Forum Discussion
Cannot join devices into cluster
- Mar 14, 2023
iRule It should be the following and any other additions can be added in a similar manner. You might consider speaking with the application team and have them perform the corrections on the server as this should only be done as a last resort in an iRule.
when CLIENT_ACCEPTED priority 500 { set DEFAULT_POOL [LB::server pool] } when HTTP_REQUEST priority 500 { if {[string tolower [HTTP::uri]] starts_with "/abc/defg/"} { HTTP::uri [string map {"/abc/defg/" "/uvw/xyz/"}[HTTP::uri]] pool pool_web } elseif {[string tolower [HTTP::uri]] starts_with "/123/456/"} { HTTP::uri [string map {"/123/456/" "/78/910/"}[HTTP::uri]] pool pool_web } elseif{[string tolower [HTTP::uri]] starts_with "/asdf-asdf/"} { HTTP::uri [string map {"/asdf-asdf/" "/lkjh-lkjh/"}[HTTP::uri]] pool pool_web } else { pool ${DEFAULT_POOL} } }
HTTP::redirect "http://[HTTP::host]/[string range [HTTP::uri] 6 end]"
HTTP::uri /[string range [HTTP::uri] 6 end]
- Cory_50405Mar 19, 2014
Noctilucent
What is the self IP address that is used for outgoing traffic when SNAT automap is configured on the virtual server? It could be a routing issue where your SNAT pool addresses aren't being properly routed on your network. That's just one of the things it could be, but maybe the most likely.
Your configuration looks fine.
- jaddie_85451Mar 19, 2014
Nimbostratus
Cory
Thanks for your response
The self-ip on the egress VLAN just uses a different last octet than the two indicated in the SNAT_pool,
I have verified the routing and from what I can see all are correct.
That is why I guess I am at a loss the config is not a complex one, but just looking to get another set of eyes or opinions on what it could be.
Thanks again
- Cory_50405Mar 19, 2014
Noctilucent
Another option could be access control on the network preventing the SNAT pool addresses from communicating out. If you do a tcpdump on your LTM, do you see any packets leaving sourced from the SNAT pool addresses?
tcpdump -nni 0.0 host 100.1.1.1 or 100.1.1.2
- jaddie_85451Mar 21, 2014
Nimbostratus
Again Cory thank you for your response
Ok I have completed some additional testing after gaining access to the server, if I use a SNAT pool with one IP (either of the two IP's mentioned) it works as expected, however if I add an additional IP to the pool I am no longer able to access the Internet from my browser.
This would verify routing and access control..
Any thoughts on why this would not work?
- Cory_50405Mar 21, 2014
Noctilucent
Nothing immediately comes to mind as a potential problem. Do you see any errors/warnings in /var/log/ltm that may indicate a problem?
If not, try the tcpdump matching either of your SNAT pool IP addresses to see if the LTM is sending the traffic out as expected.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com