Forum Discussion

sukhjit_hayre_3's avatar
sukhjit_hayre_3
Icon for Nimbostratus rankNimbostratus
Sep 01, 2017

forwarding virtual server not forwarding traffic for one traffic-group

Hi, I have some virtual LTMs running as active/active in a HA setup (lab scenario).

 

I've setup FVS with a wildcard profile per below

 

 

now for traffic-group-1 traffic comes in on the fvs and does not output or egress.

 

for traffic-group-2 it ingresses and egresses which is active on unit 2.

 

both ltms have a default-gateway set the same and both are on the /common partitions.

 

I've tried failing over to unit1/2 respectively with exactly the same results.

 

any ideas?

 

im running BIG-IP 12.0.0 Build 0.0.606 Final

 

I know this worked for me before running the exact same setup and OS version so wondering what ive done wrong this time...

 

thanks in advance

 

application delivery
BIG-IP
LTM
  • sukhjit_hayre_3's avatar
    sukhjit_hayre_3
    Sep 07, 2017
    ltm snat snat-outbound-traffic {
    description snat-outbound-traffic
    mirror enabled
    origins {
        10.109.0.0/25 { }
    }
    translation /Common/10.109.16.1
    vlans {
        traffic-group1-vlan100
    }
    vlans-enabled
}
ltm snat-translation 10.109.16.1 {
    address 10.109.16.1
    inherited-traffic-group true
    traffic-group traffic-group-1
}
ltm virtual forwarding-virtual-server {
    description forwarding-virtual-server
    destination 0.0.0.0:any
    ip-forward
    mask any
    profiles {
        fastL4 { }
    }
    source 0.0.0.0/0
    translate-address disabled
    translate-port disabled
    vs-index 8

    Ok fixed, issue was a global snat rule which i didn't know existed, once deleted the FVS started to forward for TG1.

    thanks for the assistance, there's always a reason why!!

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Sep 03, 2017

    Hi,

     

    It may be a asymetric routing issue!

     

    Did you create a floating self ip for traffic group 2 used for routing on servers?

     

  • Simon_Blakely's avatar
    Simon_Blakely
    Icon for Employee rankEmployee
    Sep 03, 2017

    Sukhjit,

     

    Can you check the virtual address list ... Local Traffic ›› Virtual Servers : Virtual Address List

     

    Are the 0.0.0.0 virtual addresses correctly defined for each traffic group?

     

  • Simon_Blakely's avatar
    Simon_Blakely
    Icon for Employee rankEmployee
    Sep 06, 2017

    I don't understand what disabling arp/icmp for 0/0 would do?

     

    It is a requirement for 0.0.0.0 listeners. If you don't disable them at the virtual address, the BigIP will reply to any arp/ICMP requests without routing them.

     

    Show me the settings for the 0.0.0.0 virtual address on both LTMs.

     

    Thanks

     

  • sukhjit_hayre_3's avatar
    sukhjit_hayre_3
    Icon for Nimbostratus rankNimbostratus
    Sep 07, 2017
    ltm snat snat-outbound-traffic {
    description snat-outbound-traffic
    mirror enabled
    origins {
        10.109.0.0/25 { }
    }
    translation /Common/10.109.16.1
    vlans {
        traffic-group1-vlan100
    }
    vlans-enabled
}
ltm snat-translation 10.109.16.1 {
    address 10.109.16.1
    inherited-traffic-group true
    traffic-group traffic-group-1
}
ltm virtual forwarding-virtual-server {
    description forwarding-virtual-server
    destination 0.0.0.0:any
    ip-forward
    mask any
    profiles {
        fastL4 { }
    }
    source 0.0.0.0/0
    translate-address disabled
    translate-port disabled
    vs-index 8

    Ok fixed, issue was a global snat rule which i didn't know existed, once deleted the FVS started to forward for TG1.

    thanks for the assistance, there's always a reason why!!