For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

HHeredia_36237's avatar
HHeredia_36237
Icon for Nimbostratus rankNimbostratus
May 09, 2015

GTM and asymmetric routing

Hi guys,

I have a question, hope you can give me some help as usual 🙂

Situation:

I have a GTM configuration for only one DataCenter with two links connected to a firewall. Services are published over the two links but the firewall has problems routing traffic using the same link where traffic arrives 

 i.e. if we open a ssh session using a service on Link 1, the traffic goes back through link  2. If we try the same over link 2, it goes back over link 2, which doesn't breaks the session.

 This happens when both links are UP.

LC/LTM could avoid this behavior using auto last-hop feature but it seems the firewall has issues with this thing. So i was wondering if I could create a config in GTM to resolve only DNS queries over link 2 and if it's not available, then resolve for link 1.

In LTM this could be solved by a Priority Group Activation but it is not available on GTM 😞

Any comment is really appreciated,

regards, hheredia

application delivery
availability
BIG-IP DNS
design
devops
iRules

1 Reply

  • Mohamed_Lrhazi's avatar
    Mohamed_Lrhazi
    Icon for Altocumulus rankAltocumulus
    May 11, 2015

    LC/LTM could avoid this behavior using auto last-hop feature but it seems the firewall has issues with this thing.

     

    Whats the issue? auto-last hop means the GTM will send replies to same FW that sent the request, which is what you need, right? Why would the FW not like the traffic is coming back the way it should?