I am attempting to LB 2 BlueCoat appliances with my F5 Big IP's. I am running version 11.6.0 HF1 on 2 Big IP 8900's. The issue I am running into is that when pointing to the Big IP's for LBing and access a site that is not authorized or cannot be resolved, the BC's return another users username and not my own. I am using SNAT and have enabled xForwarding but still seem to be running into the same issue. Any input is greatly appreciated. Thank you in advance.

can you post the virtual server configuration? tmsh list ltm virtual (name)

ltm virtual CENTCOMHQ_BlueCoat_LB { destination x.x.x.x:port ip-protocol tcp mask 255.255.255.255 persist {Cookie Persistence Profile { default yes } } pool BlueCoatPool profiles { BlueCoat_HTTP {} optimized-acceleration {} tcp-lan-optimized {} } source x.x.x.x/0 source-address-translation { type automap } vs-index xx

You may want to check if the issue resolves, when optimized-acceleration profile is removed.

BlueCoat ProxySG Load Balancing

15 Replies

nitass_89166
Noctilucent
May 15, 2015
can you post the virtual server configuration?

tmsh list ltm virtual (name)
- Dev_56330
  Cirrus
  May 15, 2015
  ltm virtual CENTCOMHQ_BlueCoat_LB { destination x.x.x.x:port ip-protocol tcp mask 255.255.255.255 persist {Cookie Persistence Profile { default yes } } pool BlueCoatPool profiles { BlueCoat_HTTP {} optimized-acceleration {} tcp-lan-optimized {} } source x.x.x.x/0 source-address-translation { type automap } vs-index xx
nitass
Employee
May 15, 2015
can you post the virtual server configuration?

tmsh list ltm virtual (name)
- Dev_56330
  Cirrus
  May 15, 2015
  ltm virtual CENTCOMHQ_BlueCoat_LB { destination x.x.x.x:port ip-protocol tcp mask 255.255.255.255 persist {Cookie Persistence Profile { default yes } } pool BlueCoatPool profiles { BlueCoat_HTTP {} optimized-acceleration {} tcp-lan-optimized {} } source x.x.x.x/0 source-address-translation { type automap } vs-index xx
kunjan
Nimbostratus
May 15, 2015
You may want to check if the issue resolves, when optimized-acceleration profile is removed.
- Dev_56330
  Cirrus
  May 15, 2015
  I removed that previously and I am still receiving another users username from the proxy as if I am authenticating as someone else. Optimized-Acceleration is still disabled at this point. I have also modified the type to FastL4 and experience the same results.
kunjan_118660
Cumulonimbus
May 15, 2015
You may want to check if the issue resolves, when optimized-acceleration profile is removed.
- Dev_56330
  Cirrus
  May 15, 2015
  I removed that previously and I am still receiving another users username from the proxy as if I am authenticating as someone else. Optimized-Acceleration is still disabled at this point. I have also modified the type to FastL4 and experience the same results.
kunjan
Nimbostratus
May 15, 2015
Could it be caching problem at BC?
- Dev_56330
  Cirrus
  May 15, 2015
  That's a great question. My organization does not manage the BC's which we go through so unfortunately we are attempting to only troubleshoot this at the Big IP.
kunjan_118660
Cumulonimbus
May 15, 2015
Could it be caching problem at BC?
- Dev_56330
  Cirrus
  May 15, 2015
  That's a great question. My organization does not manage the BC's which we go through so unfortunately we are attempting to only troubleshoot this at the Big IP.
nitass
Employee
May 16, 2015
does the problem happen when having only one member in the pool?

if not, can you try another persistence method such as source address?
Dev_56330
Cirrus
May 18, 2015
I have not attempted pulling 1 of the nodes out of the pool though I did attempt to use source address persistence which had the same results. There must be a configuration guide from BlueCoat. I am trying to run that down in hopes this is not a problem with the Big IP's at all but rather an existing configuration on the BlueCoats.
Dev_56330
Cirrus
Jun 09, 2015
I was only able to successfully LB the bluecoat proxies using a Fast Layer 4 VS versus a Standard VS with any type of optimization. BlueCoat never responded with load balancing requirements.