Forum Discussion

Mahi's avatar
Mahi
Icon for Cirrus rankCirrus
Apr 01, 2020

LTM Policy to select pool based on TCP port is not working

Hello Everyone,

 

We are trying to do a POC where there is one Virtual Server listening on port '0' (basically all ports) and we would want to select the pool based on the remote port number using LTM Policy, however, its is not working. Any help on this please.

 

For example

http://192.168.1.25:45000 select pool WebApp_Odessa

http://192.168.1.25:45005 select pool WebApp_Jasper

 

We did set up the policy as below.

 

TCP port is '45000' at client accepted time.

Forward traffic to pool '/Common/WebApp_Odessa' at client accepted time.

TCP port is '45005' at client accepted time.

Forward traffic to pool '/Common/WebApp_Jasper' at client accepted time.

application delivery
BIG-IP
LTM
policy
    • Mahi's avatar
      Mahi
      Icon for Cirrus rankCirrus
      Apr 01, 2020

      Thanks Dario, we tried that solution and its working.

       

      For some reason, we need only one VIP and not use an iRule. Therefore, we decided to go via the policy route.

      • Dario_Garrido's avatar
        Dario_Garrido
        Icon for MVP rankMVP
        Apr 02, 2020

        Hello Mahi.

        Configure 3 VS is faster than configure a policy.

        Anyway, I've tested in my lab and it's working fine using forward to pool (with "local - external" and automap)

        ltm policy Policy_Test {
    controls { forwarding }
    last-modified 2020-04-02:09:07:31
    requires { http tcp }
    rules {
        redirect {
            actions {
                0 {
                    forward
                    select
                    pool P-WEB_80
                    snat automap
                }
            }
            conditions {
                0 {
                    tcp
                    port
                    local
                    values { 80 }
                }
            }
        }
    }
    status published
    strategy first-match
}

        KR,

        Dario.

  • PeteWhite's avatar
    PeteWhite
    Icon for Employee rankEmployee
    Apr 02, 2020

    The policy which Dario has posted above is what you want. If you can let us know in more detail what exactly is not working then that would help. For debugging purposes, I would add a log statement to show that you are hitting the ltm policy, maybe it is something else in the setup which is not working.

    • Mahi's avatar
      Mahi
      Icon for Cirrus rankCirrus
      Apr 02, 2020

      Hello Pete,

       

      The solution of different virtual servers is what we tried and it worked. The design team want to reduce the number of virtual servers and use policies for some reason.

      I am seeing a 'Reset' packet from the virtual server with the reason 'No server selected' in the packet capture. Somehow the policy is not kicking in. Any thoughts?

       

      • PeteWhite's avatar
        PeteWhite
        Icon for Employee rankEmployee
        Apr 02, 2020
        Hi Mahi, Can you either post your LTM policy here, or compare it to the example shown above.