Forum Discussion
NimbostratusVS with another VS as Pool
Hello,
Just wanted to understand why a particular scenario I am testing is not working.
We have a F5 with a single Route Domain (0) and two VLANs (external and internal, self and float IPs for each). Routes are like this:
0.0.0.0/0 towards external network
RFC1918-NETs towards internal network
For some applications, we would like to do something like this:
VS-External -> Pool-External (VS-Internal member)
VS-Internal -> Pool-Internal (Backend server)
This is not working. When doing tcpdump, we see that after the client connection is accepted by VS-External, the internal self-IP is ARPing for the VS-Internal MAC Address.
First of all, is this supposed to work? If not, why (from a theorical point of view) ?
- Kevin_Stewart
Employee
So to be clear, your external pool member is a VIP address?
I've heard people say that they've gotten this to work in some BIG-IP versions, but technically it isn't intended to work, and it has to do with the internal ARP between the VIPs.
To get from one VIP to another, your best bet is to VIP target, which is a simple iRule command:
when CLIENT_ACCEPTED { virtual VS-Internal }Also, depending on your BIG-IP version, you can also do this in an LTM CPM policy by configuring the policy to forward traffic to a virtual server.
- Kevin_Stewart
I honestly don't recall the exact reason this doesn't work, but it had something to do with ARP. In any case, VIP targeting (using the 'virtual' command) is the recommended approach.
