Load Balancing Internal Network

Question

I am a novice and I would really appreciate some help.  
&nbsp; Here is our predicament We have three different applications which talk to each other using HTTP SOAP requests. 
&nbsp;  
&nbsp; All application have a farm of web servers which is being load balanced by the F5.  
&nbsp;  
&nbsp; Application A and Application B reside on the same network as the F5.  
&nbsp;  
&nbsp; Application X is outside the facility and talks to A and B over the internet through the F5.  
&nbsp;  
&nbsp; This part works fine, X can talk with A or B through F5 and the requests are load balanced.  
&nbsp;  
&nbsp; Our predicament is we are unable to make App A talk to App B through the F5.  
&nbsp;  
&nbsp;  
&nbsp; We defined a Virtual host in the same subnet and setup the application to route to the virtual host.  
&nbsp;  
&nbsp; We enabled logging and we can see from the F5 Logs that the requests is being redirected to the correct pool. But we do not get any response.  
&nbsp;  
&nbsp; On setting up a network trace on the recipient and sending Server we observed that the HTTP SOAP request is being sent by Application A to F5 but never gets through to Application B.  
&nbsp;  
&nbsp;  
&nbsp; Is it possible to implement such a solution if so please advice.  
&nbsp;

esoteric22_2801 · Answer

The internet facing connection is dealt with using a different virtual host.

hooleylist · Answer

The problem is that app B is replying back directly to app A as they're on the same subnet.  However, app A didn't initiate a connection to app B.  It opened a connection to the virtual server IP.  So app A ignores app B's response.   
&nbsp;  
&nbsp; If you're only using the virtual server for internal clients, you could enable SNAT automap on the virtual server so that LTM translates the source address to its IP address on requests to the pool for the virtual server.  This ensures that the apps respond back to LTM. 
&nbsp;  
&nbsp; If you only want to apply SNAT when the source and destination hosts are on the same subnet, you could use an iRule: 
&nbsp;  
&nbsp; http://devcentral.f5.com/wiki/default.aspx/iRules/SelectiveSNAT.html 
&nbsp;  
&nbsp; Aaron

esoteric22_2801 · Answer

Thank you for the prompt reply, we tried by setting SNAP to AutoMap and then tried the same request but with little luck.  
&nbsp;  
&nbsp; The only difference was this time we could not see any request going out directly to Application Server B , but we still did not get a response.  
&nbsp;  
&nbsp; Please forgive my ignorance , but is that all we need to do to enable SNAP or are there additional configurations to be done?

hooleylist · Answer

As far as IP layer config, that should be enough.  Can you run a tcpdump on LTM on all switch interfaces filtering on the client and server IP addresses? 
&nbsp;  
&nbsp; tcpdump -nni 0.0 host CLIENT_IP or host SERVER_IP 
&nbsp;  
&nbsp; Thanks, 
&nbsp; Aaron

hc_andy_35682 · Answer

As Aaron has already stated, snat is the way to fix this. 
&nbsp;  
&nbsp; This is the irule we use to selectively snat machines which are on the same subnet and need to communicate with machines behind the F5. 
&nbsp;  
&nbsp; when LB_SELECTED { 
&nbsp;    if { [IP::addr [IP::remote_addr] equals [LB::server addr]/24] } { 
&nbsp;       snat automap 
&nbsp;    } 
&nbsp; } 
&nbsp;  
&nbsp; Just change th2 /24 to whatever mask your subnet uses and save it as an irule and then apply to your virtual server.

Forum Discussion

Load Balancing Internal Network

5 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Create isolated environment for internal and external networks

2 internal server vlans

Deploying F5 BIG-IP with Azure Cross-region load balancer

Re: NGINX for Azure: Load Balancing

F5 Network Map to Json with Python