Forum Discussion

sukhjit_hayre_3's avatar
sukhjit_hayre_3
Icon for Nimbostratus rankNimbostratus
Sep 01, 2017

forwarding virtual server not forwarding traffic for one traffic-group

Hi, I have some virtual LTMs running as active/active in a HA setup (lab scenario).

 

I've setup FVS with a wildcard profile per below

 

 

now for traffic-group-1 traffic comes in on the fvs and does not output or egress.

 

for traffic-group-2 it ingresses and egresses which is active on unit 2.

 

both ltms have a default-gateway set the same and both are on the /common partitions.

 

I've tried failing over to unit1/2 respectively with exactly the same results.

 

any ideas?

 

im running BIG-IP 12.0.0 Build 0.0.606 Final

 

I know this worked for me before running the exact same setup and OS version so wondering what ive done wrong this time...

 

thanks in advance

 

  • ltm snat snat-outbound-traffic {
        description snat-outbound-traffic
        mirror enabled
        origins {
            10.109.0.0/25 { }
        }
        translation /Common/10.109.16.1
        vlans {
            traffic-group1-vlan100
        }
        vlans-enabled
    }
    ltm snat-translation 10.109.16.1 {
        address 10.109.16.1
        inherited-traffic-group true
        traffic-group traffic-group-1
    }
    ltm virtual forwarding-virtual-server {
        description forwarding-virtual-server
        destination 0.0.0.0:any
        ip-forward
        mask any
        profiles {
            fastL4 { }
        }
        source 0.0.0.0/0
        translate-address disabled
        translate-port disabled
        vs-index 8
    

    Ok fixed, issue was a global snat rule which i didn't know existed, once deleted the FVS started to forward for TG1.

    thanks for the assistance, there's always a reason why!!

  • Hi,

     

    It may be a asymetric routing issue!

     

    Did you create a floating self ip for traffic group 2 used for routing on servers?

     

  • Sukhjit,

     

    Can you check the virtual address list ... Local Traffic ›› Virtual Servers : Virtual Address List

     

    Are the 0.0.0.0 virtual addresses correctly defined for each traffic group?

     

  • I don't understand what disabling arp/icmp for 0/0 would do?

     

    It is a requirement for 0.0.0.0 listeners. If you don't disable them at the virtual address, the BigIP will reply to any arp/ICMP requests without routing them.

     

    Show me the settings for the 0.0.0.0 virtual address on both LTMs.

     

    Thanks

     

  • ltm snat snat-outbound-traffic {
        description snat-outbound-traffic
        mirror enabled
        origins {
            10.109.0.0/25 { }
        }
        translation /Common/10.109.16.1
        vlans {
            traffic-group1-vlan100
        }
        vlans-enabled
    }
    ltm snat-translation 10.109.16.1 {
        address 10.109.16.1
        inherited-traffic-group true
        traffic-group traffic-group-1
    }
    ltm virtual forwarding-virtual-server {
        description forwarding-virtual-server
        destination 0.0.0.0:any
        ip-forward
        mask any
        profiles {
            fastL4 { }
        }
        source 0.0.0.0/0
        translate-address disabled
        translate-port disabled
        vs-index 8
    

    Ok fixed, issue was a global snat rule which i didn't know existed, once deleted the FVS started to forward for TG1.

    thanks for the assistance, there's always a reason why!!