Forum Discussion
esoteric22_2801
Nimbostratus
NimbostratusLoad Balancing Internal Network
I am a novice and I would really appreciate some help.
Here is our predicament We have three different applications which talk to each other using HTTP SOAP requests.
All application have a farm of web servers which is being load balanced by the F5.
Application A and Application B reside on the same network as the F5.
Application X is outside the facility and talks to A and B over the internet through the F5.
This part works fine, X can talk with A or B through F5 and the requests are load balanced.
Our predicament is we are unable to make App A talk to App B through the F5.
We defined a Virtual host in the same subnet and setup the application to route to the virtual host.
We enabled logging and we can see from the F5 Logs that the requests is being redirected to the correct pool. But we do not get any response.
On setting up a network trace on the recipient and sending Server we observed that the HTTP SOAP request is being sent by Application A to F5 but never gets through to Application B.
Is it possible to implement such a solution if so please advice.
esoteric22_2801The internet facing connection is dealt with using a different virtual host.
hoolioCirrostratus
The problem is that app B is replying back directly to app A as they're on the same subnet. However, app A didn't initiate a connection to app B. It opened a connection to the virtual server IP. So app A ignores app B's response.
If you're only using the virtual server for internal clients, you could enable SNAT automap on the virtual server so that LTM translates the source address to its IP address on requests to the pool for the virtual server. This ensures that the apps respond back to LTM.
If you only want to apply SNAT when the source and destination hosts are on the same subnet, you could use an iRule:
http://devcentral.f5.com/wiki/default.aspx/iRules/SelectiveSNAT.html
Aaron- esoteric22_2801Thank you for the prompt reply, we tried by setting SNAP to AutoMap and then tried the same request but with little luck.
The only difference was this time we could not see any request going out directly to Application Server B , but we still did not get a response.
Please forgive my ignorance , but is that all we need to do to enable SNAP or are there additional configurations to be done? - hoolioAs far as IP layer config, that should be enough. Can you run a tcpdump on LTM on all switch interfaces filtering on the client and server IP addresses?
tcpdump -nni 0.0 host CLIENT_IP or host SERVER_IP
Thanks,
Aaron 
hc_andy_35682As Aaron has already stated, snat is the way to fix this.
This is the irule we use to selectively snat machines which are on the same subnet and need to communicate with machines behind the F5.
when LB_SELECTED {
if { [IP::addr [IP::remote_addr] equals [LB::server addr]/24] } {
snat automap
}
}
Just change th2 /24 to whatever mask your subnet uses and save it as an irule and then apply to your virtual server.