New F5 Configuration

Question

After hearing my cousin extol the virtues of the F5 platform, I stumbled across a company selling some used 3600 and bought 7 of them (it was a very good deal). I have Gigabit internet at the office, and 2 current colo locations with multiple servers and thought this would be a good thing for us - after 3 or so days, not so much. While my cousin works managing irules, pools and VM's for his work every day, he hasn't been through the initial setup before and though everything looks like it should work, it doesn't. I have gone through much of the getting started video series, but so far nothing helps.&nbsp;
What I am trying to accomplish is not so much load balancing as setting up a single IP in and directing it to split up the traffic based off incoming DNS traffic. Reason is of course the limited nature of public IP's at our locations. Let me outline some basics that will help us talk about the trouble.&nbsp;
Public IP = ppp.ppp.ppp.5 (Port 1.1)
Private IP = 192.168.1.5 (Port 1.3)
Management IP 100.10.100.5 (Management Port)&nbsp;
I setup my Windows PC on the network to be part of both the 192. network, and the 100. network, and of course it can see all public IP's.&nbsp;
I have a Dell r610 that has 3 virtual machines on it, Windows, Ubuntu, and OSX, their configuration looks like this:&nbsp;
windows.mydomain.com --&gt; 192.168.1.55
ubuntu.mydomain.com --&gt; 192.168.1.56
osx.mydomain.com --&gt; 192.168.1.57&nbsp;
All the DNS for all domains go to: PPP.PPP.PPP.5 and the expectation is to use the F5 to break up that traffic and forward it to the appropriate internal IP. All internal servers would be listening on all ports, so it isn't just that port 80 can make it to the ubuntu server and the others have to listen on a different port.&nbsp;
I setup the self IP's to be
Public IP = ppp.ppp.ppp.5 (Port 1.1)
Private IP = 192.168.1.5 (Port 1.3)&nbsp;
I setup some pools, and a VM to forward to the pool, but no traffic gets through. I have cleared out the configurations multiple times, and redone it from scratch over and over. I tried using a different F5, but nothing works. I talked to one guy who says it isn't possible, and that I have to do NAT routing and have them all on different ports, and someone else insists it will work, but can't help me. I tried upgrading the firmware to Hotfix-BIGIP-10.2.4-870.0-HF13, but the download button on the site doesn't work.&nbsp;
Is there an idiot's 5 step program I can join to get traffic through like I am discussing? I have a bunch of small appliances that I want to run at the office, and they can't all have public IPs. I also want to take another dedicated machine to the colo, but am out of public IPs there as well.&nbsp;
About all I can think of to do next is to setup a bunch of apache virtual hosts and direct it to network resources and drop the F5 from the picture.&nbsp;

nathe · Answer

Study wise have you checked out F5 University (university.f5.com) - although this maybe the getting started videos you mention. Askf5 has other resources too, like implementation and concepts guides. Again these should help.&nbsp;
Bit tricky to fully diagnose your issue, however, is it a routing issue with the servers talking back to the windows client, rather than back through the bigip? Try a packet capture on any or all of the devices to confirm. If you want to try and get a quick win then perhaps try using SNAT Automap on the Virtual Server configuration - this will source NAT the traffic to the BIG-IP self IP.&nbsp;
Hope this helps,&nbsp;
N&nbsp;

arpydays · Answer

Fundamentally, the F5 needs to be able to differeniate incoming traffic based on something unique, e.g. L7 information or IP address or port and from what I can gather you only have 1 Public IP (client side) that incoming traffic will hit and static ports to indicate which server is not really suitable for your setup. If the traffic was purely HTTP then the HOST header in the HTTP request has the DNS name of the service in it so the F5 can check the HOST header and route traffic to the correct server. But I'm assuming that there may multiple services other than HTTP that you want to use? If this is the case it is unlikely the F5 has any information available to it in the IP packets that indicates where this traffic should be destined, so it is possible as you've been told to setup a static mapping and use the port as a key to route traffic, i.e. port80->server1, port81->server2, although this may not be suitable for you, the only other alternative I can think of would be a public IP address per server.

ahalls_252044 · Answer

Thanks ArpyDays, we are working with multiple devices like this: http://www.openvox.cn/products/voip-gateways/gsm-gateways/148/vs-gw1600-gsm-series-detail.html which would all work on the same ports, but have different IPs and I need to do the "load balancing" through my software application.
I got this code that should help with dividing up based off the incoming host info I believe:
&nbsp;
when HTTP_REQUEST {
    set host_name [string tolower [HTTP::host]]
    switch -glob $host_name {
    windows.domain.com {
        pool pool_windows-domain-com
    }
       mac.domain.com {
       pool pool_mac-domain-com
      }
  }
}
&nbsp;
&nbsp;
But yes, it would be optimal if I could SSH, FTP, and use HTTP on each server by using it's dns name. At the data center, I have 1/2 a rack and only 3 public IP addresses, so I need a similar solution there.
&nbsp;
Nathan, I did watch a bunch of those videos and also found some on youtube that I went through. I can try packet scanning, but looking at apache server logs it would appear that traffic from my PC never gets to the server. I can look into the SNAT Automap, I haven't seen that before so can't say how or if it works yet.
&nbsp;

Forum Discussion

New F5 Configuration

3 Replies

Recent Discussions

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Related Content

F5 BIG-IP SSL Orchestrator Configuration with Advanced WAFaaS

Manage F5 BIG-IP Advanced WAF Configuration Drift with webhooks and GitOps

How I did it - "Configuring remote logging for F5 Distributed Cloud Services"

configure custom log profile for F5 WAF

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations