cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

One ARM mode with pool members in different VLAN

anshubathla
Altostratus
Altostratus

Hi Team,

 

I have one Virtual Server and 2 Pool members configured in the same VLAN (One arm mode) .

I am using SNAT Pool of two IP's from the same subnet . This setup was working perfectly fine.

 

But as soon as I have added two more pool members which are in different VLAN in the same Pool list , I have started seeing the issues . These two pool members was not responding to F5. Upon further analysis I have found that F5 SNAT IP is sending the SYN packet from SNAT IP and on server I have seen it is receiving the SYNC packet and responds with SYN-ACK but in respond F5 is sending RESET to the server.

 

The only difference is that non-working pool members belongs to a different VLAN but the working pool members and VS IP belongs to same Vlan.

 

Routes- we are not having any routing configured , below are the subnets learnt after configured the self IP's

192.168.10.0   0.0.0.0        255.255.255.0  U    0     0       0 vlan_100

192.168.20.0   0.0.0.0        255.255.255.0  U    0     0       0 vlan_101

 

VS IP 192.168.10.30

SNAT Pool IP's. 192.168.10.9 and 192.168.10.10

Pool Members1 192.168.10.101 - working

Pool Members2 192.168.10.102- working

Pool Members3 192.168.20.201 - non working

Pool Members4 192.168.20.201- non working

 

We can telnet from F5 on application port from working and non -working pool member. Could you please advise what could be the issue ?

 

Thanks

 

 

 

1 ACCEPTED SOLUTION

Hi,

 

  • Did you tried to telnet non-working pool member from F5 self IP as source ? If not, you can try it once using -

 

telnet -b Self-IP Dest-IP Port
  • If you have specific Route Domains, first change the route domain then telnet or try to reach pool member from there.

 

To change the route domain use command rdsh

 

  • If telnet is failing in any of the above cases, you can check by adding route for the pool member host on F5 towards the gateway/IP where its L3 is configured.

View solution in original post

5 REPLIES 5

Hi,

 

  • Did you tried to telnet non-working pool member from F5 self IP as source ? If not, you can try it once using -

 

telnet -b Self-IP Dest-IP Port
  • If you have specific Route Domains, first change the route domain then telnet or try to reach pool member from there.

 

To change the route domain use command rdsh

 

  • If telnet is failing in any of the above cases, you can check by adding route for the pool member host on F5 towards the gateway/IP where its L3 is configured.

We are able to telnet the working and non working pool members from F5.

do you think we need to change any other thing when we are using One ARM mode with VS and pool member in different VLAN while using SNAT.

  Sorry , we have tried tried telnet directly without taking the Self IP and it was working

But when we tried with the command provided by you it is shows connection refused .

 

Regarding the route addition , could you please explain a bit more as we have self IP's configured for both working and non working pool member , so F5 should have route to reach both vlans then why their is a requirement of adding aa route ?

 

Even I have tried adding route for 192.168.20.201 next hop 192.168.20.1 ( gateway configured on switch) but still telnet is not working. Its looks like a communication issue between the two vlans. Could you please advise further.

 

 

anshubathla
Altostratus
Altostratus

It works after adding route for pool member 192.168.20.201 with next hop 192.168.10.1 (gateway IP belongs to VLAN in which I have configured the VS.

Thanks   for the help