Forum Discussion

williamc_154806's avatar
williamc_154806
Icon for Nimbostratus rankNimbostratus
May 02, 2017

rdp gateway on a route domain

we have our f5 apm on a route domain to seperate internal and external vlans. the external vlan is on the route domain (IPaddress%226). when setting up the rdp gateway: https://f5.com/solutions/deployment-guides/microsoft-remote-desktop-gateway-services-big-ip-v114-ltm-afm-apm https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-implementations-11-6-0/6.html

 

it will work fine if teh Virtual server IP is on the internal route domain (so the default route domain); but wont connect on an external VIP the external route domain.

 

has anyone gotten rdp gateway to work on a route domain VIP? we are looking to use the v13 rdp native which utilized the rdp gateway feature.

 

APM
application delivery

5 Replies

Sort By
  • Leonardo_Souza's avatar
    Leonardo_Souza
    Icon for Cirrocumulus rankCirrocumulus
    May 03, 2017

    It should work with route domains. Assign the "Route Domain and SNAT Selection" to your APM policy.

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    May 04, 2017

    Hi,

     

    Route domains is a great feature but there are some limitations:

     

    • APM LDAP Auth / Query (requests are initiated from RD0)
    • APM Kerberos SSO (requests to KDC are initiated from RD0)
    • ASM signature updates downloads (requests are initiated from RD0)
    • ASM ICAP Antivirus (requests are initiated from RD0)

    This list is not exhaustive and I am not surprised RDG-RAP is not working with Route domains.

     

    All I can say is RDG-RAP server side connection is initiated from self-IP even if SNAT pool is configured or no source-address-translation is set to none.

     

    I think F5 may write an article with the list of features not supporting Route domains.

     

  • michael_molho_2's avatar
    michael_molho_2
    Icon for Nimbostratus rankNimbostratus
    Nov 27, 2017

    Hi williamc,

     

    Did you get an answer from the support ? I've just had exactly the same problem when trying to have the RDP Gateway working on a non default route domain. This topic saved me https://devcentral.f5.com/questions/apm-and-native-rdp-session-54716

     

    The problem came from the CMP feature on the VS. I've just disabled the CMP on my VS doing the RDP gateway and it worked like a charm :

     

    tmsh modify ltm virtual vs-rdp-gateway cmp-enabled no

     

    Disabling the CMP means that this virtual server will run on a single TMM, so you wont benefit from the multiple CPU you may have on your machine. It's not 100% perfect, but it's working.

     

  • Aviv's avatar
    Aviv
    Icon for Cirrus rankCirrus
    May 11, 2018

    Hi ! if i will disable cmp , only the vs that i wiil configure will have only one cpu?

     

    isn’t it look strange that f5 support have an open bug id 617929 since last year 022017 and they still didn’t fix it yet? i thought that a company in that size will do better,very disappointing.

     

  • michael_molho_2's avatar
    michael_molho_2
    Icon for Nimbostratus rankNimbostratus
    May 14, 2018

    Hi,

     

    Yes if you disable the CMP on a particular virtual server then only this virtual server will be processed by a single CPU. All the others will benefit from all the CPU.

     

    On their bugtracking site the bug seems to be still open and present even in the latest 13.1 versions : https://cdn.f5.com/product/bugtracker/ID617929.html

     

    If this bug is still open, it might mean it would represent a huge work for them to fix it and there is not enough impacted people to engage that effort.