Forum Discussion

Youssef_Ghorbal's avatar
Youssef_Ghorbal
Icon for Cirrus rankCirrus
Nov 18, 2014
Solved

Route domains and Pool members

Hello,

 

I have two route domains (ID 1 and the default, ID 0) My Virtual Server is bound to Route Domain 1. My pool has only members that are bound to default Route Domain.

 

Is there any way to make this VS use that Pool ? (i.e is there any way to make a route domain VS talk to a node in another route domain)

 

The gui does allow biding the VS to the Pool, but the client gets TCP RST when trying to use the VS (as if the pool was somehow "empty" or without active members) On the other hand, when I replace pool members with the exact same ones but suffixing the %1 on their IPs, the VS works fine.

 

What I'm trying to do is basically avoiding (re)declaring the exact same pool members whenever I wan to access them from different Route Domains.

 

Thank you for your advice.

 

PS : default gateways are correctly configured in both route domains.

 

APM
application delivery
design
LTM
security
TMOS

9 Replies

Sort By
    • Youssef_Ghorbal's avatar
      Youssef_Ghorbal
      Icon for Cirrus rankCirrus
      Nov 18, 2014
      No in fact ID 0 is not the parent of ID 1. I'll test it. I don't see the logic behind it. Documentation says that the big-ip will go search for a route from a parent whenever it hasn't found one in the current RD. For my setup I do have a default route on RD1 and it works. I can ping/telnet the node from the rdsh 1 prompt.
    • Youssef_Ghorbal's avatar
      Youssef_Ghorbal
      Icon for Cirrus rankCirrus
      Nov 18, 2014
      When ID 0 is parent of ID 1 things works great. I still can get the sense out of it.
    • Chase_Abbott's avatar
      Chase_Abbott
      Icon for Employee rankEmployee
      Nov 18, 2014
      That was the second place to look. It was kinda where I was going after my initial response. The parent name creates the default fallback route for the secondary domain allowing %X to talk back to default. This allows for some creative and confusing route setups though (as I did in my lab). Was your ID 0 set to strict also?
    • Youssef_Ghorbal's avatar
      Youssef_Ghorbal
      Icon for Cirrus rankCirrus
      Nov 18, 2014
      No in fact ID 0 is not the parent of ID 1. I'll test it. I don't see the logic behind it. Documentation says that the big-ip will go search for a route from a parent whenever it hasn't found one in the current RD. For my setup I do have a default route on RD1 and it works. I can ping/telnet the node from the rdsh 1 prompt.
    • Youssef_Ghorbal's avatar
      Youssef_Ghorbal
      Icon for Cirrus rankCirrus
      Nov 18, 2014
      When ID 0 is parent of ID 1 things works great. I still can get the sense out of it.
    • Chase_Abbott's avatar
      Chase_Abbott
      Icon for Employee rankEmployee
      Nov 18, 2014
      That was the second place to look. It was kinda where I was going after my initial response. The parent name creates the default fallback route for the secondary domain allowing %X to talk back to default. This allows for some creative and confusing route setups though (as I did in my lab). Was your ID 0 set to strict also?
  • Chase_Abbott's avatar
    Chase_Abbott
    Icon for Employee rankEmployee
    Nov 18, 2014

    Dang, my pretty answer blew up in my face. We did this setup for Lync to mask public versus private IPs with the virtual on default vlan (v100) and all nodes living on %1 (v101). In this instance we didn't have a SNAT on the incoming VS but we DO have to add outbound virtuals to allow the nodes to route back through LTM. In this case I had an outbound_lync virtual with the following:

     

    Type: fastL4 Source: 0.0.0.0%1/0 Destination Network Addr: 0.0.0.0%1 This did SNAT out via the (v101) and used an address available on the default vlan.

     

    Makes me wonder if the reset is on the VS or behind during transit to the node or back?