Communications problems between servers

some questions: - what is the default gateway of the servers? does that device know the route to 192.162.3.0/24? - is virtual server 192.162.3.2 enabled on vlan1? - where did you make that tcpdump and with which arguments?

without more background i could imagine the reply from server A or B won't go via the BIG-IP as it is in the same network as server C and SNAT isn't used. so server A or B might go directly to server C. have you checked that is possible and happening?

The default gateway of the servers is the BIG-IP.

Yes, this IP is enabled on both VLANs.

The tcpdump we have done is on the BIG-IP with this options:

tcpdump -i any src host 192.168.1.1 or dst host 192.168.1.1 or src host 192.168.1.2 or dst host 192.168.1.2 or src host 192.168.1.5

Thanks !!!

Can you add the -e flag to tcpdump to verify which interface and the correct tagging of the packets.

H

could you make it simpler and add Hamish flag to be sure we don't miss something:

tcpdump -i 0.0 -nn -e host 192.168.1.1 or host 192.168.1.3 or host 192.168.1.5

and try again

also is it possible to capture packets on the actual servers to see if they communicate between themselves?

Now we have this on the tcpdump:

08:51:34.775753 00:1f:29:0b:21:a6 (oui Unknown) > 00:01:d7:92:e4:87 (oui Unknown), ethertype 802.1Q (0x8100), length 66: vlan 32, p 0, ethertype IPv4, 192.168.1.5.drmsfsd > 192.168.3.2.http: S 867528809:867528809(0) win 65535

In the servers (A and B), we don´t see any packet from the BIGIP or from server C, there is no connection between them.

sorry, when it indicates vlan 32 it meens vlan 1

in the tcpdump it also appears these lines:

08:51:37.741338 00:1f:29:0b:21:a6 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, ethertype ARP, arp who-has 192.168.1.10 tell 192.168.1.5

08:51:37.741357 00:1f:29:0b:21:a6 (oui Unknown) > 00:01:d7:92:e4:87 (oui Unknown), ethertype 802.1Q (0x8100), length 66: vlan 1, p 0, ethertype IPv4, 192.168.1.5.drmsfsd > 192.168.3.2.http: S 867528809:867528809(0) win 65535 

192.168.1.10 is the gateway for the servers, and it is the BIG-IP.

you are probably trying to hide some things from us or make it more simple, you could edit your earlier post instead though :)

you also didn't execute the command as requested i still see ports being translated in names, and possibly you still use -i any, something im not sure might have odd results, could you do it as requested?

are you using route domains? or config partitions?

also is it possible to do it without filters? is the box loaded, are there more virtual servers?

the BIG-IP we are using has thousands of connections, I´m trying to put just the connections with this machines, since we have several connections from clients (most of them)

I´m going to send you the output of -i, let me do it please

we are not using router domains or config partitions

Yes, In this BIG-IP there more Virtual Servers, more than 12...

Hi,

Until you have fixed a correct tcpdump that I belive will show that the request from the server c will be LB to A or B it will not work. You need to put a snat rule for connection to the vs for traffic from the server c. That because you have a asymetric situation here. when the connection will be loadbalanced to server a or b they will see that the src is from server c and on the same vlan so they will send the traffic directly to the server and bypass the f5. easy way if you have problem with the f5 tcpdump and filtering is to do a tcpdump on server c and look for the server a or b address and you should see syn-ack:s =)

Br

Beinhard