Layer7 API Management

  • 1.  Route via Raw TCP

    Posted Oct 24, 2017 05:32 PM

    I have a need to route a request to an F5 load balancer setup with a protocol of TCP.

     

    Using the Route via HTTP fails I assume because of the LB protocol of TCP.  I am having issues setting up the Route via Raw TCP assertion as it continues to fail.  

     

    Questions:

    • will changing the Load Balancer to protocol of HTTP solve the issue?
    • what's the secret to setting up the Route via Raw TCP and Manage Listen Port for l7.raw.tcp?
    • do we just drop the F5 Load Balancer and use the HTTP connection balancing built into the assertion?

     

    This is my first attempt setting up a policy for a group of servers that are already load balanced using F5 under the TCP protocol.  Any help would be appreciated.

     

    Rick Reed

    FedEx Services



  • 2.  Re: Route via Raw TCP

    Posted Oct 25, 2017 03:11 PM

    Hey Rick

     

    Does your balancer terminate SSL?

     

    we usually recommend using Load Balancer over HTTP connection balancing built into the assertion, it works and handles the traffic better. 

     

    You said "Raw TCP assertion as it continues to fail. " Do you have any errors or audits why does it fail?

     

    Have you done tcpdump on gateway or LB to see why it fails?

    Thanks 

    Kemal 



  • 3.  Re: Route via Raw TCP

    Posted Oct 25, 2017 04:06 PM

    Kemal, thank you for your reply.  This is my first attempt at using the Route using RAW TCP assertion so highly probable I have something not setup correct.  Here are my Raw TCP Routing Properties. 

    The following is what appears in my audit log when I try to use the policy

    And finally this is my Manage Listener setup for the l7.raw.tcp

     

    As I stated, my experience in policy management is limited at this point.  This is my first time setting up policies that need to go against a Load Balancer instead of just a direct redirect to an IP address (single server).  

    I wasn't able to run the tcpdump command on the gateway as it wasn't recognized.  I will have to check with my system admin team for details on how to get it activated.



  • 4.  Re: Route via Raw TCP
    Best Answer

    Broadcom Employee
    Posted Oct 30, 2017 10:20 AM

    Rick,

    Its getting a connection refused according to the audits. Have you taken a look at a sniffer? Is there anything in between blocking? Or are sure the raw.tcp is the way to go and this connection is not being refused due to a required certificate or something which might be evident in a sniffer output? 

    I would probably suggest a support case since this will likely require what you are trying to accomplish (Use Case) and some detailed configuration requirements. 



  • 5.  Re: Route via Raw TCP

    Broadcom Employee
    Posted Nov 15, 2017 02:59 PM

    Good afternoon,

     

    Were you able to get this working in your environment?

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support