Forum Discussion
Amanpreet_Singh
Oct 06, 2015Cirrostratus
Hi Rajneesh,
The problem is not with the combination of Source Affinity with Least connection. The problem is using NAT on firewall and using source affinity. LB is assuming all the connections to be originating from a single client IP. Have you tried using "only Destination NAT" with LB having default route towards firewall? (assuming it as a traffic coming from Internet)
Regards, Aman
- Amanpreet_SinghOct 06, 2015CirrostratusThe other reasons I found hypothetically as - 1. If you are running below HF versions with known issue of uneven load balancing https://support.f5.com/kb/en-us/solutions/public/16000/400/sol16487.html?sr=46343907 2. If you have OneConnect profile enabled for this virtual server https://support.f5.com/kb/en-us/solutions/public/2000/000/sol2055.html 3. For the sake of information- https://support.f5.com/kb/en-us/solutions/public/10000/400/sol10430.html
- t_rajneesh_2252Oct 06, 2015NimbostratusThanks Amanpreet. Image and hotfix details running currently on box. ALso we are not using anyconnect profile here Image: BIGIP-11.6.0.0.0.401.iso HF: Hotfix-BIGIP-11.6.0.4.0.420-HF4.iso Model: BIG-IP 2200
- Amanpreet_SinghOct 07, 2015CirrostratusHi, Ok, that should not be a issue. Try to avoid Source Affinity when you are using NAT on firewall. Source persistence. "Source address affinity persistence directs session requests to the same server based solely on the source IP address of a packet" If your traffic is HTTP, I would rather suggest to go for cookie persistence.
- Amanpreet_SinghOct 07, 2015CirrostratusHi, Ok, that should not be a issue. Try to avoid Source Affinity when you are using NAT on firewall. Source persistence. "Source address affinity persistence directs session requests to the same server based solely on the source IP address of a packet" If your traffic is HTTP, I would rather suggest to go for cookie persistence.