Forum Discussion
ltmbanter_43291
Nimbostratus
NimbostratusSungard Luminis Chat Configuration
I have an F5 BigIP LTM v9.3.1 in a one-armed configuration where the VIP's and pools are on the same subnet. I can't figure out the chat part of the Luminis configuration. Note that I do not have the backend servers' gateway as the VIP, nor do I have Direct Server return configured.
With a Performance Layer 4 configuration on the chat VIP, I get as far as having the chat window come up but the username is not populating in the right-hand window, I can't send messages to the chat window, and then after 15 seconds the window gets a connection cannot be made error. I used wireshark and found the message:
GET /jsp/misc/connectionError.jsp from the client to the VIP.
I tried another configuration, Standard instead of Performance Layer 4, and the chat window stays open and I can type into the chat window, but still the username doesn't show up in the right-hand window and I don't see traffic getting back to the chat pool servers.
Note that I have a VIP instance for each of the 5 chat ports(9001-9005) which each have a pool that points to their respective server over that port, but I isolated it down to one chat VIP for my testing.
Below is a printout of my bigip.conf file with Performance Layer 4. I'd appreciate it if anyone could give me feedback on my setup.
Thanks
monitor Luminis_8008 {
defaults from tcp
}
monitor Luminis_9001 {
defaults from tcp
}
profile tcp tcp-Luminis-Prod {
defaults from tcp
slow start disable
bandwidth delay disable
nagle disable
ack on push enable
proxy buffer low 98304
proxy buffer high 131072
idle timeout 1800
send buffer 65535
recv window 65535
}
profile http http-Luminis-Prod {
defaults from http
oneconnect transformations disable
}
profile persist Cookie-Insert-Luminis-Prod {
defaults from cookie
mode cookie
cookie mode insert
}
pool pool-LuminisProd-80 {
lb method member observed
monitor all http
member 192.168.1.7:http
member 192.168.1.8:http
member 192.168.1.9:http
member 192.168.1.10:http
member 192.168.1.11:http
}
pool pool-LuminisProd-calendar-6785 {
snat disable
monitor all tcp
member 192.168.1.5:6785
}
pool pool-LuminisProd-calendar-6788 {
snat disable
monitor all Luminis_9001
member 192.168.1.6:6788
}
pool pool-LuminisProd-chat-9001 {
snat disable
monitor all Luminis_9001
member 192.168.1.7:9001
}
pool pool-LuminisProd-chat-9002 {
snat disable
monitor all Luminis_9001
member 192.168.1.8:9002
}
pool pool-LuminisProd-chat-9003 {
snat disable
monitor all Luminis_9001
member 192.168.1.9:9003
}
pool pool-LuminisProd-chat-9004 {
snat disable
monitor all Luminis_9001
member 192.168.1.10:9004
}
pool pool-LuminisProd-chat-9005 {
snat disable
monitor all Luminis_9001
member 192.168.1.11:9005
}
pool pool-LuminisProd-cpip-8008 {
monitor all Luminis_8008
member 192.168.1.7:http-alt
member 192.168.1.8:http-alt
member 192.168.1.9:http-alt
member 192.168.1.10:http-alt
member 192.168.1.11:http-alt
}
virtual vip-LuminisProd-443 {
destination 192.168.2.12:https
snat automap
ip protocol tcp
profile http-Luminis-Prod tcp-lan-optimized wildcard_ssl_profile
persist Cookie-Insert-Luminis-Prod
pool pool-LuminisProd-80
}
virtual vip-LuminisProd-80 {
destination 192.168.2.12:http
snat automap
ip protocol tcp
translate service disable
profile http-Luminis-Prod tcp-lan-optimized
persist Cookie-Insert-Luminis-Prod
pool pool-LuminisProd-80
}
virtual vip-LuminisProd-calendar-6785 {
destination 192.168.2.12:6785
ip protocol tcp
translate service disable
profile http tcp
pool pool-LuminisProd-calendar-6785
}
virtual vip-LuminisProd-calendar-6788 {
destination 192.168.2.12:6788
ip protocol tcp
translate service disable
profile http tcp
pool pool-LuminisProd-calendar-6788
}
virtual vip-LuminisProd-chat-9001 {
destination 192.168.2.12:9001
ip protocol tcp
translate service disable
profile fastL4
pool pool-LuminisProd-chat-9001
}
virtual vip-LuminisProd-chat-9002 {
destination 192.168.2.12:9002
ip protocol tcp
translate service disable
profile fastL4
pool pool-LuminisProd-chat-9002
}
virtual vip-LuminisProd-chat-9003 {
destination 192.168.2.12:9003
ip protocol tcp
translate service disable
profile fastL4
pool pool-LuminisProd-chat-9003
}
virtual vip-LuminisProd-chat-9004 {
destination 192.168.2.12:9004
ip protocol tcp
translate service disable
profile fastL4
pool pool-LuminisProd-chat-9004
}
virtual vip-LuminisProd-chat-9005 {
destination 192.168.2.12:9005
ip protocol tcp
translate service disable
profile fastL4
pool pool-LuminisProd-chat-9005
}
virtual vip-LuminisProd-cpip-8008 {
destination 192.168.2.12:http-alt
snat automap
ip protocol tcp
translate service disable
profile http tcp
persist cookie
pool pool-LuminisProd-cpip-8008
}
- dennypayne
Employee
Hi,
It looks like your 9001-9005 virtuals are not SNAT'ing so those connections are likely not coming back to the LTM; the server is seeing the original client's source IP and responding directly to it rather than sending the connection back through LTM. If you turn on SNAT automap on those virtuals like it is on the 80, 443, and 8008 vips it should work.
Denny 
hoolioCirrostratus
If the client and server are on the same subnet or the client is on a non-local subnet but the servers' gateway is not LTM, you'll need to either enable SNAT or configure the servers to respond from the VIP address. Enabling SNAT is the simpler option.
You have SNAT automap enabled on the VIP, but then each pool has SNAT disabled.
Aaron
