Forum Discussion

4 Replies

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Sep 25, 2013

    Hey David. Sorry, far more detail required. TMOS version? Do you mean source address/simple persistence? What are you trying to do, it's not clear? What are your requirements? What is load balance gateway?

     

  • david78's avatar
    david78
    Icon for Nimbostratus rankNimbostratus
    Sep 25, 2013

    hi, my problem is complicated and my English is poor ... but I will attempt an explanation :) i use TMOS 11.4

     

    I don't use my Bigip as LB but as Forward Proxy with irule 'Forward Proxy' The default route of my bigip is a pool of gateway. This pool is 3 firewall on stand-alone.

     

    I need that each client use always the same gateway. But, it's not possible to configure a persistent for the gateway-load.

     

    I hope that my explanations will help you to understand my problem. if you need more explanation, do not hesitate.

     

  • StephanManthey's avatar
    StephanManthey
    Icon for Nacreous rankNacreous
    Sep 25, 2013

    Hi David,

     

    if I got it right, you want to handle some outgoing traffic through a virtual server.

     

    As a resource a pool with a couple of gateways is applied.

     

    Probably your virtual server is a wildcard 0.0.0.0/0 in PerformanceL4 mode.

     

    To make sure outgoing requests from the same internal client will always go through the same gateway (may be required, if the gateway applies source NAT) a source address affinity profile needs to be selected in the virtual server´s resource settings.

     

    This approach may not fit, if the internal requests are forwarded by a proxy. In this case the source IP will always be the same ... external proxy IP. As a result all requests would be send out through the same path.

     

    Alternatively you can select a customized destination address affinity to make sure requests to the same destination will go through the same gateway.

     

    Thanks, Stephan

     

  • david78's avatar
    david78
    Icon for Nimbostratus rankNimbostratus
    Oct 31, 2013

    hello, Thank you for your answers. The solution I found is a irule:

    when HTTP_REQUEST {

    log local0. ""
    log local0. "*************  start [TCP::client_port] *************"
    log local0. "**** Client    : [IP::client_addr]:[TCP::client_port]"
    log local0. "**** LB Server : '[LB::server addr]'"

    if { [LB::server addr] eq "" } {

        log local0. "**** force eval LB Server"

        eval [LB::select]

        log local0. "**** eval OK !!!"
        log local0. "**** New LB    : '[LB::server addr]'"

        set gw [getfield [LB::server] " " 2]

        log local0. "**** Gateway   : $gw"

        switch $gw {
            "172.20.112.125%10" { set nat "10.204.36.[expr ( [crc32 [IP::client_addr] ] % 126 ) +1 ]" }
            "172.20.112.126%10" { set nat "10.204.32.[expr ( [crc32 [IP::client_addr] ] % 126 ) +1 ]" }
        }

        snat $nat

        log local0. "**** S-nat     : $nat"

        nexthop $gw

    } else {
        log local0. "++++ LB choice : [LB::server addr]"
        log local0. "++++ Gateway   : $gw"
        log local0. "++++ S-nat     : $nat"
        snat $nat
        nexthop $gw
    }

    log local0. "*************   end [TCP::client_port] *************"
    log local0. ""
}

    But strangely, the command eval [LB :: selec] 'works correctly for the first request, but never for the following ... Here is an excerpt from / var / log / ltm

    Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : 

Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : *************  start 39932 *************

Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** Client    : 194.250.98.57%10:39932

Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** LB Server : ''

Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** force eval LB Server

Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** eval OK !!!

Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** New LB    : '172.20.112.126%10'

Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** Gateway   : 172.20.112.126%10

Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** S-nat     : 10.204.32.108

Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : *************   end 39932 *************

Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : 

Oct 30 10:06:58 pyxb595 info tmm[12555]: Rule /OVIP-INTERNET/Persistence_gw : 

Oct 30 10:06:58 pyxb595 info tmm[12555]: Rule /OVIP-INTERNET/Persistence_gw : *************  start 12475 *************

Oct 30 10:06:58 pyxb595 info tmm[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** Client    : 194.250.98.57%10:12475

Oct 30 10:06:58 pyxb595 info tmm[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** LB Server : ''

Oct 30 10:06:58 pyxb595 info tmm[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** force eval LB Server

Oct 30 10:07:05 pyxb595 info tmm1[12555]: Rule /OVIP-INTERNET/Persistence_gw : 

Oct 30 10:07:05 pyxb595 info tmm1[12555]: Rule /OVIP-INTERNET/Persistence_gw : *************  start 55778 *************

Oct 30 10:07:05 pyxb595 info tmm1[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** Client    : 194.250.98.57%10:55778

Oct 30 10:07:05 pyxb595 info tmm1[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** LB Server : ''

Oct 30 10:07:05 pyxb595 info tmm1[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** force eval LB Server

    Someone has an idea? Is this a problem of writing?