Forwarding Traffic to URL rather than Pool

The whole concept of LTM is to either respond directly or to forward requests to pool member. As long as the service you want to forward requests to is publicly available, why not just make the LTM respond with a normal HTTP::redirect ? If not you could probably leverage SNAT and create a pool with FQDN pool member. You can configure the LTM to auto populate and you can choose the interval that the LTM re-queries DNS. By default auto populate is on and re-checks once an hour. If an IP is not returned that was originally it will be removed and subsequently, if a new IP is returned it will be added.

so what are you asking, it seems you have to parts there right?

What I tried implementing was by attaching as simple log in iRule to understand what's happening as follows: when HTTP_REQUEST { log local0. "server is currently at IP [RESOLV::lookup @8.8.8.8 "abc.com"]" }

 

I noticed I wasn't able to reach the Google DNS so I had to resolve to the local Domain DNS and reach the service through the firewall from there onwards.

 

I also found the following link useful https://clouddocs.f5.com/api/irules/resolv__lookup.html

 

and also to request traffic to the newly resolved IP: https://devcentral.f5.com/s/feed/0D51T00006i7RxBSAU

 

The SNAT looks interesting, however I didn't fully understand. Any Links that further explain this please?

 

If not you could probably leverage SNAT and create a pool with FQDN pool member. You can configure the LTM to auto populate and you can choose the interval that the LTM re-queries DNS. By default auto populate is on and re-checks once an hour. If an IP is not returned that was originally it will be removed and subsequently, if a new IP is returned it will be added.

 

as explained above, it seems like I had an issue reaching a public DNS.

 

After additional tests following the links mentioned above, I am now able to redirect to an IP after resolving the DNS name and also returning a 503 should the resolution or IP on the other end fail.

 

If you could clearify just what you would like to achieve, that would be helpful. 1: HTTP redirect? Typically leverages with iRules: when HTTP_REQUEST { if { [string tolower [HTTP::host]] equals "; } { HTTP::respond 301 Location "; } }

2: Forward of traffic through your LTM towards the another LTM/proxy out of your control? You would need SNAT and FQDN/IP pool members.

Hi,

Managed to solve this by identifying the public DNS was not reachable from behind our firewall so going through the internal routes through the firewall I could resolve the address.

I also found the following link useful https://devcentral.f5.com/wiki/irules.resolv__lookup.ashx

and also to request traffic to the newly resolved IP: https://devcentral.f5.com/questions/irule-to-redirect-to-specific-node

Also, had some issues with variables when using iRules, however, hard coding everything in one line was successful.

Stefan

The redirect was a test to check if the LTM is processing the traffic accordingly and that was successful.

The end game here was to forward requests to a URL rather than a set of IPs/Nodes in a Pool. So yes, option 2 is the end goal.

In the SNAT, how do you go about configuring an fqdn/dns? Given that the fqdn/dns is hosted on other appliances outside our realm, we wouldn't be aware if an IP changes behind the DNS, hence a static pool with pre-defined nodes using IP addresses is out of the question.

Stefan