vip targeting vip
3 TopicsVIP targeting VIP, preserve src and dst IP
Hi, I tried everything and nothing worked :-(. I am running out of ideas, so either I am doing something wrong or what I need is not possible. Idea is to have setup like that: client -> explicit forward proxy type VS -> ForwardIP type VS -> target server I tried plenty of combinations to pass traffic from forward proxy VS to ForwardIP VS but all failed - virtual, nexthop with snat none, translate addr disable etc. I need to pass traffic after forward proxy VS resolves destination server from proxy request to ForwardIP server. This is my idea to be able to use AFM rules to enforce limitation os src IP:port, dst IP:port (L4 rules). I know that it's possible to use APM ACLs but this is not very elegant and admin friendly solution :-( Everything is failing when I try to pass traffic to ForwardIP VS. When virtual command is used dst IP is changed to ForwardIP VS or (when wildcard VS is used) to nothing. But at least traffic is reaching ForwardIP VS. When nexthop is used traffic is never reaching ForwardIP VS. When nexthop with tunnel specified (tcp forward type on which ForwardIP VS is enabled) immediately I have port exhaustion message in LTM log. Is there any way to achieve what I need or it's plain impossible? Piotr499Views0likes3CommentsUnable to target another VIP or Pool
below is my setup virtual server: myapp1_443 Service Port: 443 SSL profile: myapp_sslprofile Pool: myapp1_pool_80 members: pool1member1 port 80 pool1member2 port 80 application is hosted on port 80 & 443 as well. certificate used in myapp_sslprofile is bound to website. in this case SSL offloading is working as expected and i am able to access https://myapp1 however requirement is to check if health of myapp1_pool_80 goes down requests should be served by myapp1_pool_443 i have created one more pool myapp1_pool_443 members: pool1member1 port 443 pool1member2 port 443 and attached irule to my virtual server as below. when LB_FAILED { pool myApp1_pool_443 } even tried below when HTTP_Request { if{ [string tolower [LB::status pool myapp1_pool_80]] eq "down" } { pool myapp1_pool_443 } } but none of these working and page is going nowhere but keeps on searching. as an alternate i tried to create new virtual server without and SSL profile and default pool as myapp1_pool_443 tried to redirect request to target this Virtual server but it's not working either. can someone please guide.431Views0likes5CommentsVIP targeting VIP, preserve src and dst IP
Hi, I tried everything and nothing worked :-(. I am running out of ideas, so either I am doing something wrong or what I need is not possible. Idea is to have setup like that: client -> explicit forward proxy type VS -> ForwardIP type VS -> target server I tried plenty of combinations to pass traffic from forward proxy VS to ForwardIP VS but all failed - virtual, nexthop with snat none, translate addr disable etc. I need to pass traffic after forward proxy VS resolves destination server from proxy request to ForwardIP server. This is my idea to be able to use AFM rules to enforce limitation os src IP:port, dst IP:port (L4 rules). I know that it's possible to use APM ACLs but this is not very elegant and admin friendly solution :-( Everything is failing when I try to pass traffic to ForwardIP VS. When virtual command is used dst IP is changed to ForwardIP VS or (when wildcard VS is used) to nothing. But at least traffic is reaching ForwardIP VS. When nexthop is used traffic is never reaching ForwardIP VS. When nexthop with tunnel specified (tcp forward type on which ForwardIP VS is enabled) immediately I have port exhaustion message in LTM log. Is there any way to achieve what I need or it's plain impossible? Piotr215Views0likes0Comments