Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Virtual Server to maintain the same destination port to the backend

Go to solution
Umesh_Shetty
Altostratus
Altostratus

‎20-Jul-2021 04:07

I have a requirement where have 4 backend server listening or port range 1603-1699 i.e. a total of 96 ports. The requirement is that the Virtual server should listen on the same ports and when the VS receives a request on any port for example port 1610 the request to any of the four pool members should be forwarded on the same port no, which mean the destination port should be maintained end to end

 

My assumption is that if I disable the option "Translate Port" under the VS setting it can be done.

 

Can anyone help me affirm this or if not possible provide an alternate solution ?

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
SanjayP
MVP
MVP

‎20-Jul-2021 10:48 - last edited on ‎04-Jun-2023 19:22 by Fog

- You can also keep port translation enabled if traffic destined on VIP port should be sent to same port on the pool member. This should work.

- You would need VIP defined on any port. Configure iRule​ to only allow specific range and discard traffic for other ports.

Please modify accordingly for start and end port range​

when CLIENT_ACCEPTED {    
    if {([TCP::local_port] >= <start port>  && [TCP::local_port] <= <end port> ) } {
       return   )
    else reject
}

​- define pool with all 4 members and any port.

View solution in original post

6 REPLIES 6

Go to solution
SanjayP
MVP
MVP

‎20-Jul-2021 10:48 - last edited on ‎04-Jun-2023 19:22 by Fog

- You can also keep port translation enabled if traffic destined on VIP port should be sent to same port on the pool member. This should work.

- You would need VIP defined on any port. Configure iRule​ to only allow specific range and discard traffic for other ports.

Please modify accordingly for start and end port range​

when CLIENT_ACCEPTED {    
    if {([TCP::local_port] >= <start port>  && [TCP::local_port] <= <end port> ) } {
       return   )
    else reject
}

​- define pool with all 4 members and any port.

Go to solution
Umesh_Shetty
Altostratus
Altostratus
In response to SanjayP

‎20-Jul-2021 11:05

Sanjay ,

Thanks for your response. The iRule is good to define the required port range for VIP.

My question though is if we keep the translate port enabled how will it send traffic to the backend pool member on the same port ?​ I believe disabling prot translate will allow this behaviour

0 Kudos

Go to solution
SanjayP
MVP
MVP
In response to Umesh_Shetty

‎20-Jul-2021 12:00

If pool member and VIP is listening on any port, F5 will by default send it to same port at the backend, irrespective of port translation settings. You can try it yourself.

Go to solution
Umesh_Shetty
Altostratus
Altostratus
In response to Umesh_Shetty

‎20-Jul-2021 22:49

Sanjay, many thanks for your response and help in this. I will test it in a couple of days and share the results

0 Kudos

Go to solution
Daniel_Wolf
MVP
MVP

‎20-Jul-2021 12:26

Additionally take a look at this article, it mentions two alternatives to using an iRule:

https://devcentral.f5.com/s/articles/Three-Ways-to-Specify-Multiple-Ports-on-a-Virtual-Server

 

Go to solution
Umesh_Shetty
Altostratus
Altostratus
In response to Daniel_Wolf

‎20-Jul-2021 22:48

Daniel thanks for your response

0 Kudos
Copyright © 2023 Khoros, LLC