Forum Discussion
NimbostratusOrder of precedence for virtual server when using source address
NacreousRecommend to delete all client-side (cs) connections on VIP_Default.
The closer-match VIP_Special will get the special subnet connections (works as intended in 12.1.1). However, as with any F5 change you must acknowledge that previously established sessions are not aware of your configuration changes.
Other things that can be wrong: VLANs (on which the Virtual Server is listening), the source IP of the 'special subnet' really does not match (perhaps a SNAT takes place?). If you need further help, please paste the full configuration of both Virtual Servers (
tmsh list ltm virtual VSname
NimbostratusIf I change the VS_CP_Inet_Forward / VIP_SPECIAL to only listen for port 443, it will start consuming traffic immediately.
If it was a problem with the source address, the VS_CP_Inet_Forward should not start accepting traffic because I gave it precedence by setting a more specific port.
This is the VS that should receive traffic from the 198.19.0.128/25 subnet.
ltm virtual VS_CP_Inet_Forward {
destination 0.0.0.0%65000:any
ip-protocol tcp
mask any
profiles {
tcp-wan-optimized { }
}
rules {
irule_cp_cluster_forward
}
source 198.19.0.128%65000/25
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
vlans {
iApp_webproxy-70-0-D
}
vlans-enabled
vs-index 21
}
`
And this is the more generic VS
`ltm virtual iApp_webproxy.app/iApp_webproxy-70-D-0-t-4 {
app-service /Common/iApp_webproxy.app/iApp_webproxy
description "cp_cluster (1476971594)"
destination 0.0.0.0%65000:any
ip-protocol tcp
mask any
profiles {
iApp_webproxy.app/iApp_webproxy-tcp-lan {
context clientside
}
iApp_webproxy.app/iApp_webproxy-tcp-wan {
context serverside
}
iApp_webproxy.app/iApp_webproxy-xssl {
context serverside
}
}
rules {
iApp_webproxy.app/iApp_webproxy-ilD
}
source 0.0.0.0%65000/0
translate-address disabled
translate-port disabled
vlans {
iApp_webproxy-70-0-D
}
vlans-enabled
vs-index 16
}
