Forum Discussion

  • JoshBecigneul's avatar
    JoshBecigneul
    Icon for MVP rankMVP
    Dec 23, 2017

    You should consider checking out this article at AskF5: K7595: Overview of IP forwarding virtual servers

     

    IP Forwarding Virtual Servers act more like routers than a typical virtual server. They forward requests to the destination specified in the request, as opposed to sending the traffic to a pool member.

     

    One example is if you have a group of servers behind the BIG-IP, then you may use a IP forwarder to provide access to those systems for say, management purposes, with the BIG-IP acting as their gateway.

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Dec 23, 2017

    why is F5 changing source address here (we dont have SNAT enabled its none in the Forwarding IP virtual server)

    do you have snat list configured?

    "SNAT objects take effect on all traffic through a system, even a virtual server, unless that traffic is already subjected to SNATs by the virtual server"

    K9038: The order of precedence for local traffic object listeners

    https://support.f5.com/csp/article/K9038 
    200.200.200.111 is client
172.28.24.14 is floating self ip

root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual
ltm virtual this-is-fwd-vs {
    destination 0.0.0.0:0
    mask any
    profiles {
        fastL4 { }
    }
    source 0.0.0.0/0
    translate-address disabled
    translate-port disabled
    vs-index 2
}
root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm snat
ltm snat this-is-snat-list {
    automap
    origins {
        ::/0 { }
        0.0.0.0/0 { }
    }
}

[root@ve13a:Active:In Sync] config  tcpdump -nni 0.0 -s0 host 8.8.4.4
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:12:01.344544 IP 200.200.200.111.52881 > 8.8.4.4.53: 11480+ A? www.google.com. (32) in slot1/tmm0 lis=
14:12:01.344657 IP 172.28.24.14.49162 > 8.8.4.4.53: 11480+ A? www.google.com. (32) out slot1/tmm0 lis=/Common/this-is-fwd-vs
14:12:01.349591 IP 8.8.4.4.53 > 172.28.24.14.49162: 11480 6/0/0 A 74.125.24.99, A 74.125.24.103, A 74.125.24.147, A 74.125.24.106, A 74.125.24.105, A 74.125.24.104 (128) in slot1/tmm0 lis=/Common/this-is-fwd-vs
14:12:01.349605 IP 8.8.4.4.53 > 200.200.200.111.52881: 11480 6/0/0 A 74.125.24.99, A 74.125.24.103, A 74.125.24.147, A 74.125.24.106, A 74.125.24.105, A 74.125.24.104 (128) out slot1/tmm0 lis=/Common/this-is-fwd-vs