Forum Discussion
LTM HTTP explicit forward proxy and route domains
Hi,
I have a simple lab setup for LTM + http explicit forward proxy no SSL interception just CONNECT handling. When I test this in a single route domain it works OK. I have a requirement to use a different route domain for the egress traffic. So I config the egress VLAN/Self IP/SNAT and explicit proxy in the HTTP profile into the new RD1. I setup a default route in the RD1 and leave a single static route in RD0 for my client traffic. Now when I test I can see the DNS resolver working ok through the egress VLAN/RD1 but I get a 503 after that from the F5, no server side traffic is seen in tcpdumps, just DNS. I checked the HTTP packets sent back to the client and see a connection failed as well as the 503
After troubleshooting I was able to get this to work by changing the RD1 parent name from 'none' to '0' the default partition. I can't figure out why I need to have the parent set to 0, when the only route in that RD is a static route for the client traffic and why this would make the connection fail otherwise?
Any ideas?
thanks
- PSilvaRet. Employee
Not sure if this answers your question but from:
A route domain ID is a unique numerical identifier for a route domain. You can assign objects with IP addresses (such as self IP addresses, virtual addresses, pool members, and gateway addresses) to a route domain by appending the %ID to the IP address.
The format required for specifying a route domain ID in an object’s IP address is A.B.C.D%ID, where ID is the ID of the relevant route domain. For example, both the local traffic node object 10.10.10.30%2 and the pool member 10.10.10.30%2:80 pertain to route domain 2.
The BIG-IP system includes a default route domain with an ID of 0. If you do not explicitly create any route domains, all routes on the system pertain to route domain 0.
Important: A route domain ID must be unique on the BIG-IP system; that is, no two route domains on the system can have the same ID.
Hope that helps?
ps
- andrew_C1Nimbostratus
Hi I just ran into this, but I didn't have anything configured in route domain 0. The result was I was getting instant 503's.
I figure I would post a reply because I found this via google, so other people might as well :).
What I found confusing is that regular http traffic worked just fine, it was only Proxy CONNECT that was failing. After bashing my head against a wall for a few hours, I finally notices that within the explicitly proxy profile their is a field for route domain which defaults to 0. AS you can guess the second I changed it all was good.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com