Sungard Luminis Chat Configuration

Question

I have an F5 BigIP LTM v9.3.1 in a one-armed configuration where the VIP's and pools are on the same subnet.  I can't figure out the chat part of the Luminis configuration.  Note that I do not have the backend servers' gateway as the VIP, nor do I have Direct Server return configured.  
&nbsp;  
&nbsp; With a Performance Layer 4 configuration on the chat VIP, I get as far as having the chat window come up but the username is not populating in the right-hand window, I can't send messages to the chat window, and then after 15 seconds the window gets a connection cannot be made error. I used wireshark and found the message: 
&nbsp; GET /jsp/misc/connectionError.jsp from the client to the VIP. 
&nbsp;  
&nbsp; I tried another configuration, Standard instead of Performance Layer 4, and the chat window stays open and I can type into the chat window, but still the username doesn't show up in the right-hand window and I don't see traffic getting back to the chat pool servers. 
&nbsp;  
&nbsp; Note that I have a VIP instance for each of the 5 chat ports(9001-9005) which each have a pool that points to their respective server over that port, but I isolated it down to one chat VIP for my testing. 
&nbsp;  
&nbsp; Below is a printout of my bigip.conf file with Performance Layer 4. I'd appreciate it if anyone could give me feedback on my setup. 
&nbsp;  
&nbsp; Thanks 
&nbsp;  
&nbsp; monitor Luminis_8008 { 
&nbsp; defaults from tcp 
&nbsp; } 
&nbsp; monitor Luminis_9001 { 
&nbsp; defaults from tcp 
&nbsp; } 
&nbsp; profile tcp tcp-Luminis-Prod { 
&nbsp; defaults from tcp 
&nbsp; slow start disable 
&nbsp; bandwidth delay disable 
&nbsp; nagle disable 
&nbsp; ack on push enable 
&nbsp; proxy buffer low 98304 
&nbsp; proxy buffer high 131072 
&nbsp; idle timeout 1800 
&nbsp; send buffer 65535 
&nbsp; recv window 65535 
&nbsp; } 
&nbsp; profile http http-Luminis-Prod { 
&nbsp; defaults from http 
&nbsp; oneconnect transformations disable 
&nbsp; } 
&nbsp; profile persist Cookie-Insert-Luminis-Prod { 
&nbsp; defaults from cookie 
&nbsp; mode cookie 
&nbsp; cookie mode insert 
&nbsp; } 
&nbsp; pool pool-LuminisProd-80 { 
&nbsp; lb method member observed 
&nbsp; monitor all http 
&nbsp; member 192.168.1.7:http 
&nbsp; member 192.168.1.8:http 
&nbsp; member 192.168.1.9:http 
&nbsp; member 192.168.1.10:http 
&nbsp; member 192.168.1.11:http 
&nbsp; } 
&nbsp; pool pool-LuminisProd-calendar-6785 { 
&nbsp; snat disable 
&nbsp; monitor all tcp 
&nbsp; member 192.168.1.5:6785 
&nbsp; } 
&nbsp; pool pool-LuminisProd-calendar-6788 { 
&nbsp; snat disable 
&nbsp; monitor all Luminis_9001 
&nbsp; member 192.168.1.6:6788 
&nbsp; } 
&nbsp; pool pool-LuminisProd-chat-9001 { 
&nbsp; snat disable 
&nbsp; monitor all Luminis_9001 
&nbsp; member 192.168.1.7:9001 
&nbsp; } 
&nbsp; pool pool-LuminisProd-chat-9002 { 
&nbsp; snat disable 
&nbsp; monitor all Luminis_9001 
&nbsp; member 192.168.1.8:9002 
&nbsp; } 
&nbsp; pool pool-LuminisProd-chat-9003 { 
&nbsp; snat disable 
&nbsp; monitor all Luminis_9001 
&nbsp; member 192.168.1.9:9003 
&nbsp; } 
&nbsp; pool pool-LuminisProd-chat-9004 { 
&nbsp; snat disable 
&nbsp; monitor all Luminis_9001 
&nbsp; member 192.168.1.10:9004 
&nbsp; } 
&nbsp; pool pool-LuminisProd-chat-9005 { 
&nbsp; snat disable 
&nbsp; monitor all Luminis_9001 
&nbsp; member 192.168.1.11:9005 
&nbsp; } 
&nbsp; pool pool-LuminisProd-cpip-8008 { 
&nbsp; monitor all Luminis_8008 
&nbsp; member 192.168.1.7:http-alt 
&nbsp; member 192.168.1.8:http-alt 
&nbsp; member 192.168.1.9:http-alt 
&nbsp; member 192.168.1.10:http-alt 
