Forum Discussion
You said the internal virtuals servers all work fine outbound to the app layer. Does this mean they are listening on the internal interface? If thats the case then they would not be accessible from the external network. A topology diagram and tmsh list ltm virtual would be useful.
Still working on trying to figure out what is happening. I've attached a diagram showing a highlevel the subnets and the F5s along with a web server and application server. The External F5 -> Web Server -> App Server route is all good. I have defined a virtual server on the internal F5 which connects to the same app server (runs a simple jboss6 app on port 10080) and the virtual server/pool/member shows available (green) but I can't get through to the application from this internal F5. The ip address for the virtual server 10.0.6.224 is not accessible outside of the internal F5 (can only ping it on the server itself). Topology diagram:
The tmsh list ltm virtual output is here:
ltm virtual opal-instance1-vs {
description "Virtual server for Opal services on instance1"
destination 10.0.6.224:http
ip-protocol tcp
mask 255.255.255.255
pool opal_instance1-pool
profiles {
http { }
tcp { }
}
rules {
Pool_Status
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 3
}
`
The Pool_Status rule will fire if I issue curl [http://10.0.6.224/Pool_Status](http://10.0.6.224/Pool_Status) on the internal F5
`* About to connect() to 10.0.6.224 port 80 (0)
* Trying 10.0.6.224... connected
* Connected to 10.0.6.224 (10.0.6.224) port 80 (0)
> GET /pool_status HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/1.0.1l zlib/1.2.3 libidn/0.6.5
> Host: 10.0.6.224
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Content-Type: text/html
< Server: BigIP
* HTTP/1.0 connection set to keep alive!
< Connection: Keep-Alive
< Content-Length: 199
<
* Connection 0 to host 10.0.6.224 left intact
* Closing connection 0
BIGIP Pool Status - Wed Dec 07 09:32:07 GMT 2016 UP - /Common/opal_instance1-pool
And I can also get through to the application via the same route but from only on the internal F5 -
[root@ltm-int:Active:Standalone] config curl http://10.0.6.224/lab/v1/monitors {"serviceStatus":"up","networkStatus":"up","dbStatus":"up"} [root@ltm-int:Active:Standalone] config
But anywhere outside of this internal F5 itself - the 10.0.6.224 address is NOT accessible..
Does this more detailed information help?