cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Unable to access server Pool via Virtual Server IP

Sunil_Kumar
Altostratus
Altostratus

Hi, I have setup a new F5 LTM lab into Vmware workstation 11 to test some scenario and here is my setup details. MGMT_10.1.0.100 (host only), Internal_10.2.0.100 (host only) and External_192.168.1.100 (Bridge with host machine). There are 3 web servers has been setup in Internal A_10.2.0.10, B_10.2.0.20 and C_10.2.0.30. All 3 servers are part of same Pool which is configured for round robin method. I have also setup a Virtual server address 192.168.1.101 and add the above mention server Pool for Port 80. And my host machine IP is 192.168.1.50. I am trying to access Virtual server IP address from my host machine via web browser but web page is not loading while telnet over port 80 to Virtual server IP is working and Pool member stats are also showing the hit. While if directly hit the web servers IP from host machine all 3 web servers opening the web page.

 

Can anyone suggest where I am wrong or this is any limitation with VMware workstation?

8 REPLIES 8

As you are able to telnet VS on port 80 and also you are seeing hits on backend pool members, so just check http profile and SNAT configuration settings.

 

Mayur

Hi Mayur, this is very initial level setup as I am a beginner. As I can check in VS there is no http profile has been setup yet. Regarding SNAT from the machine I am accessing the VS IP is in the same subnet as VS. So I don't thing NAT will require until and unless F5 has special requirement. But I seen this setup in CBT Nugget F5 LTM training video there trainer did not configure any http profile and SNAT and his setup was working. Just to configure this whole is setup in VMware workstation which is installed in my host machine.

What's gateway set on web servers ? Are you using those same web servers (red, blue, green)  which are shown in video?

 

Mayur

Yes I am using the same web servers (red, blue, green) which are shown in video. And as I can check default gateway on servers is 10.2.0.155 and this address not configure anywhere yet.

Once set VS SNAT setting to auto-map and then check if you are able to browse web page.

 

Mayur

Hi Mayur, I yet not have any knowledge about F5 SNAT but I change the gateway of web servers as F5 Internal Interface IP which fix the issue. And now I am able to access all 3 web servers via browsers as well from my external network. Thanks for your help and stay safe.

I was also suspecting asymmetric routing issue here. This happens when Web server gateway is not set to F5 and SNAT is disabled.

So was asking you to enable SNAT. I also missed to add one line in my earlier response that either enable SNAT or set gateway of webserver to F5.

​In your earlier configuration, VS was sending traffic to backend webserver. But while sending response to that request, webserver was sending it to it's gateway which was not F5. So this was causing asymmetric routing issue and you were not able to browse webpage.

As said, normally such issues can be fixed​ by enabling SNAT or setting web server gateway to F5. And u already fixed your issue using 2nd option.

With SNAT enabled state, while sending client's request to backend pool members, F5 translates client IP address with its self IP address (for auto map). So webserver will receive request coming from F5 IP itself. So response coming from webserver comes through F5 and request gets completed.

This is how SNAT works.

I hope, you get some clarity about SNAT now.

Stay Safe, Stay Healthy!

Mayur​

Yes, now i get more clarity on the SNAT concept. To be very honest I was also expecting that this could be related to gateway but as I was able to ping and telnet so I did not change it and prefer to ask this question from community members. Anyway thanks alot bro for such a useful explanation.