Altostratus
AdminHey sbroulaye , you're trying to configure the ability for your pool members to initiate traffic destined outbound?
AltostratusHi buulam, NO !
The problem is that when clients are web browsing to the VS, the page is showing ERR_CONNECTION_RESET
When I check the statistics of the pool, there is inbound hits but no oubound traffic (0)
Hope you understand, I'm new in BIG-IP management.
EmployeeLet us analyze this from a traffic flow perspective. As a proxy, and in this configuration, the BIG-IP is going to both NAT and SNAT the traffic to the pool member. So let's use some comcrete examples:
Traffic arriving at the BIG-IP VIP has the true client IP and a destination IP of 188.188.1.100 (the VIP). The VIP takes the traffic, decrypts, selects a pool member, NATs (changes the destination address to 192.168.1.100), and then SNATs (changes the source address to 192.168.1.1). So at the pool member, it sees a destination IP of itself, coming from the internal self-IP of the BIG-IP. If you tcpdump at that internal VLAN between the BIG-IP and the pool member, you should see exactly this:
tcpdump -lnni <internal vlan>It would be useful to do this tcpdump to observe what's actually happening. You might see the client requests coming in, but maybe not going out? Or you might only see health monitor traffic? Either of these will increment the inbound traffic counters.
If you see client traffic coming in, but nothing coming back:
AltostratusThanks Kevin for this insightful explanation.
Please find in attachment the logs I collected from the tcpdump input you asked to do.
I would like to know why the pool member (172.17.31.254) is communicating both with the self ip (172.17.31.18) and the floating ip (172.17.31.16). Because our BIG-IPs are in HA active/active mode, so the traffic to the pool member is going through the floating ip.
Thanks in advance.
