Forum Discussion

jonathanw84's avatar
May 21, 2021

Load Balance to FQDN Not Working

Hi All,

 

I have an environment that is set up on my F5 using a combination of Rewrite Profiles and iRules to achieve a reverse proxy setup. This works well.

 

I have a request to add an additional rewrite mapping but this time they want it to load balance to a FQDN in the cloud. The F5 is set up for DNS and I can add an FQDN pool which populates the ephemeral nodes, but these show down and I can never get them to come up despite DNS resolving them correctly.

 

I have the URL rule added to the existing rewrite profile (client: /api/search/ server: /search/ and then an iRule that states:

 

  elseif { [string tolower [HTTP::uri]] starts_with "/api/search" } {

    pool ProxyPass_Pool_4

 

But I can't get the FQDN pool to function.

 

What am I missing?

 

Thanks!

3 Replies

  • There could be many factors here. You can follow below troubleshooting steps.

    - Check if firewall is open from F5 to the FQDN node port. Try with telnet comand from F5.

    - Check routing is there on F5 and it's not using the mgmt route to reach. tmm route should be present on F5 to reach the FQDN.

    - Check the health monitor if any custom http/https monitor configured. Try using tcp for troubleshooting.

    - If F5 can connect on fqdn port. Check if node is up or down. disable ICMP monitoring at the node level.

    - if FQDN node is in a non default route domain then there is no support for FQDN node currently. But there is a work around to it as per below

    https://devcentral.f5.com/s/articles/FQDN-nodes-in-non-default-route-domains?page=1

    • jonathanw84's avatar
      jonathanw84
      Icon for Cirrus rankCirrus

      Hi Sanjay,

       

      The firewall is definitely open. I can see the traffic going out to the FQDN node port. I've tried every monitor I can and they still revert back to marking it down. We are using the default route domain.

      • SanjayP's avatar
        SanjayP
        Icon for Nacreous rankNacreous

        take tcpdump. if you are seeing packets are egressing out from your network and seeing RST coming from the other end. you would need to check with the FQDN hosting team.