Forum Discussion

Umesh_Shetty's avatar
Umesh_Shetty
Icon for Altostratus rankAltostratus
Jul 20, 2021

Virtual Server to maintain the same destination port to the backend

I have a requirement where have 4 backend server listening or port range 1603-1699 i.e. a total of 96 ports. The requirement is that the Virtual server should listen on the same ports and when the VS receives a request on any port for example port 1610 the request to any of the four pool members should be forwarded on the same port no, which mean the destination port should be maintained end to end

 

My assumption is that if I disable the option "Translate Port" under the VS setting it can be done.

 

Can anyone help me affirm this or if not possible provide an alternate solution ?

application delivery
BIG-IP
iRules
  • spalande's avatar
    spalande
    Jul 20, 2021

    - You can also keep port translation enabled if traffic destined on VIP port should be sent to same port on the pool member. This should work.

    - You would need VIP defined on any port. Configure iRule​ to only allow specific range and discard traffic for other ports.

    Please modify accordingly for start and end port range​

    when CLIENT_ACCEPTED {    
    if {([TCP::local_port] >= <start port>  && [TCP::local_port] <= <end port> ) } {
       return   )
    else reject
}

    ​- define pool with all 4 members and any port.

  • spalande's avatar
    spalande
    Icon for Nacreous rankNacreous
    Jul 20, 2021

    - You can also keep port translation enabled if traffic destined on VIP port should be sent to same port on the pool member. This should work.

    - You would need VIP defined on any port. Configure iRule​ to only allow specific range and discard traffic for other ports.

    Please modify accordingly for start and end port range​

    when CLIENT_ACCEPTED {    
    if {([TCP::local_port] >= <start port>  && [TCP::local_port] <= <end port> ) } {
       return   )
    else reject
}

    ​- define pool with all 4 members and any port.

    • Umesh_Shetty's avatar
      Umesh_Shetty
      Icon for Altostratus rankAltostratus
      Jul 20, 2021

      Sanjay ,

      Thanks for your response. The iRule is good to define the required port range for VIP.

      My question though is if we keep the translate port enabled how will it send traffic to the backend pool member on the same port ?​ I believe disabling prot translate will allow this behaviour

      • spalande's avatar
        spalande
        Icon for Nacreous rankNacreous
        Jul 20, 2021

        If pool member and VIP is listening on any port, F5 will by default send it to same port at the backend, irrespective of port translation settings. You can try it yourself.

  • Daniel_Wolf's avatar
    Daniel_Wolf
    Icon for MVP rankMVP
    Jul 20, 2021

    Additionally take a look at this article, it mentions two alternatives to using an iRule:

    https://devcentral.f5.com/s/articles/Three-Ways-to-Specify-Multiple-Ports-on-a-Virtual-Server