Forum Discussion
You probably referring to LTM and not GTM, as GTM does not care about ports. I need more information about your configuration.
Can you please provide these parts of the configuration?
Datagroup hbss-port-exception
Virtual Server
Pool
- eric_haupt1Sep 28, 2017Nimbostratus
Why wouldn't GTM care about ports? It needs to allocate a local source port for both TCP and UDP when providing DNS LB to DNS servers, does it not?
I don't think the LB_SELECTED was the event that is able to identify the local port so I've shifted to calling it in the SERVER_CONNECTED event. This is working for us and I don't like it because it's brutal to the client, but this affects only TCP and we only see about 4 events per 12 hours that match across the 10 ports we want to avoid. The client would simply timeout and retransmit - thus getting a new port which is most likely no in the restricted port range.
when SERVER_CONNECTED { if { [class match [TCP::local_port] equals hbss-port-exception] } { log local0. "HBSS EXCEPTION LOG: [TCP::local_port] - GTM dropping" TCP::close } }
- eric_haupt1Sep 28, 2017Nimbostratus
hbss-port-exception is an integer data group simply containing a list of numbers
- Leonardo_Souza3Sep 28, 2017Nimbostratus
Nops, that is LTM functionality. Maybe you are referring to a GTM listener, that is an LTM virtual server.
GTM only answer to DNS requests, providing an answer to those queries. The port is not relevant for the GTM.
Anyway, without the configuration I asked for, I could only guess what is the problem.
- eric_haupt1Oct 02, 2017Nimbostratus
I'm sorry Leonardo but you are not correct here. There is a serverside context to GTM when used as a DNS LB via a GTM listener. Try this code on a GTM doing DNS delivery (DNS LB) and you will see for yourself:
when SERVER_CONNECTED { set client_remote "[IP::client_addr]:[TCP::client_port]" set client_local "[IP::local_addr clientside]:[TCP::local_port clientside]" set server_local "[IP::local_addr]:[TCP::local_port]" set server_remote "[IP::server_addr]:[TCP::server_port]" log local0. "Logged TCP Proxy DNS Connection: Client ($client_remote) <-> ($client_local) -GTM- ($server_local) <-> ($server_remote) Server" }