Forum Discussion

Mike_Sullivan_2's avatar
Mike_Sullivan_2
Icon for Nimbostratus rankNimbostratus
Feb 11, 2008

VIP Bounceback or?

Howdy,

 

 

I have a LTM (9.1.2 40.6). My app servers connect to the db server vs (defined on the external vlan, but the pools and members all reside on the internal vlan) and this works as the GW of the app servers is not the LTM. Now I'd like to consolidate the topology and use the LTM as the GW. I tried it w/out changing the LTM config and it didn't work. I tried it by disabling the auto snat, still it didn't work.

 

 

Should the vs be moved to the internal vlan and set it up as a VIP bounceback solution? Is there an alternitive that allows the LTM to be used as the GW and still keep the vs on the external vlan?

 

 

ex: This is the current deployment and if the LTM is the GW, it won't work

 

virtual WR-WebDB {

 

destination 172.31.20.21:mysql

 

snat automap

 

ip protocol tcp

 

profile tcp-lan-optomized

 

pool WR-Servers

 

}

 

 

pool WR-Servers {

 

lb method dynamic ratio

 

action on svcdown reselect

 

min up members enable

 

min active members 1

 

monitor all SQL-Monitor

 

member 172.31.80.31:mysql priority 2

 

member 172.31.80.32:mysql

 

}

 

 

However, if I understand the Bounceback setup, this will work (when the LTM is the GW):

 

 

virtual WR-WebDB {

 

destination 172.31.80.21:mysql

 

snat automap

 

ip protocol tcp

 

profile tcp-lan-optomized

 

pool WR-Servers

 

}

 

 

pool WR-Servers {

 

lb method dynamic ratio

 

action on svcdown reselect

 

min up members enableman

 

min active members 1

 

monitor all SQL-Monitor

 

member 172.31.80.31:mysql priority 2

 

member 172.31.80.32:mysql

 

}

 

 

Thanks for your help.

 

config
design
  • dennypayne's avatar
    dennypayne
    Icon for Employee rankEmployee
    Feb 15, 2008
    Are the app servers also on the internal VLAN? Is the LTM the GW for the db servers? If that's the case it really shouldn't matter what VLAN the db vip is on, as long as the SNAT is enabled. Putting it on the internal VLAN will remove a hop, so that's good, but I must be missing something in the picture because the first config should work as well. It all boils down to making sure there's no asymmetric routing.

     

     

    So the packet flow should be: 1. client -> vip, 2. vip -> db server, 3. db server -> whatever client address is given to it by LTM (so if SNAT it should be an address on the LTM), 4. vip -> client.

     

     

    Hope that helps,

     

    Denny
  • Mike_Sullivan_2's avatar
    Mike_Sullivan_2
    Icon for Nimbostratus rankNimbostratus
    Feb 19, 2008
    You know, that is what I thought. Unfortunately, at 2:00 am, it didn't. I'll have to configure a better testing environment before I take another wack at it.

     

     

    Thanks for your reply.