Forum Discussion

Andy_Kearton_48's avatar
Andy_Kearton_48
Icon for Nimbostratus rankNimbostratus
Jan 07, 2013

Referencing a VIP as a pool member

I’m having problems getting a VIP to reference another VIP on the same F5. I’m using auto-map SNAT which appears to be working correctly (by looking at TCP dump). I’ve now discovered that it is sending the traffic destined to the VIP to the firewall which is dropping it.

 

My setup is as follows

 

VIP of http service: 172.29.50.30

 

LB self IP: 172.29.48.248

 

LB float IP: 172.29.48.250

 

Pool member having issues: 172.29.50.3

 

The VIPs in the 172.29.50.0/24 range don’t make it into the F5’s routing table, so when 172.29.50.30 tries to call 172.29.50.3, it does the SNAT and the source become 172.29.48.250, but follows the default route (the firewall) rather than talking to “itself”. If I try to add a route for 172.29.50.0/24 via 172.29.48.248 or .250 it says I can’t use a self-IP. Any ideas? Can I somehow declare the 172.29.50.0/24 range to the F5 so it knows it owns it?

 

I'm running 11.2

 

 

Thanks!

 

Andy

 

config
design

3 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 07, 2013
    not sure if i understand your question correctly. isn't "virtual" irule command usable?

     

     

    virtual Wiki

     

    https://devcentral.f5.com/wiki/iRules.virtual.ashx
  • Andy_Kearton_48's avatar
    Andy_Kearton_48
    Icon for Nimbostratus rankNimbostratus
    Jan 07, 2013

    Thanks for the response, I'll try and explain better.

     

    What I'm trying to achieve is returning a "Sorry Page" from the F5 itself, by using priority activation, but without the use of irules (with the exception of the irule that serves up the sorry page).

     

    So 172.29.50.3 is the HTTP VIP with a basic "Sorry Page" irule.

     

    172.29.50.30 is the HTTP VIP for the application which uses the pool app_pool

     

    app_pool has 2 application servers in it, 192.168.1.1 and 192.168.1.2. It also has a 3rd server 172.29.50.3 (the sorry page), which is only activated when the other two are down. However the content at 172.29.50.3 is not being served for the reasons given in my original post.

     

    Currently I'm doing this with an irule on the application VIP that checks to see if any LB members are available, if not, it serves up a sorry page. However I don't want the application VIP to have to process an irule each time to establish if it should serve up a sorry page or not, the priority activation option looks more elegant to me (if I can get it working!)

     

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 09, 2013

    i do not think priority group is a good candidate for sorry page because after higher priority group member comes back up, existing connection will still be served by sorry page server (3rd server).