Forum Discussion

ancanada_4516's avatar
ancanada_4516
Historic F5 Account
Mar 01, 2011

PPTP link load balancing with link controller

Hi guys,

 

 

I am trying to load balance PPTP access to a PPTP server through two different links with a link controller. As the PPTP client starts a connection through a tcp connection to any of the two VS published in the internet, and the PPTP server opens an egress GRE tunnel to it through a 0.0.0.0:* VS in the internal VLAN, I think that I require an i-rlue just to set a cross service persistance, in a way that one the VS gets the incoming connection, the egress GRE tunnel has to use the same link and NAT with the associated internet VS to keep the connection consistent. This are the i-rules:

 

 

i-rule of the two internet VS, writing a record in the persistence table with the client IP address and the internet VS IP address

 

 

when CLIENT_ACCEPT{

 

session add source_addr [IP::remote_addr] [IP::local_addr]

 

}

 

 

i-rule of the 0.0.0.0.0:* internal VS managing the outgoing GRE tunnels:

 

 

when CLIENT_ACCEPT {

 

 

if IP::protocol equals 53 {

 

set destination session lookup [IP::server_addr]

 

pool "router of the VS"

 

snat destination

 

 

}

 

 

What do you think about this solution?

 

 

TX!

 

 

AC

 

application delivery
dev
devops
iRules

3 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Mar 03, 2011
    Hi Antonio,

    That sounds plausible. Can you try something like this? 

    when CLIENT_ACCEPTED {
    Add a session table entry with the client and destination IP addresses for 300 seconds
   session add uie [IP::remote_addr] [IP::local_addr] 300
}

    i-rule of the 0.0.0.0.0:* internal VS managing the outgoing GRE tunnels: 

    when CLIENT_ACCEPTED {
   if { [TCP::local_port] == 53 }{
      set dest [session lookup uie [IP::local_addr]]
      if {$dest ne "" }{
         snat $dest}
   }
}

    Aaron
  • ancanada_4516's avatar
    ancanada_4516
    Historic F5 Account
    Mar 05, 2011
    Thanks Aaron,

     

     

     

    I will try it on site. The only doubt I have is if LC will allow to use universal persistence? (so to use uie)?

     

     

     

    AC

     

  • ancanada_4516's avatar
    ancanada_4516
    Historic F5 Account
    Mar 30, 2011
    Done!

     

     

     

    The only remaining problem is that sessions are updated in the persistence table, but as there is no way to create a universal type profile, there is now way to check current connections in the statistics GUI... a pity, as in fact there is use only of L3 info...