NimbostratusiRule for three virtual servers with three sets of ports
Setup
-Two Nodes
-Three sets of ports
1) HTTPS: 443
2) TCP: 7651, 7652, 7653, 7654, 7655, 7656
3) TCP: 9651, 9652, 9653, 9654
-One Virtual IP address shared for all three sets of ports
-All ports are load balanced on the two nodes
Requirement
-Create three separate VIPs
1) HTTPS (No problem here)
2) 7K range
3) 9K range
Issues
I run into problems when I start associating my monitors to pools and pools to virtual servers.
For the rest of this post, I will not talk about the HTTPS VS, since there are no issues there. I will focus on the 7k and 9k range.
Initially I thought I would create three different virtual servers as shown above.
-Create one monitor for the 7K range for port 7651
-Create one pool for the 7K range for port 7651
-Create one VS for the 7K range
-Create one monitor for the 9k range for port 9651
-Create one pool for the 9k range for port 9651
-Create one VS for the 9K range
Since I can’t add port changes in the GUI, I would need to do this with an iRule. Something like this:
when CLIENT_ACCEPTED {
if {([TCP::local_port] >= 7651) && ([TCP::local_port] <= 7656) } {
pool 7k-POOL
} else reject
}
when CLIENT_ACCEPTED {
if {([TCP::local_port] >= 9651) && ([TCP::local_port] <= 9654) } {
pool 9k-POOL
} else reject
}
This was all going great until I tried to create the 7K and 9K VS. Virtual servers can’t share the same source(0.0.0.0/0), destination(VIP), and port(*)
01070333:3: Virtual Server /Common/9K-VS illegally shares destination address, source address, and service port with Virtual Server /Common/7K-VS.
I am new to the F5 LTM and iRules. I was hoping someone can help me with a solution to have all three virtual servers for each of the three sets of ports, each with its own monitor, and to be able to detect a failed pool member and take the member out of the load. I am trying to keep complexity to a minimum.
Any help is greatly appreciated.
