For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Techgeeeg_28888's avatar
Techgeeeg_28888
Icon for Nimbostratus rankNimbostratus
Sep 26, 2012

Load Balancing over two links

Hi guys,

 

I am sure what i am about to ask has already been discussed here. I have two internet links terminated on GTM and I have a Wild card Virtual Server taking the traffic to internet. I have two proxy servers sitting inside my network and I want one Proxy to utilize one ISP link and the other to utilize the other link and in case of failure of one of the links all the web traffic of that link should go via the second link. Can someone help me with an irule to achieve this.

 

 

Regards,

 

 

application delivery
dev
devops
iRules

24 Replies

Show More
  • Techgeeeg's avatar
    Techgeeeg
    Icon for Nimbostratus rankNimbostratus
    Oct 01, 2012
    Thanks first of all for indicating the above....

     

     

    But we have a problem here the SNAT pool that i have let say for proxy1 private IP to Public IP translation when it happens I have multiple IP's in the pool that this private IP can be mapped to. so If i don't delete proxy translation from what will happen is that the above portion of the irule will translate it to some times ISP1 ip and some times to ISP2 IP. When the translation is to the public IP for that ISP which is marked on high priority in the pool under pga_isp1_pool it will work else it wont.

     

     

    Correct me if I am wrong.

     

     

    Also I need to understand here some of the things ...

     

     

     

    if { [IP::addr [IP::client_addr] equals x.x.x.x] } { << proxy 1

     

    pool pga_isp1_pool }

     

    elseif { [IP::addr [IP::client_addr] equals x.x.x.x] } { << proxy 2

     

    pool pga_isp2_pool }

     

    }

     

     

     

    Here in place of x.x.x.x i will put the public IP address which the above portion of the iRULE has translate the proxy IP to. M i correct? or it will be the private IP of the proxy

     

     

    <

     

    In the above I can understand that pga_isp1_pool or pga_isp2_pool are the pool which i will create, will I keep the ISP routers as the pool members here???

     

     

    what is <

     

    Regards,
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 01, 2012
    OK, understood, so you'll specifically map a public IP for each proxy somewhere higher up in the rule (or lower down) and exclude the proxies from the general SNAT.

     

     

    I'm not sure if you need to use the public or private IP instead of x.x.x.x - you'll have to test to see if the SNAT already applies or not, or, if you can't test easily, do the SNAT after the pool mapping.

     

     

    Both ISP routers will be in both pools but you'll configure 'min members 1' and one or the other member with a higher group number than the other. So in pool 1 ISP1 will have a group number of say 10, ISP2 a group number of 1. In pool 2 ISP2 will have a group number of 10, ISP1 a group number of 1.
  • Techgeeeg's avatar
    Techgeeeg
    Icon for Nimbostratus rankNimbostratus
    Oct 01, 2012
    Well now based on my explanation again we are back to the same point that how the irule will look like and what changes we will make to my existing irule or write a new irule and how will it look like... any help in this... ?
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 01, 2012
    I don't know what your existing iRule looks like in full but based on what I do know I'd do it in this order to avoid having to change the SNAT configuration; 

    
when CLIENT_ACCEPTED {
 if { [IP::addr [IP::client_addr] equals x.x.x.x] } {
  pool pga_isp1_pool }
 elseif { [IP::addr [IP::client_addr] equals x.x.x.x] } {
  pool pga_isp2_pool }
 if {[class match [IP::client_addr] equals Snat_pool]} {
 snatpool [class match -value [IP::client_addr] equals Snat_pool] }
}