Forum Discussion

YogiG_174329's avatar
YogiG_174329
Icon for Nimbostratus rankNimbostratus
Oct 17, 2014

LTM doesn't forward http requests to pool members

I wanted to try out BIG-IP LTM and set it up on Amazon AWS. I followed the video and my configuration is identical to the video instructions except for subnet IDs, EIP and such. I created an instance running apache with a simple index.html and it is addressed 10.0.2.93 which is the same subnet as my internal VLAN SelfIP (10.0.2.254). I added 10.0.2.93 in a pool. If I enable health check in pool, it shows green. If I go into the apache instance and do a tcpdump, I can see the health check traffic coming in. I can do wget to the apache from the NAT instance. But when I type the EIP associated to 10.0.1.100, I'm not getting the index.html page. What could I have done wrong?

 

Video link that I followed. https://devcentral.f5.com/videos/deploying-a-big-ip-virtual-edition-ha-pair-in-aws

 

APM
application delivery
availability
cloud
deployment
LTM
security

3 Replies

Sort By
  • PeteWhite's avatar
    PeteWhite
    Icon for Employee rankEmployee
    Oct 17, 2014

    Normally this sort of thing is just a simple VLAN error or something.

     

    First thing to do is to check whether the traffic is getting to the external interface - do a simple tcpdump from the bash shell "tcpdump -i 0.0 host 10.0.1.100". When you open the page in the browser you should see the packets arriving. If not, troubleshoot that side.

     

    If the packets are getting to the LTM and being sent to the server then it's probably backend routing - turn on SNAT automap and see if that fixes it. If so, set the LTM as the default gateway of the server.

     

  • YogiG_174329's avatar
    YogiG_174329
    Icon for Nimbostratus rankNimbostratus
    Oct 17, 2014

    Thank you, Pete. I got it working. I did tcpdump and I could see the traffic flowing in from the browser. Then I did SNAT Automap and it works. But is this the normal behaviour? Where did I go wrong? I'm also trying to find out how to set LTM as the default gw and I'm reading up on SNAT.

     

  • PeteWhite's avatar
    PeteWhite
    Icon for Employee rankEmployee
    Oct 17, 2014

    The issue is that the traffic is being forwarded to the backend server by the LTM without changing the source IP address and the backend server doesn't know that it needs to send the packets back to the LTM. There are two ways around this - set the default gateway on the server ( route add default gw on *NIX) or tell the LTM to change the source address to be the address of the LTM ( SNAT automap).