I have one Virtual Server and 2 Pool members configured in the same VLAN (One arm mode) .
I am using SNAT Pool of two IP's from the same subnet . This setup was working perfectly fine.
But as soon as I have added two more pool members which are in different VLAN in the same Pool list , I have started seeing the issues . These two pool members was not responding to F5. Upon further analysis I have found that F5 SNAT IP is sending the SYN packet from SNAT IP and on server I have seen it is receiving the SYNC packet and responds with SYN-ACK but in respond F5 is sending RESET to the server.
The only difference is that non-working pool members belongs to a different VLAN but the working pool members and VS IP belongs to same Vlan.
Routes- we are not having any routing configured , below are the subnets learnt after configured the self IP's
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan_100
192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan_101
VS IP 192.168.10.30
SNAT Pool IP's. 192.168.10.9 and 192.168.10.10
Pool Members1 192.168.10.101 - working
Pool Members2 192.168.10.102- working
Pool Members3 192.168.20.201 - non working
Pool Members4 192.168.20.201- non working
We can telnet from F5 on application port from working and non -working pool member. Could you please advise what could be the issue ?
18-Jan-202120:22 - last edited on 05-Jun-202323:04 by JimmyPackets
Hi,
Did you tried to telnet non-working pool member from F5 self IP as source ? If not, you can try it once using -
telnet -b Self-IP Dest-IP Port
If you have specific Route Domains, first change the route domain then telnet or try to reach pool member from there.
To change the route domain use command rdsh
If telnet is failing in any of the above cases, you can check by adding route for the pool member host on F5 towards the gateway/IP where its L3 is configured.
18-Jan-202120:22 - last edited on 05-Jun-202323:04 by JimmyPackets
Hi,
Did you tried to telnet non-working pool member from F5 self IP as source ? If not, you can try it once using -
telnet -b Self-IP Dest-IP Port
If you have specific Route Domains, first change the route domain then telnet or try to reach pool member from there.
To change the route domain use command rdsh
If telnet is failing in any of the above cases, you can check by adding route for the pool member host on F5 towards the gateway/IP where its L3 is configured.
18-Jan-202123:58 - last edited on 24-Mar-202201:20 by li-migration
Sorry , we have tried tried telnet directly without taking the Self IP and it was working
But when we tried with the command provided by you it is shows connection refused .
Regarding the route addition , could you please explain a bit more as we have self IP's configured for both working and non working pool member , so F5 should have route to reach both vlans then why their is a requirement of adding aa route ?
Even I have tried adding route for 192.168.20.201 next hop 192.168.20.1 ( gateway configured on switch) but still telnet is not working. Its looks like a communication issue between the two vlans. Could you please advise further.
