Forum Discussion

longnv's avatar
longnv
Icon for Cirrus rankCirrus
Nov 22, 2022
Solved

F5 Bigip LTM NAT64 config

Hi everybody,

I have a problem with VS using IPv6 and Pool, Node IPv4.

My config :

- VS type is Performance Layer 4;  

- Source Address Translation: none

- Address Translation: enable

- Port Translation: enable

-NAT64: enable

With same Pool member for VS using ipv4 then VS working, but when I connection to VS ipv6 then have error : ERR_CONNECTION_REFUSED

Have any ideal for this problem? Thanks

 

 

application delivery
  • longnv's avatar
    longnv
    Nov 23, 2022

    This problem has resolved. TCP conection from F5 to internal over 64k connection, so a new tcp session is started with the same ports  => tcp connection reset. Need SNAT with other self ip connection to internal.

31 Replies

Sort By
Show More
  • mihaic's avatar
    mihaic
    Icon for MVP rankMVP
    Nov 22, 2022

    If the logs/tcpdump  don't offer any more info, than you probably need to open a ticket with F5.

    I am curious what the issue is. So please share it.

     

    • longnv's avatar
      longnv
      Icon for Cirrus rankCirrus
      Nov 22, 2022

      My device has expired license support, so I can't open support case. 😞

      If i can resolve this problem, I will share for you

  • longnv's avatar
    longnv
    Icon for Cirrus rankCirrus
    Nov 23, 2022

    I tried create 2 VS diffirent are VS_IPv6_1  and VS_IPv6_2 with same pool P_p6435 but VS_IPv6_1 working and VS_IPv6_2 not work with message ERR_CONNECTION_REFUSED. I don't understand where the problem lies

    ltm virtual VS_IPv6_1 {
    destination xxxx:xxxx:xxx::77.https
    ip-protocol tcp
    pool P_p6435
    profiles {
    fastL4 { }
    }
    translate-address enabled
    translate-port enabled
    vs-index 1160
    }

    ltm virtual VS_IPV6_2 {
    destination xxxx:xxxx:xxx::11.https
    ip-protocol tcp
    pool P_p6435
    profiles {
    fastL4 { }
    }
    translate-address enabled
    translate-port enabled
    vs-index 808

     

    • hoangnv's avatar
      hoangnv
      Icon for Nimbostratus rankNimbostratus
      Nov 23, 2022

      Hi ,  Mihaic 

      Yes , so now what should i do to check the issue.

       
      • mihaic's avatar
        mihaic
        Icon for MVP rankMVP
        Nov 23, 2022

        well, a tcpdump and some logs are a starting point.

        tcpdump -ni 0.0:nnnp -s0 -c 100000 -w /var/tmp/capture.pcap host 2001:df1:1f40::11