VS Issue

Thanks for the expansion..Hamish. But in light of what you said, i ve another question. We have the below Virtual..this has NO vlans enabled...which means...the virtual is enabled for ALL VLANs.

 

 

Does it mean...that this virtual will listen traffic from ANY IP or ANY vlan on the F5 where this Virtual is hosted.

 

 

virtual 443_vs

 

destination:203.23.35.23:https

 

ip protocol tcp

 

rules standard_rule

 

profiles

 

clientssl

 

clientside

 

 

http_profile

 

tcp_profile

 

 

actually, there is a URL which is mapped to the VIP.

 

 

The URL is to be accessed by source IPs - 10.10.10.11 & 12..which are getting SNATed to 203.23.35.40..but the URL is not accessible.

 

 

Request you to please explain again in an expanded way..involving TMM...thnx

 

'ANY VLAN' means that it doesn't matter which interface on the bigip the inbound packets come from.

 

 

So if the connection from client to VS completes. What happens with the connection form BigIP to pool member? Is the route back from the pool member to the client via the BigIP? And do the inbound packets form the pool member to the 'client ip' return on the SAME interface that the bigip SENT the packets to the pool member?

 

 

H

 

yes, thee is route back from pool member to the client via BigIP..as the gwy of the pool member is BigIP.

 

 

[ And do the inbound packets form the pool member to the 'client ip' return on the SAME interface that the bigip SENT the packets to the pool member? ]------------ How do i check this?

 

 

Do we need to enable the vlan on the Virtual on which the SNAT IP belongs..because....the incoming pkt to VIP..would be sourced with SNAT IP ..right?

tcpdump is your friend here. Specifying interface 0.0 you can dump traffic on all interfaces. Drop down to one pool member (Disable the rat) to make debugging simpler), and do something like (Assuming no SNAT, I don't see it in your description at the top)

 

 

 

tcpdump -i 0.0 -nn -p -e "(host and host and port ) or (host and host and port )"

 

 

 

Where

 

clientIP == the IP address of the client

 

vsip == virtual server IP address

 

vsport == virtual server port

 

poolmemberip == IP address of the pool member still up

 

poolmemberpool == port number of the pool member still up

 

 

The -e flag will show you the TAG of the inbound clan. So you'll be able to make sure that the packets back from the poolmember are coming back in the same VLAN as the BigIP sent them out.

 

 

H

Hamish,

 

 

SNAT is enabled and is defined as part of the iRule, rules standard_rule.

 

 

The URL mapped to the VIP cannot be accessed if the source is in the same range as the VIP,203.23.35.x...which is VLAN 10.

 

 

Do we need to enabled VLAN 10 on the Virtual?

 

 

Also,

 

 

Issue with virtual server, virtual VS1, is resolved...by changing the gwy of pool members to BigIP.

 

 

Issue with virtual server, virtual VS2, still persists.

 

 

src is able to telnet to VS2 VIP on 443 and response is listening.

 

 

However, when accessing the same VS2 VIP from same src via sql server studio, it is failing...and

 

 

tcpdump for virtual VS2 from src 10.10.214.10 is as below,

 

 

14:55:25.626243 802.1Q vlan21 P0 10.10.214.10.49448 > 172.20.20.10.1433: S 2503976789:2503976789(0) win 8192 (DF)

 

14:55:25.626541 802.1Q vlan21 P0 10.10.214.10.49448 > 172.20.20.10.1433: . ack 2045621418 win 256 (DF)

 

14:55:25.626553 802.1Q vlan21 P0 10.10.214.10.49448 > 172.20.20.30.1433: S 2296223818:2296223818(0) win 4380 (DF)

 

14:55:25.627153 802.1Q vlan21 P0 10.10.214.10.137 > 172.20.20.10.137: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST

 

14:55:27.126335 802.1Q vlan21 P0 10.10.214.10.137 > 172.20.20.10.137: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST (DF)

 

 

it seems client 10.10.214.10 is hitting VIP 172.20.20.10 but no reply coming from pool member 172.20.20.30.

 

 

any ideas..to fix would be great.

 

 

genseek

 

 

 

 

hamish,

 

 

any updates....

 

 

any updates....

Can you please paste the output of the following commands?

 

 

tmsh list ltm virtual

 

tmsh list ltm pool

 

tmsh list ltm rule standard_rule

 

 

This should help us to understand the entire configuration of this Virtual Server, and to assist you further.

 

 

Thanks,

 

Eric

Commands didn't paste properly. Replace with the virtual you are having an issues with, replace with the pool you're having an issue with.

tmsh list ltm virtual 
tmsh list ltm pool 
tmsh list ltm rul standard_rule