VIP Issue

Is it possible to access the VIP from within the pool members it self? is it suppose to work?yes. have you enabled snat automap under the virtual server setting?

No, this is the virtual server config,

 

 

virtual vsd_443 {

 

pool pl_443_vsd

 

destination 10.10.1.101:https

 

ip protocol tcp

 

profiles tcp_default

 

vlans 52 enable

 

 

how will the snat autoamap help here?

 

how will the snat autoamap help here? source ip will be translated to floating selfip when sending out to pool member, so return traffic will be sent back to bigip. without snat automap, return traffic will be sent to client directly which makes asymmetric routing.

what will be snat automap configuration and how will it be associated with the VS?

 

 

assume,

 

 

 

DIP (1.12)---initiates connection to -->VIP ( 1.101 )--? From here, how the F5 processes the traffic?

 

 

how snat automap changes plays the role of end-to-end connection from the pool member -to-VIP--to again pool member?

e.g.

 without snat automap
client is 200.200.200.102
virtual server is 200.200.200.200:80
pool member is 200.200.200.101

[root@ve1023:Active] config  b virtual bar list
virtual bar {
   pool foo
   destination 200.200.200.200:80
   ip protocol 6
}
[root@ve1023:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve1023:Active] config  tcpdump -nni 0.0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
06:28:07.883071 IP 200.200.200.102.58464 > 200.200.200.200.80: S 2555623998:2555623998(0) win 5840 
06:28:07.883127 IP 200.200.200.200.80 > 200.200.200.102.58464: S 3442710014:3442710014(0) ack 2555623999 win 4380 
06:28:07.883748 IP 200.200.200.102.58464 > 200.200.200.200.80: . ack 1 win 46 
06:28:07.883788 IP 200.200.200.102.58464 > 200.200.200.101.80: S 3602763782:3602763782(0) win 4380 

 with snat automap
client is 200.200.200.102
virtual server is 200.200.200.200:80
selfip is 200.200.200.10
pool member is 200.200.200.101

[root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 200.200.200.200:80
   ip protocol 6
}
[root@ve1023:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve1023:Active] config  b self 200.200.200.10 list
self 200.200.200.10 {
   netmask 255.255.255.0
   vlan internal
   allow default
}
[root@ve1023:Active] config  tcpdump -nni 0.0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
06:29:41.606809 IP 200.200.200.102.58465 > 200.200.200.200.80: S 147452078:147452078(0) win 5840 
06:29:41.606882 IP 200.200.200.200.80 > 200.200.200.102.58465: S 3938727630:3938727630(0) ack 147452079 win 4380 
06:29:41.607874 IP 200.200.200.102.58465 > 200.200.200.200.80: . ack 1 win 46 
06:29:41.607917 IP 200.200.200.10.58465 > 200.200.200.101.80: S 2690173806:2690173806(0) win 4380 

Really appreciate the full sample config..however, under with snat option, i do NOT see client as the pool member.

 

 

Just want to confirm here - i do not see client (200.200.200.102) as prt of the POOL foo,

 

 

My scenario is like as below, there are 2 pool members,

 

 

pool member 1, 200.200.200.101

 

 

pool member 2, 200.200.200.103

 

 

pool member 1 is accessing the VIP, https://200.200.200.200.80. Buit the VIP is not working either from member 101 or 103.

 

 

Again if https://200.200.200.103 is given from member 1 or https://200.200.200.101 is given from member 2, directly the member IP, then it is working fine.

 

 

But with VIP from either pool member, VIP is not working. This is the problem. IN this situation cam, snat automap help?

 

 

 

 

 

 

 

Just want to confirm here - i do not see client (200.200.200.102) as prt of the POOL foo,it does not matter. the problem happens when client is in the same subnet as pool member.

 

So in effect, as long as the client is in same subnet, it does not matter whether it is INFRONT of the VIP or BEHIND the VIP. Is it?

 

 

snat automap makes either work. right?

 

 

So in effect, as long as the client is in same subnet, it does not matter whether it is INFRONT of the VIP or BEHIND the VIP. Is it? yes

 

 

snat automap makes either work. right?yes

Thank you nitass.. really appreciate your quick responses.I will configure and let you know how it went.