
Icon for Nimbostratus rankNimbostratus
Jul 14, 2011

load balancing biztalk servers -- multiple service ports

We are using Microsoft BizTalk servers to handle HL7 feeds. We're testing with our first client, and they have two feeds -- production, and test, which are differentiated by source IP and destination TCP port. I have the Virtual Server configured for "0" as the port. Production feed is working, but Test feed is not. The client can make a connection, but the socket dies when he tries to send a message.

 

 

At first, I thought the problem may have been oneconnect, but I disabled that and still no luck.

 

 

 

Ideas? Relatively new to F5, and complete noob in BizTalk -- development group manages this app.

 

config
design

5 Replies

  • Austin_Geraci's avatar
    Austin_Geraci
    Icon for MVP rankMVP
    Jul 14, 2011
    What are your ports for Prod/test? It sounds like you have one Virtual Server listening on 0 for any port.. What are your pool members listening on?

     

     

    Are your pool members in line to the LTM or are you SNATing to route/route back?

     

     

    It might be a good idea to split up Prod & Test Vips... even if you're using the same backend servers...

     

     

  • doshoru_24091's avatar
    doshoru_24091
    Icon for Nimbostratus rankNimbostratus
    Oct 04, 2011
    Sorry for the late reply -- this was backburnered for a while, but has recently moved back up the priority list.

     

     

    I agree on the Prod & test VIPs and will set that up shortly.

     

     

    The F5 is in a one-armed configuration, so SNAT (Auto Map) is in play. I have successfully configured multiple Virtual Servers/Pools in the past. Only having issues trying to configure a single VS to listen on any port.

     

     

    I guess a piece of info I left out is that the BizTalk server differentiates clients based on TCP port. E.g., "client A" uses TCP 50001, "client B" uses 50003, etc.

     

     

    I just noticed the "Port Translation" option and am going to try that. I just had a thought that maybe the source port (client's end) is not being passed from the F5 to the backend.
  • doshoru_24091's avatar
    doshoru_24091
    Icon for Nimbostratus rankNimbostratus
    Oct 04, 2011
    I just had a thought that maybe the source port (client's end) is not being passed from the F5 to the backend.

     

     

    OK....this was easy enough to test via telnet & netstat. I confirmed that the source port is being persisted all the way to the backend, so that's not it. I still haven't tried the Port Translation option, though. Waiting on the client to confirm he has time to test...
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Oct 04, 2011
    does this help?

     

     

    sol11003: Change in Behavior: The BIG-IP system no longer determines whether it should preserve the client's source port based on a bigpipe database variable

     

    http://support.f5.com/kb/en-us/solutions/public/11000/000/sol11003.html
  • doshoru_24091's avatar
    doshoru_24091
    Icon for Nimbostratus rankNimbostratus
    Oct 04, 2011
    Sadly, no....we're on 10.0.1. I think I may have found the problem though....noob mistake -- Although I had the VS listen port set to "0", I had each member node set to 443....Still waiting to hear from the client on when we can test.