backend clients communicating to other pools via external virtual servers

Question

Hi There&nbsp;
&nbsp;First post so hope I'm posting this in the right section.
&nbsp;We have 2x F5 Big-IP LTM 11.1 VE's in HA, with 3 subnets/vlans as follows:&nbsp;
&nbsp;    1.1.1.0/26
&nbsp;  [public tier]
&nbsp;       |
&nbsp;       |
&nbsp; [ F5 Big-IP LTM 11.1 ]
&nbsp;   |                                  | 
&nbsp;   |                              |
&nbsp;   |                              |
&nbsp;[Web Tier]              [App Tier]
&nbsp;172.16.1.0/24      172.16.2.0/24&nbsp;
&nbsp;Each tier has a Self IP for each F5 and a Floating SelfIP.
&nbsp;Standard Virtual Servers are enabled on the public tier and direct client traffic to server pools in the web tier,  and Standard virtual servers are enabled on the Web Tier that direct traffic from clients in the web tier to server pools in the app tier.&nbsp;
&nbsp;What i want to be able to do is have clients in the web tier talk to existing virtual servers enabled on the public tier and therefor talk to another different load balanced pool of servers in the same web tier. And the same for the app tier, ie have clients in this tier talk to the standard virtual servers enabled on the web tier and be load balanced to a different
&nbsp;pool in the app tier. All communications would just be HTTP/S Traffic.&nbsp;
&nbsp;I have created an intelligent SNAT iRule and enabled it on the virtual servers i want this to happen on. And i have created a wildcard forwarding virtual server.&nbsp;
&nbsp;I can't however get this to work. What i do see when running a tcpdump on the Active F5 is the intial SYN packet going out, and the F5's self IP, arp requesting for the virtual server..&nbsp;&nbsp;17:27:54.286884 IP 172.16.1.111.49766 &gt; 1.1.1.12.https: S 733502483:733502483(0) win 8192 &nbsp;&nbsp;17:27:54.286975 arp who-has 1.1.1.12 tell 1.1.1.1&nbsp;
&nbsp;Where: 
&nbsp;172.16.1.111 is the requesting web tier client, 
&nbsp;1.1.1.12 is the standard virtual server ip address on public tier
&nbsp;1.1.1.1 is the self ip for the active F5 on the public tier.&nbsp;
&nbsp;SNAT iRule is this one i found here:
&nbsp;https://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/2379/showtab/groupforums/Default.aspx&nbsp;
&nbsp;when LB_SELECTED {  
&nbsp;  if {[IP::addr "[IP::client_addr]/24" equals "[LB::server addr]/24"]} {  
&nbsp;  snat automap 
&nbsp;  log local0. "snat automap"&nbsp;  }}&nbsp;&nbsp;&nbsp;I'm hoping somebody can assist or point me in the right direction. Am i doing something wrong or what have i missed?&nbsp;

hooleylist · Answer

Hi Steven, 
&nbsp;  
&nbsp; Do you have the public 1.1.1.12 VS enabled on the web tier VLAN as well as the public VLAN? 
&nbsp;  
&nbsp; Aaron

steven_111985 · Answer

Hi Aaron&nbsp;
Aaha, that's done it, no I did not originally. It was only enabled on the vlan it was supposed to be for.&nbsp;
Thanks very much.&nbsp;

&nbsp;
&nbsp;
-Steven&nbsp;

Forum Discussion

backend clients communicating to other pools via external virtual servers

2 Replies

Recent Discussions

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

DevCentral Community Guidelines

DevCentral Community Ranking Explained

Community Highlights, Week 48 '23

Community Highlights, Week 15 '23

Community Learning Path: Multi-Cloud Networking