cancel
Showing results for 
Search instead for 
Did you mean: 

Load-Balancing Client IP and VIP on same subnet- Doesnt work

habib_Khan
Nimbostratus
Nimbostratus

My vip: 172.27.48.X using SNAT. SNAT is same as VIP IP address Client connecting is from 172.27.48.X Client and LB gateway is 172.27.48.1. From connection table i see below. From connection table i can see the connection is not sent to members. 172.27.48.204%63:53191 172.27.48.96%63:80 any6.any any6.any tcp 11 (slot/tmm: 1/3) none

 

All other connection are getting complete 10.20.128.116%63:59192 172.27.48.96%63:80 172.27.48.96%63:59192 172.27.53.198%63:80 tcp 5 (slot/tmm: 1/0) none

 

Did tcpdump and below is the capture. || cpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 96 bytes 09:13:42.346866 arp reply 172.27.48.96 is-at 00:23:e9:ab:86:0a f5 type 244 len 9 09:13:42.347094 IP 172.27.48.96.80 > 172.27.48.204.62531: S 3066905454:3066905454(0) ack 3572684708 win 4380 09:13:45.346634 IP 172.27.48.96.80 > 172.27.48.204.62531: S 3066905454:3066905454(0) ack 3572684708 win 4380 09:13:51.346867 IP 172.27.48.96.80 > 172.27.48.204.62531: S 3066905454:3066905454(0) ack 3572684708 win 4380 09:14:03.347670 IP 172.27.48.96.80 > 172.27.48.204.62531: S 3066905454:3066905454(0) ack 3572684708 win 4380 09:15:03.609881 arp reply 172.27.48.96 is-at 00:23:e9:ab:86:0a f5 type 244 len 9

 

Kindly let me know what might be causing the issue.

 

3 REPLIES 3

IainThomson85_1
Cumulonimbus
Cumulonimbus

Without knowing your exact setup, its difficult to comment.

 

Whats your reason for using SNAT ?

 

It would make logical sense that you would have The VIP on a different VLAN to the server side traffic.

 

srikanthknprm_2
Nimbostratus
Nimbostratus

Did you enable the feature SNAT Pool - "Automap" on the VIP?

 

Mike_Dayton_108
Nimbostratus
Nimbostratus

In a one arm configuration using automap can be tricky trying to troubleshoot flows. It maps all flows to the same SNAT address.

 

An alternate solution is to SNAT to the VIP address with an iRule. This helps you connect the dots when troubleshooting, because the SNAT'd server side traffic will originate from the same IP as the VIP.

 

when CLIENT_ACCEPTED { snat [IP::local_addr] }