We use lots of "one-arm configurations" around here, which have our
BIG-IP's and Radware devices just hanging off of a switch like any other
server.
We have learned that we need to enable SNAT on the virtual server to have
that all traffic is routed back out through the VIP. SNAT is an advanced
config option on the virtual server edit screen in the Web Interface.
Here is a basic configuration that you can use as a base for your set-up,
it should work (the IPs will need to be updated)
node 192.168.199.101 {
screen server1
}
node 192.168.199.102 {
screen server2
}
node 192.168.199.103 {
screen server3
}
pool web-app {
monitor all http
member 192.168.199.101:80
member 192.168.199.102:80
member 192.168.199.103:80
}
virtual web-app {
destination 192.168.199.100:80
snat automap
ip protocol tcp
profile http
pool web-app
}
Regards,
Vince
"Wesley North"
<wes.north@gmail.
com> To
Sent by: "Load Balancing Mailing List"
lb-l-bounces@vega <lb-l@vegan.net>
n.net cc
Subject
05/14/2007 12:52 Re: [load balancing] F5 Big-Ip Load
PM Balancer
Please respond to
Load Balancing
Mailing List
<lb-l@vegan.net>
So the SNAT would be set on the servers in the pool, it would be another IP
address on the same VLAN so that the servers when they initiate a request
(egress) they are sourced as a different IP address. Now in this scenario,
I am not 100% sure the SNAT will solve anything, and come to think of it,
you aren't dealing with VIP bounce back, because the clients are not on the
same VLAN correct?
I know this is somewhat silly to ask, but do you have any health checks
hitting the pool? If so, are the nodes up or down? The VIP will stop
responding to network traffic if the default pool, or whatever pool is
referenced, say in an iRule, are no longer available, whether they are
disabled or the health check (ECV) have stopped working. Check that
setting. Given that the VIP and servers are on the same VLAN, the last hop
pool and/or SNAT, may not solve anything, and probably won't since you
don't have a routing issue. What's going on, it appears, is that your VIP
is disabled because the members in the pool are not active.
Let me know what you find.
-Wes
On 5/14/07, Andrew Espinosa <andrew.espinosa@propertyinfo.com> wrote:
Thank you for your reply. You are correct in that I do have the VIP and
the servers to be load balanced on the same subnet. Could you give me
some direction on creating the SNAT or last hop pool? I'm very new to
configuring load balancers or at least the F5 one. I do see the option
for last hop pool on the virtual server and the options it gives me is
the name of my pool. On the SNAT I wasn't sure what IP information I
should enter as well.
We have only a single F5.
I can't telnet to the virtual IP but I'm able to reach the self-ip. When
I run ARP from the console window the only entries I show are for my
servers. I'll dig a little deeper on the switch to see if I can find
anything there. I was able to ping the virtual server IP at one time but
I deleted it and recreate it with a new name and ever since I've been
unable to ping it.
Thanks again for your reply.
Andrew Espinosa, MCSE / MCSA
Systems Engineer
From: lb-l-bounces@vegan.net [mailto:lb-l-bounces@vegan.net] On Behalf Of
Wesley North
Sent: May 11, 2007 7:17 PM
To: Load Balancing Mailing List
Subject: Re: [load balancing] F5 Big-Ip Load Balancer
First off it sounds like you are dealing with a VIP bounce back scenario,
where both the servers and VIP reside on the same network. You should
look at putting a SNAT on the servers, or possibly setting up a last hop
pool on the VIP. This way the traffic flow will be correct and you won't
have any routing loops. Can you access the port of the VIP ( e.g. telnet
to the socket)?
What is odd is that you can't ping the VIP but can ping the self-ip, do
you have 2 bigip's in a primary standby configuration? Or just a single
box?
If you can't ping the VIP, I would verify what the arp tables look like
on the F5 and your network gear, perhaps there is some MAC address
issues.
-Wes
On 5/11/07, Andrew Espinosa <andrew.espinosa@propertyinfo.com> wrote:
Hi all,
I found this list via a google search and I 'm hoping someone can help
me. I recently inherited an F5 Big-IP LTM v 9.1.2 load ba lancer and am
attempting to do a simple configuration, or so I think.
I have 3 servers on a DMZ attached to a switch and I also have the F5
attached to the same switch. All devices are on the same subnet,
192.168.199.x / 24.
I created a VLAN and gave it a self-ip address in the subnet range list
above ; created a virtual server with a different IP but on the same
subnet; created a pool and added the nodes to be load balanced. The
router handles the NA T' ing of the public IP which maps to the IP
address I assigned the virtual server.
I can ping the Self-IP I gave the VLAN as well as all the nodes but
cannot ping the virtual server IP.
Additionally I set the default gateway on the DMZ servers to the self-Ip
assigned to the VLAN.
I may have it all screwed up as I am very new to hardware load balancing.
Can anyone give me some pointers as to what I should look at or maybe
configure differently ?
Thanks,
Andrew Espinosa, MCSE / MCSA
Systems Engineer
_______________________________________________
lb-l mailing list
lb-l@vegan.net
http://vegan.net/mailman/listinfo/lb-l
Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest
_______________________________________________
lb-l mailing list
lb-l@vegan.net
http://vegan.net/mailman/listinfo/lb-l
Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest
_______________________________________________
lb-l mailing list
lb-l@vegan.net
http://vegan.net/mailman/listinfo/lb-l
Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest
- ---------------------------------------------------------------------
This communication, including any attached documentation, is intended only for the person or entity to which it is addressed, and may contain confidential, personal, and/or privileged information. Any unauthorized disclosure, copying, or taking action on the contents is strictly prohibited. If you have received this message in error, please contact us immediately so we may correct our records. Please then delete or destroy the original transmission and any subsequent reply. Thank you.
La présente communication, y compris toute pièce qui y a été jointe, est destinée uniquement à la personne ou à l’entité à laquelle elle a été adressée, et contient des renseignements à caractère confidentiel et personnel. Toute diffusion ou reproduction non autorisée ou toute intervention entreprise relativement à son contenu est strictement interdite. Si vous avez reçu ce message par erreur, veuillez nous le signaler immédiatement afin que nous puissions effectuer la correction à nos dossiers. Veuillez par la suite supprimer ou détruire le contenu de la transmission originale ainsi que toute réponse ultérieure. Merci.
- ---------------------------------------------------------------------
_______________________________________________
lb-l mailing list
lb-l@vegan.net
http://vegan.net/mailman/listinfo/lb-l
Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest
Received on Mon May 14 12:28:39 2007
This archive was generated by hypermail 2.1.8 : Mon May 14 2007 - 12:28:39 EDT