cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Load Balance to FQDN Not Working

jonathanw84
Cirrus
Cirrus

Hi All,

 

I have an environment that is set up on my F5 using a combination of Rewrite Profiles and iRules to achieve a reverse proxy setup. This works well.

 

I have a request to add an additional rewrite mapping but this time they want it to load balance to a FQDN in the cloud. The F5 is set up for DNS and I can add an FQDN pool which populates the ephemeral nodes, but these show down and I can never get them to come up despite DNS resolving them correctly.

 

I have the URL rule added to the existing rewrite profile (client: /api/search/ server: /search/ and then an iRule that states:

 

  elseif { [string tolower [HTTP::uri]] starts_with "/api/search" } {

    pool ProxyPass_Pool_4

 

But I can't get the FQDN pool to function.

 

What am I missing?

 

Thanks!

3 REPLIES 3

SanjayP
MVP
MVP

There could be many factors here. You can follow below troubleshooting steps.

- Check if firewall is open from F5 to the FQDN node port. Try with telnet comand from F5.

- Check routing is there on F5 and it's not using the mgmt route to reach. tmm route should be present on F5 to reach the FQDN.

- Check the health monitor if any custom http/https monitor configured. Try using tcp for troubleshooting.

- If F5 can connect on fqdn port. Check if node is up or down. disable ICMP monitoring at the node level.

- if FQDN node is in a non default route domain then there is no support for FQDN node currently. But there is a work around to it as per below

https://devcentral.f5.com/s/articles/FQDN-nodes-in-non-default-route-domains?page=1

Hi Sanjay,

 

The firewall is definitely open. I can see the traffic going out to the FQDN node port. I've tried every monitor I can and they still revert back to marking it down. We are using the default route domain.

take tcpdump. if you are seeing packets are egressing out from your network and seeing RST coming from the other end. you would need to check with the FQDN hosting team.