Forum Discussion

Charles_Lamb's avatar
Charles_Lamb
Icon for Nimbostratus rankNimbostratus
Oct 05, 2013

VIP under VIP configuration using nexthop

I have two pairs of LTMs. On pair one I have a VIP configured with a pool member that is a VIP on pair 2. I want to use nexthop to specify the vlan that pair one uses to get to pair 2 and for some reason it is not working...

 

LTM 1 ltm virtual ssiqa-9999 { destination 192.168.200.209:http ip-protocol tcp mask 255.255.255.255 pool ssiqa-9999 profiles { http { } tcp { } } rules { ssotestrule } snatpool ssotest }

 

ltm pool ssiqa-9999 { members { 10.66.2.123:http { session monitor-enabled } } monitor tcp }

 

ltm snatpool ssotest { members { 192.168.200.202 } }

 

modify rule ssotestrule { when LB_SELECTED { if { [ matchclass [LB::server addr] equals ssotestrule ] } { nexthop 192.168.200.193 } } }

 

LTM 2

 

ltm virtual ssotest-80 { destination 10.66.2.123:http ip-protocol tcp mask 255.255.255.255 profiles { http { } tcp { } } rules { ssotest } }

 

ltm rule ssotest { when HTTP_REQUEST { HTTP::respond 200 content "

 

 

Success!" "Content-Type" "text/html" } }

 

application delivery
design
devops
iRules

11 Replies

Sort By
  • Charles_Lamb's avatar
    Charles_Lamb
    Icon for Nimbostratus rankNimbostratus
    Oct 05, 2013

    Sorry... when I say it is not working it is leaving the default route on the F5 rather than using 192.168.200.193

     

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 06, 2013

    You appear to have the nexthop command commented out? Is that just the DC formatting or actually the case? Could you post just the iRule using the 'preformatted' option (forth button from left) so I can understand that better. Is ssotestrule a data group?

     

  • Charles_Lamb's avatar
    Charles_Lamb
    Icon for Nimbostratus rankNimbostratus
    Oct 07, 2013
    ltm rule ssotestrule {
    when LB_SELECTED {
        if { [ matchclass [LB::server addr] equals ssotestrule ] } {
            nexthop 192.168.200.193
        }
    }
}
  • Charles_Lamb's avatar
    Charles_Lamb
    Icon for Nimbostratus rankNimbostratus
    Oct 07, 2013

    It was...forgot to take out the comment before I copied it over. I was trouble shooting multiple things and commented it out for something...cannot remember what exactly but that was not the problem. With it not commented out it still defaults to the default route of the F5.

     

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 07, 2013

    OK, so, let's add some logging and see if it matches the keys in your data group. Also, how are you testing/confirming things? Is the nexthop subnet directly connected to the F5? Have you tried specifying the VLAN with the nexthop command?

    ltm rule ssotestrule {
    when LB_SELECTED {
        if { [ matchclass [LB::server addr] equals ssotestrule ] } {
            log local0. "Destination Pool Member Is: [LB::server addr]"
            nexthop 192.168.200.193
        }
    }
}
  • Charles_Lamb's avatar
    Charles_Lamb
    Icon for Nimbostratus rankNimbostratus
    Oct 07, 2013

    I did use logging to validate that the matchclass argument is working. The subnet for the next hop is directly connected to the F5. The problem we are trying to solve is that without specifying the next hop traffic comes in on one vlan and leaves on another. I am using tcp dumps to validate the vlans. I have also specified the vlan in the next hop command and it did not change the outcome. It seems like under the WHEN LB_SELECTED event nexthop is just ignored... It appears to be doing something under CLIENT_ACCEPTED and HTTP_REQUEST but it breaks my test all together... I am still trying to figure out why that is.

     

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Oct 09, 2013

    i'm confused as to why you need to specify the vlan at all.

     

    1. Is 10.66.2/ locally defined on LTM1?
    2. where does the nexthop IP live? LTM1 or an upstream router?
    3. why if you are only defining one destination for the traffic (LTM2 vip) are you checking to see what the selected address is, you specified only one in the pool.

    A little more detail would be helpful.