cancel
Showing results for 
Search instead for 
Did you mean: 

LTM Policy to select pool based on TCP port is not working

Mahi
Cirrus
Cirrus

Hello Everyone,

 

We are trying to do a POC where there is one Virtual Server listening on port '0' (basically all ports) and we would want to select the pool based on the remote port number using LTM Policy, however, its is not working. Any help on this please.

 

For example

http://192.168.1.25:45000 select pool WebApp_Odessa

http://192.168.1.25:45005 select pool WebApp_Jasper

 

We did set up the policy as below.

 

TCP port is '45000' at client accepted time.

Forward traffic to pool '/Common/WebApp_Odessa' at client accepted time.

TCP port is '45005' at client accepted time.

Forward traffic to pool '/Common/WebApp_Jasper' at client accepted time.

14 REPLIES 14

Hello Mahi.

It's not necessary to configure a policy.

​You could configure 3 VS like this:

A.B.C.D:45000

A.B.C.D:45005

A.B.C.D:0

REF - https://support.f5.com/csp/article/K14800

KR,

Dario.

Regards,
Dario.

Thanks Dario, we tried that solution and its working.

 

For some reason, we need only one VIP and not use an iRule. Therefore, we decided to go via the policy route.

Hello Mahi.

 

Configure 3 VS is faster than configure a policy.

 

Anyway, I've tested in my lab and it's working fine using forward to pool (with "local - external" and automap)

ltm policy Policy_Test { controls { forwarding } last-modified 2020-04-02:09:07:31 requires { http tcp } rules { redirect { actions { 0 { forward select pool P-WEB_80 snat automap } } conditions { 0 { tcp port local values { 80 } } } } } status published strategy first-match }

KR,

Dario.

 

 

 

 

Regards,
Dario.

Dario;

 

I checked the configuration and its exactly the same with difference of 'snat automap' and 'local' being not there. I guess the automap will be effective since its declared in the Virtual Server configuration.

 

I am seeing a 'Reset' packet from the virtual server with the reason 'No server selected' in the packet capture. Somehow the policy is not kicking in. Any thoughts?

Ok, local needs to be there. As you say, don’t worry about snat

options "local, external" are required. Automap (snat) depends of your topology.

Regards,
Dario.

PeteWhite
F5 Employee
F5 Employee

The policy which Dario has posted above is what you want. If you can let us know in more detail what exactly is not working then that would help. For debugging purposes, I would add a log statement to show that you are hitting the ltm policy, maybe it is something else in the setup which is not working.

Hello Pete,

 

The solution of different virtual servers is what we tried and it worked. The design team want to reduce the number of virtual servers and use policies for some reason.

I am seeing a 'Reset' packet from the virtual server with the reason 'No server selected' in the packet capture. Somehow the policy is not kicking in. Any thoughts?

 

Hi Mahi, Can you either post your LTM policy here, or compare it to the example shown above.

ltm policy _WebApp_port_based_pool_selection { controls { forwarding } description "Pool selection based on destination port for WebApp only" last-modified 2020-04-02:08:28:15 requires { http tcp } rules { odessa.company.pvt { actions { 0 { forward select pool WebApp_odessa.company.pvt } } conditions { 0 { tcp port values { 40000 } } ordinal 2 } jasper.company.pvt { actions { 0 { forward select pool WebApp_jasper.company.pvt } } conditions { 0 { tcp port values { 40005 } } } } xyz.com { actions { 0 { forward select pool AzureWebApp_xyz } } conditions { 0 { tcp port values { 55000 } } } ordinal 1 } } status published strategy all-match } (END)

 

I can see the problem – you are checking on the remote port, not the local port. In the rule, click the Options gear icon on the right and change it to local. Hit Done. Test it. Buy me a beer [cid:image001.jpg@01D60912.F1827B90]

Another one here 🙂

Regards,
Dario.

Guess what, that fixed the problem. 🙂

 

I was under assumption as remote port = destination port.

 

Surely buy you a beer when this lockdown thing is over. Thank you so much for the help.

You’re very welcome. Tell you what – buy me a beer and have it yourself 😊