Load Balancing External Nodes

Hi Doug,

 

 

Do you have SNAT enabled on the VS so that LTM will translate the serverside source IP to its floating self IP?

 

 

Aaron

Yes, I have the SNAT Pool set to auto map. I also have the VLAN and tunnel Traffic set to all VLANS and Tunnels, address Translation and port Translation are both enabled and Source Port is set to Preserve.

If you run a tcpdump looking for the client or server IP's, do you see any packets going to the server? Do you see a response? You can use a tcpdump command like this to check:

 

 

tcpdump -ni 0.0 -s0 host CLIENT_IP or host SERVER_IP

 

 

Aaron

Ok, so one question, it looks like all the health checks, and traffic out to the EC2 nodes is using the MGMT interface on eth0, not the self Ip, is that correct, should it use the SelfIP instead? I ran the tcpdump on the eth0 interface and looking for one of my external node IPs, and here is what I got back. The 172.18.0.18 is my MGMT address on eth0 and the 184.73.230.13 is the external IP of my EC2 instance:

15:54:54.303532 IP 172.18.0.18.40241 > 184.73.230.13.etlservicemgr: S 1099469672:1099469672(0) win 5840 
15:54:54.313691 IP 184.73.230.13.etlservicemgr > 172.18.0.18.40241: S 1751514931:1751514931(0) ack 1099469673 win 5792 
15:54:54.313760 IP 172.18.0.18.40241 > 184.73.230.13.etlservicemgr: . ack 1 win 46 
15:54:54.314159 IP 172.18.0.18.40241 > 184.73.230.13.etlservicemgr: P 1:10(9) ack 1 win 46 
15:54:54.324281 IP 184.73.230.13.etlservicemgr > 172.18.0.18.40241: . ack 10 win 46 
15:54:54.326633 IP 184.73.230.13.etlservicemgr > 172.18.0.18.40241: P 1:953(952) ack 10 win 46 
15:54:54.326653 IP 172.18.0.18.40241 > 184.73.230.13.etlservicemgr: . ack 953 win 61 
15:54:54.326762 IP 172.18.0.18.40241 > 184.73.230.13.etlservicemgr: F 10:10(0) ack 953 win 61 
15:54:54.327099 IP 184.73.230.13.etlservicemgr > 172.18.0.18.40241: F 953:953(0) ack 10 win 46 
15:54:54.327153 IP 172.18.0.18.40241 > 184.73.230.13.etlservicemgr: . ack 954 win 61 
15:54:54.533685 IP 172.18.0.18.40241 > 184.73.230.13.etlservicemgr: F 10:10(0) ack 954 win 61 
15:54:54.543304 IP 184.73.230.13.etlservicemgr > 172.18.0.18.40241: . ack 11 win 46 

Monitor and load balanced traffic should be routed out a switch port; not a management port:

 

 

SOL6163: Error Message: Health check would route via mgmt port

 

https://support.f5.com/kb/en-us/solutions/public/6000/100/sol6163.html

 

 

You can fix this by adding a TMM route under Network >> Routes which points the traffic out a switch port.

 

 

Aaron

Ok, I looked at the bigger picture and added a secondary network interface to my LTM so now none of the health check traffic is going out the MGMT interface.

 

 

I'm still not seeing any traffic on the Self IP of the LTM virtual when I try to access the Virtual Server Instance IP address. The nodes still pass their health check though and I can see the traffic going out to them on EC2.

 

 

Any ideas?

Posted By Doug on 06/15/2010 12:29 PM

 

Ok, I looked at the bigger picture and added a secondary network interface to my LTM so now none of the health check traffic is going out the MGMT interface.

 

 

I'm still not seeing any traffic on the Self IP of the LTM virtual when I try to access the Virtual Server Instance IP address. The nodes still pass their health check though and I can see the traffic going out to them on EC2.

 

 

Any ideas?

 

When you say that you don't see the traffic on your SelfIP - are you looking at traffic on the physical self-ip or the floating self-ip? SNAT will use the floating one...