Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Forward traffic to pool member with same port as VS - VIP is on port 0

Hi,

Need help in setting up an application.
VIP is on port 0 as the application can work on 30 ports.
Now i want to forward the traffic to the pool member on the same port as it arrives on the virtual server.

eg: abc.com:4448 -> VIP is on port 0 so it will take it
Now it should go to the pool memebrs on port 4448 as well, and so on for any other request coming in to the VS

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi Aditya,

define your Virtual Server as well as your Pool Members with the :any port setting (Port 0 in WebUI).

This will make sure your VS accepts traffic on every port and forwards the traffic to your pool members on the same port.

Cheers, Kai

0
Comments on this Answer
Comment made 3 weeks ago by Aditya 147

Hi Kai,

Thanks for your response.
Would that not cause the health monitor to probe all the 65,535 ports which may cause overheads or performance issues?

Thanks,
Aditya

0
Comment made 3 weeks ago by Kai Wilke 6860

Hi Aditya,

when creating a new monitor you can set the service port to a fixed value. This configuration will target the monitor request always to the specified service port.

You may attach as many as you like monitors to your pool (each with a different fixed service port) to monitor the status of each hosted application on the same :any pool. Tweak the "Availability Requirement" setting as required...

Cheers, Kai

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You can define the virtual server with port translation disabled... the virtual server won’t change the port

0
Comments on this Answer
Comment made 3 weeks ago by Aditya 147

i did try that, but it did not help :(

0
Comment made 3 weeks ago by Aditya 147

Sorry, any request coming to on http with any port is working fine, but with https it does not.

0
Comment made 3 weeks ago by AceDawg 290

To support HTTPS traffic, make sure you have SSL certificates loaded on all your pool member servers.

0
Comment made 3 weeks ago by Aditya 147

Yes, the certs are on the backend servers

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Where is you certificates located?

0
Comments on this Answer
Comment made 3 weeks ago by Aditya 147

Hi Leon,
They are on the servers.

0
Comment made 3 weeks ago by AceDawg 290

Have you tried running a capture (tcpdump and ssldump) to determine where SSL communications are breaking down? If you're not familiar with ssldump, check out: https://support.f5.com/csp/article/K10209.

0
Comment made 3 weeks ago by Aditya 147

Hey, Did not take a tcp and ssl dump, but I added the below iRule and it works for http port.

when CLIENT_ACCEPTED { if {([TCP::local_port] != 80) && ([TCP::local_port] != 8103)} { HTTP::disable } }

But this does not work for https, the request passes through to the backend pool member succesfully but the X-Forwarded IP is not present. I believe as we disable the http profile then the X-Forwarded_http profile is not used at all.

Any workaround for this?

0
Comment made 2 days ago by Aditya 147

So what worked was that i offloaded the ssl on the f5 instead of the server and wrote an irule to disable ssl for the ports coming in for http. :)

0