Forum Discussion

belias21_8982's avatar
belias21_8982
Icon for Nimbostratus rankNimbostratus
Aug 26, 2009

Connect to Virtual Server from different VLAN

OK, this one is probably simple, but way complicated to explain. Here are the relevant pieces. I was looking at somekind of VIP Bounceback solution, but not sure it applies.

 

 

-----------

 

| Router |

 

-----------

 

|

 

|

 

10.10.9.250 (Self-IP)

 

|

 

-----------

 

| LTM |

 

-----------

 

| \

 

| \

 

| \

 

10.10.11.250 \

 

10.10.14.250

 

 

VLAN9 - VLAN between LTM and router

 

VLAN11 - Web servers (10.10.11.[121-123] LTM Self-IP 10.10.11.250)

 

VLAN14 - App servers (10.10.14.[181-183] LTM Self-IP 10.10.14.250)

 

 

Servers behind LTM use that VLAN's Self-IP as gateway.

 

 

Virtual Servers:

 

10.10.9.200 --> Nodes are the web servers in VLAN11

 

10.10.9.181 --> Nodes are the app servers in VLAN14

 

 

Inbound traffic from the internet have no issues with connecting to either VS.

 

 

I need to be able to loadbalance traffic from Web (VLAN11) to App (VLAN14). If I try to connect to VS 10.10.9.181 (App VS) from the web servers, the connection fails. Is there an inherent issue with connecting to a VS on a different VLAN? All are directly connected, so I wouldn't see it as a routing issue. I thought it might be a VIP bounceback-like issue wherein the traffic was getting there and just not making it back, but a packet capture on the app servers does not show me ANY traffic related to my test queries coming from the web servers.

 

 

Hope this makes sense. I am stuck, and could really use some guidance.

 

 

Thanks in advance,

 

Brian

 

 

config
design

5 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Aug 26, 2009
    Hi Brian,

     

     

    If the 10.10.9.181 VS is enabled on the VLAN the client is on, it should work fine. Do you see stats incrementing on the VS? What about on the pool?

     

     

    Can you enable SNAT (automap is a simple way to test) on the virtual server and retry? If that doesn't work, try capturing a tcpdump on LTM filtering on the client and server IP addresses:

     

     

    tcpdump -ni 0.0 host CLIENT_IP or host SERVER_IP

     

     

    If these are hosts are processing live traffic you may want to add more specific filters to the tcpdump to eliminate the live traffic from the trace.

     

     

    If you need help capturing or analyzing the tcpdump, you can open a case with F5 Support.

     

     

    Aaron
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Aug 26, 2009
    Hi Brian,

     

    To add - do you any virtual forwarding server configured?

     

     

    thanks,

     

    CB

     

  • belias21_8982's avatar
    belias21_8982
    Icon for Nimbostratus rankNimbostratus
    Aug 28, 2009
    OK, the 10.10.9.181 VS has all VLANs enabled on it. I checked and saw that the VS has incrementing stats, but the pool does not. The monitor on the node is green, so I know it is alive. I turned on SNAT AutoMap on the VS - didn't seem to make a difference. Also, to answer CB's question - I do not have any forwarding VS configured. Working on geting a tcpdump, but the environment isn't very accessible (long story).
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Aug 28, 2009
    I think you need a VS configured for outbound requests. Try setting up a wildcard VS with ANY ports.

     

     

    CB

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Aug 28, 2009
    Another possibility is that port translation is disabled on the VIP and the VIP and pool members are defined on different ports.

     

     

    Aaron