NimbostratusHello, I have a simple problem ... I would like to use the function 'loadbalance gateway' but I must have a persistent using the client IP address. I found nothing in interface and I can not do it with a irule .. Can anyone help me? thx
CirrostratusHey David. Sorry, far more detail required. TMOS version? Do you mean source address/simple persistence? What are you trying to do, it's not clear? What are your requirements? What is load balance gateway?
Nimbostratushi, my problem is complicated and my English is poor ... but I will attempt an explanation :) i use TMOS 11.4
I don't use my Bigip as LB but as Forward Proxy with irule 'Forward Proxy' The default route of my bigip is a pool of gateway. This pool is 3 firewall on stand-alone.
I need that each client use always the same gateway. But, it's not possible to configure a persistent for the gateway-load.
I hope that my explanations will help you to understand my problem. if you need more explanation, do not hesitate.
Hi David,
if I got it right, you want to handle some outgoing traffic through a virtual server.
As a resource a pool with a couple of gateways is applied.
Probably your virtual server is a wildcard 0.0.0.0/0 in PerformanceL4 mode.
To make sure outgoing requests from the same internal client will always go through the same gateway (may be required, if the gateway applies source NAT) a source address affinity profile needs to be selected in the virtual server´s resource settings.
This approach may not fit, if the internal requests are forwarded by a proxy. In this case the source IP will always be the same ... external proxy IP. As a result all requests would be send out through the same path.
Alternatively you can select a customized destination address affinity to make sure requests to the same destination will go through the same gateway.
Thanks, Stephan
Nimbostratushello, Thank you for your answers. The solution I found is a irule:
when HTTP_REQUEST {
log local0. ""
log local0. "************* start [TCP::client_port] *************"
log local0. "**** Client : [IP::client_addr]:[TCP::client_port]"
log local0. "**** LB Server : '[LB::server addr]'"
if { [LB::server addr] eq "" } {
log local0. "**** force eval LB Server"
eval [LB::select]
log local0. "**** eval OK !!!"
log local0. "**** New LB : '[LB::server addr]'"
set gw [getfield [LB::server] " " 2]
log local0. "**** Gateway : $gw"
switch $gw {
"172.20.112.125%10" { set nat "10.204.36.[expr ( [crc32 [IP::client_addr] ] % 126 ) +1 ]" }
"172.20.112.126%10" { set nat "10.204.32.[expr ( [crc32 [IP::client_addr] ] % 126 ) +1 ]" }
}
snat $nat
log local0. "**** S-nat : $nat"
nexthop $gw
} else {
log local0. "++++ LB choice : [LB::server addr]"
log local0. "++++ Gateway : $gw"
log local0. "++++ S-nat : $nat"
snat $nat
nexthop $gw
}
log local0. "************* end [TCP::client_port] *************"
log local0. ""
}
But strangely, the command eval [LB :: selec] 'works correctly for the first request, but never for the following ... Here is an excerpt from / var / log / ltm
Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw :
Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : ************* start 39932 *************
Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** Client : 194.250.98.57%10:39932
Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** LB Server : ''
Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** force eval LB Server
Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** eval OK !!!
Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** New LB : '172.20.112.126%10'
Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** Gateway : 172.20.112.126%10
Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** S-nat : 10.204.32.108
Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw : ************* end 39932 *************
Oct 30 10:06:52 pyxb595 info tmm3[12555]: Rule /OVIP-INTERNET/Persistence_gw :
Oct 30 10:06:58 pyxb595 info tmm[12555]: Rule /OVIP-INTERNET/Persistence_gw :
Oct 30 10:06:58 pyxb595 info tmm[12555]: Rule /OVIP-INTERNET/Persistence_gw : ************* start 12475 *************
Oct 30 10:06:58 pyxb595 info tmm[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** Client : 194.250.98.57%10:12475
Oct 30 10:06:58 pyxb595 info tmm[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** LB Server : ''
Oct 30 10:06:58 pyxb595 info tmm[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** force eval LB Server
Oct 30 10:07:05 pyxb595 info tmm1[12555]: Rule /OVIP-INTERNET/Persistence_gw :
Oct 30 10:07:05 pyxb595 info tmm1[12555]: Rule /OVIP-INTERNET/Persistence_gw : ************* start 55778 *************
Oct 30 10:07:05 pyxb595 info tmm1[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** Client : 194.250.98.57%10:55778
Oct 30 10:07:05 pyxb595 info tmm1[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** LB Server : ''
Oct 30 10:07:05 pyxb595 info tmm1[12555]: Rule /OVIP-INTERNET/Persistence_gw : **** force eval LB Server
Someone has an idea? Is this a problem of writing?