Forum Discussion

agriesser's avatar
agriesser
Icon for Nimbostratus rankNimbostratus
Apr 08, 2014
Solved

Access loadbalanced IP from internal VLAN

Hi again,

 

I'm not sure if my current problems are related to the changes outlined here:

 

https://devcentral.f5.com/questions/nat-exemption-next-hop-routing

 

But it might well be. I'm currently not able to access the loadbalanced ip from the internal VLAN, where the loadbalanced IP is configured for, example:

 

1.1.1.1:80 -> 192.168.1.1:80 + 192.168.1.2:80 (round robin)

 

I can access 1.1.1.1 perfectly fine from any other internal VLAN (like from servers in the 192.168.2.0/24 subnet), but am not able to access them from the 192.168.1.0/24 VLAN.

 

Any ideas how to solve that issue? I think it's related to the virtual servers we created in the above mentioned question but I'm not sure how to work around that without breaking my other requirements.

 

Thanks, best, Alex

 

  • So by removing any SNAT, it looks like the return traffic from your servers isn't going back through the BIG-IP for this 192.168.1.0/24 vlan since they are in the same subnet.

    One way to fix this is to apply an iRule to your 1.1.1.1 virtual server that will SNAT only if the request is from your internal vlan:

    when CLIENT_ACCEPTED {
       if { [IP::addr [IP::client_addr] equals 192.168.1.0/24] }{
          snat automap
       }
    }
    

4 Replies

  • So by removing any SNAT, it looks like the return traffic from your servers isn't going back through the BIG-IP for this 192.168.1.0/24 vlan since they are in the same subnet.

    One way to fix this is to apply an iRule to your 1.1.1.1 virtual server that will SNAT only if the request is from your internal vlan:

    when CLIENT_ACCEPTED {
       if { [IP::addr [IP::client_addr] equals 192.168.1.0/24] }{
          snat automap
       }
    }
    
    • Little_Xian_131's avatar
      Little_Xian_131
      Icon for Nimbostratus rankNimbostratus
      does the gateway of internal Vlan pool member like 192.168.1.1:80 is BIG-IP's interface IP?