&nbsp; member 192.168.1.11:http-alt 
&nbsp; } 
&nbsp; virtual vip-LuminisProd-443 { 
&nbsp; destination 192.168.2.12:https 
&nbsp; snat automap 
&nbsp; ip protocol tcp 
&nbsp; profile http-Luminis-Prod tcp-lan-optimized wildcard_ssl_profile 
&nbsp; persist Cookie-Insert-Luminis-Prod 
&nbsp; pool pool-LuminisProd-80 
&nbsp; } 
&nbsp; virtual vip-LuminisProd-80 { 
&nbsp; destination 192.168.2.12:http 
&nbsp; snat automap 
&nbsp; ip protocol tcp 
&nbsp; translate service disable 
&nbsp; profile http-Luminis-Prod tcp-lan-optimized 
&nbsp; persist Cookie-Insert-Luminis-Prod 
&nbsp; pool pool-LuminisProd-80 
&nbsp; } 
&nbsp; virtual vip-LuminisProd-calendar-6785 { 
&nbsp; destination 192.168.2.12:6785 
&nbsp; ip protocol tcp 
&nbsp; translate service disable 
&nbsp; profile http tcp 
&nbsp; pool pool-LuminisProd-calendar-6785 
&nbsp; } 
&nbsp; virtual vip-LuminisProd-calendar-6788 { 
&nbsp; destination 192.168.2.12:6788 
&nbsp; ip protocol tcp 
&nbsp; translate service disable 
&nbsp; profile http tcp 
&nbsp; pool pool-LuminisProd-calendar-6788 
&nbsp; } 
&nbsp; virtual vip-LuminisProd-chat-9001 { 
&nbsp; destination 192.168.2.12:9001 
&nbsp; ip protocol tcp 
&nbsp; translate service disable 
&nbsp; profile fastL4 
&nbsp; pool pool-LuminisProd-chat-9001 
&nbsp; } 
&nbsp; virtual vip-LuminisProd-chat-9002 { 
&nbsp; destination 192.168.2.12:9002 
&nbsp; ip protocol tcp 
&nbsp; translate service disable 
&nbsp; profile fastL4 
&nbsp; pool pool-LuminisProd-chat-9002 
&nbsp; } 
&nbsp; virtual vip-LuminisProd-chat-9003 { 
&nbsp; destination 192.168.2.12:9003 
&nbsp; ip protocol tcp 
&nbsp; translate service disable 
&nbsp; profile fastL4 
&nbsp; pool pool-LuminisProd-chat-9003 
&nbsp; } 
&nbsp; virtual vip-LuminisProd-chat-9004 { 
&nbsp; destination 192.168.2.12:9004 
&nbsp; ip protocol tcp 
&nbsp; translate service disable 
&nbsp; profile fastL4 
&nbsp; pool pool-LuminisProd-chat-9004 
&nbsp; } 
&nbsp; virtual vip-LuminisProd-chat-9005 { 
&nbsp; destination 192.168.2.12:9005 
&nbsp; ip protocol tcp 
&nbsp; translate service disable 
&nbsp; profile fastL4 
&nbsp; pool pool-LuminisProd-chat-9005 
&nbsp; } 
&nbsp; virtual vip-LuminisProd-cpip-8008 { 
&nbsp; destination 192.168.2.12:http-alt 
&nbsp; snat automap 
&nbsp; ip protocol tcp 
&nbsp; translate service disable 
&nbsp; profile http tcp 
&nbsp; persist cookie 
&nbsp; pool pool-LuminisProd-cpip-8008 
&nbsp; }

dennypayne · Answer

Hi, 
&nbsp;  
&nbsp; It looks like your 9001-9005 virtuals are not SNAT'ing so those connections are likely not coming back to the LTM; the server is seeing the original client's source IP and responding directly to it rather than sending the connection back through LTM.  If you turn on SNAT automap on those virtuals like it is on the 80, 443, and 8008 vips it should work. 
&nbsp;  
&nbsp; Denny

hooleylist · Answer

If the client and server are on the same subnet or the client is on a non-local subnet but the servers' gateway is not LTM, you'll need to either enable SNAT or configure the servers to respond from the VIP address.  Enabling SNAT is the simpler option. 
&nbsp;  
&nbsp; You have SNAT automap enabled on the VIP, but then each pool has SNAT disabled. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Sungard Luminis Chat Configuration

2 Replies

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

BIG-IP BGP Routing Protocol Configuration And Use Cases

Getting Started with BIG-IP Next: Configuring Instance High Availability

Certificate Expiry Email alert configuration

F5 BIG-IP SSL Orchestrator Configuration with Advanced WAFaaS

Virtual-wire Configuration and Troubleshooting