Forum Discussion
NimbostratusPriority-group does not seem to work
Hello, I use 2 Link Controllers with BIGIP V12 HF2
I am trying to use Priority Group feature on a Pool that represents the 2 Default ISP routers available to reach Internet;
For some specific cases (such as IPSEC VPN outgoing requests), I want BigIP to use only the 1st ISP router if it is available, and start to use the 2nd ISP router if the Internet access thru the 1st one is detected as unreachable ;
So, I created the following kind of Pool :
ltm pool /Common/Default-Gateway-via-ISP1+Backup-via-ISP2 {
members {
/Common/RTR-ISP1:0 {
address 111.1.1.1
priority-group 100
}
/Common/RTR-ISP2:0 {
address 222.2.2.2
priority-group 1
}
}
min-active-members 1
monitor /Common/Ping-DNS1-Google and /Common/Ping-DNS2-Google
}
When I test the Virtual Server that uses this Pool, I can see, via TCPDUMP, that outgoing flows are always load-balanced on both ISP links instead of using ISP1 link only; so, it does not seems to work ...
To be complete, the VS is defined with dest 0.0.0.0/0, with a specific Source IP, and with a SNAT Pool of 2 public IPs associated to this Source IP
This is the 1st time I use Priority Group feature
Any idea ?
1 Reply
youssef1Cumulonimbus
Hello Joel,
Firstof, you have to manage your SNAT base on ISP:
if { [LB::server addr] eq "1.1.1.1"} {
snatpool SNAT_ISP1
} else {
snatpool SNAT_ISP2
}
1.1.1.1 is your GW for ISP1
Second time check you don't have a persistence session/connection through the wrong ISP.
Normalement tu peux utiliser ces commandes
tmsh show /ltm persistence persist-records client-addr %client_IP%
tmsh show /sys connection cs-client-addr %IP_ADDR%
If you want to check all connection
tmsh show /ltm persistence persist-records
tmsh show /sys connection
If you want to delete the connection in order to initiate a new:
tmsh delete /sys connection ... (don't forget to choise the connection IP that you want to delete).
Let me now if it help you. Regards
