Forum Discussion
Sasi_81631
Nimbostratus
NimbostratusVirtual Server configuration
We own a 10.2.2 build installed on 1600 box(ltm licensed/provisioned) and facing an issue with configuring the
virtual-server's port in ltm.
Sample config is given below:
) list ltm virtual vip1
ltm virtual vip1 {
destination 172.10.13.45:13000
ip-protocol tcp
mask 255.255.255.255
pool Linux
profiles {
http { }
tcp { }
}
snat automap
}
) list ltm pool Linux
ltm pool Linux {
members {
172.18.78.60:13080 {
session monitor-enabled
}
172.18.78.60:13081 {
session monitor-enabled
}
172.18.79.51:13083 {
session monitor-enabled
}
}
monitor gateway_icmp
}
And, self-ip, vlan everything is configured with default values of 10.2.2. And, pool members are pingable from bigip. Client
also reachable to vip1 and physical servers.
An SOAP server-application is running in these three servers(172.18.x.x) in the given ports. When I try accessing these
servers seperatly using our SOAP-client application its working fine. (Note: The SOAP application is developed by us).
However, when I configure a vip server(vip1) to load balance between these servers, it fail to respond and reply a service
error saying "Server not running"(an error message sent by our application).
Up to my understanding, we can use any port in vip, irrespective of the actual server-ports. And, there is no firewall
between bigip and actual-servers.
We use our own SOAP client to access the Server-application. Through browser, we use our WEB-INF file via apache server to
access.
Can anyone help in configuring the port range of 13000-130080, instead of actual ports. Since this is an urgent requirement,
can someone suggest what is wrong here.
Sasi_81631The vip1 is replying when I use a port 13081 instead of 13000.
hooleylistCirrostratus
Do you have a virtual server defined on port 13081? Or is it matching a wildcard port virtual server? If the VS is defined on port 13000 your requests on port 13081 shouldn't be using this VS.
To handle a range of 80 ports, you can change the virtual server to listen on port 0 (any port) and then use an iRule to block all other ports. Do you want to have LTM perform destination port translation? Or do you want LTM to just pass through the port of 13000 to the pool member on 13000 and 13001 to the pool member on 13001? If the former, what's the logic for doing the port translation?
Here's an example of the iRule to only allow connections through on ports 13000 - 13080:when CLIENT_ACCEPTED { if {[TCP::local_port] >= 13000 and [TCP::local_port] <= 13080}{ Do nothing and allow the connection through to the pool } else { Reset the connection reject } }
Aaron