Forum Discussion
anshubathla
Altostratus
AltostratusOne ARM mode with pool members in different VLAN
Hi Team,
I have one Virtual Server and 2 Pool members configured in the same VLAN (One arm mode) .
I am using SNAT Pool of two IP's from the same subnet . This setup was working perfectly fine.
But as soon as I have added two more pool members which are in different VLAN in the same Pool list , I have started seeing the issues . These two pool members was not responding to F5. Upon further analysis I have found that F5 SNAT IP is sending the SYN packet from SNAT IP and on server I have seen it is receiving the SYNC packet and responds with SYN-ACK but in respond F5 is sending RESET to the server.
The only difference is that non-working pool members belongs to a different VLAN but the working pool members and VS IP belongs to same Vlan.
Routes- we are not having any routing configured , below are the subnets learnt after configured the self IP's
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan_100
192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan_101
VS IP 192.168.10.30
SNAT Pool IP's. 192.168.10.9 and 192.168.10.10
Pool Members1 192.168.10.101 - working
Pool Members2 192.168.10.102- working
Pool Members3 192.168.20.201 - non working
Pool Members4 192.168.20.201- non working
We can telnet from F5 on application port from working and non -working pool member. Could you please advise what could be the issue ?
Thanks
Hi,
- Did you tried to telnet non-working pool member from F5 self IP as source ? If not, you can try it once using -
telnet -b Self-IP Dest-IP Port- If you have specific Route Domains, first change the route domain then telnet or try to reach pool member from there.
To change the route domain use command rdsh
- If telnet is failing in any of the above cases, you can check by adding route for the pool member host on F5 towards the gateway/IP where its L3 is configured.
- Mayur_Sutare
MVP
Hi,
- Did you tried to telnet non-working pool member from F5 self IP as source ? If not, you can try it once using -
telnet -b Self-IP Dest-IP Port- If you have specific Route Domains, first change the route domain then telnet or try to reach pool member from there.
To change the route domain use command rdsh
- If telnet is failing in any of the above cases, you can check by adding route for the pool member host on F5 towards the gateway/IP where its L3 is configured.
anshubathlaWe are able to telnet the working and non working pool members from F5.
do you think we need to change any other thing when we are using One ARM mode with VS and pool member in different VLAN while using SNAT.
- anshubathla
Sorry , we have tried tried telnet directly without taking the Self IP and it was working
But when we tried with the command provided by you it is shows connection refused .
Regarding the route addition , could you please explain a bit more as we have self IP's configured for both working and non working pool member , so F5 should have route to reach both vlans then why their is a requirement of adding aa route ?
Even I have tried adding route for 192.168.20.201 next hop 192.168.20.1 ( gateway configured on switch) but still telnet is not working. Its looks like a communication issue between the two vlans. Could you please advise further.
- anshubathla
It works after adding route for pool member 192.168.20.201 with next hop 192.168.10.1 (gateway IP belongs to VLAN in which I have configured the VS.
- anshubathla
Thanks for the help