LOAD-BALANCING FOR INTERNAL TRAFFIC

Question

Hi
I want to confirm if this is feasible. We have a requirement to have internal servers initiate tcp traffic to a VS interface on the loadbalancers outside interface, which will then talke to other internal servers?
This has been setup and we can have ping connectivity but when we try http the page doesnt display.
On looking closer I can see that there are issues with MSS negotiations between the internal servers.&nbsp;
458828 IP (tos 0x0, ttl 128, id 15724, offset 0, flags [DF], proto: TCP (6), length: 52) 172.22.13.16.57876 &gt; 172.22.14.8.8983: S, cksum 0x7926 (correct), 4215431734:4215431734(0) win 8192 
458865 IP (tos 0x0, ttl 255, id 11617, offset 0, flags [DF], proto: TCP (6), length: 48) 172.22.14.8.8983 &gt; 172.22.13.16.57876: S, cksum 0x7367 (incorrect (-&gt; 0x0d19), 1754343263:1754343263(0) ack 4215431735 win 4380 
460378 IP (tos 0x0, ttl 128, id 15725, offset 0, flags [DF], proto: TCP (6), length: 40) 172.22.13.16.57876 &gt; 172.22.14.8.8983: ., cksum 0x4f07 (correct), 1:1(0) ack 1 win 64240
460452 IP (tos 0x0, ttl 255, id 11620, offset 0, flags [DF], proto: TCP (6), length: 48) 172.22.13.16.57876 &gt; 172.22.13.50.8983: S, cksum 0x7291 (incorrect (-&gt; 0xb7d8), 1927401647:1927401647(0) win 4380 
461752 IP (tos 0x0, ttl 128, id 15727, offset 0, flags [DF], proto: TCP (6), length: 304) 172.22.13.16.57876 &gt; 172.22.14.8.8983: P 1:265(264) ack 1 win 64240
461768 IP (tos 0x0, ttl 255, id 11623, offset 0, flags [DF], proto: TCP (6), length: 40) 172.22.14.8.8983 &gt; 172.22.13.16.57876: ., cksum 0x735f (incorrect (-&gt; 0x36cc), 1:1(0) ack 265 win 4644
460494 IP (tos 0x0, ttl 255, id 11630, offset 0, flags [DF], proto: TCP (6), length: 48) 172.22.13.16.57876 &gt; 172.22.13.50.8983: S, cksum 0x7291 (incorrect (-&gt; 0xb7d8), 1927401647:1927401647(0) win 4380 
461895 IP (tos 0x0, ttl 255, id 11643, offset 0, flags [DF], proto: TCP (6), length: 48) 172.22.13.16.57876 &gt; 172.22.13.50.8983: S, cksum 0x7291 (incorrect (-&gt; 0xb7d8), 1927401647:1927401647(0) win 4380 
461331 IP (tos 0x0, ttl 255, id 11652, offset 0, flags [DF], proto: TCP (6), length: 48) 172.22.13.16.57876 &gt; 172.22.13.50.8983: S, cksum 0x7291 (incorrect (-&gt; 0xb7d8), 1927401647:1927401647(0) win 4380 
462315 IP (tos 0x0, ttl 255, id 11668, offset 0, flags [DF], proto: TCP (6), length: 40) 172.22.14.8.8983 &gt; 172.22.13.16.57876: R, cksum 0x735f (incorrect (-&gt; 0x36c8), 1:1(0) ack 265 win 4644&nbsp;

techgeeeg · Answer

Hi C2,&nbsp;
Just make sure you have selected Snat automap in VS configuration (This is the VS to which servers are sending the connection). I believe it will work if you have not enabled it initially.&nbsp;
Regards,&nbsp;

c2zer0_13011 · Answer

Techgeeg hi&nbsp;
Thanks for that, it did the trick. &nbsp;

techgeeeg · Answer

And what was that something which was stopping it from working??&nbsp;

c2zer0_13011 · Answer

Yes once this was changed on the VS the page was displayed. &nbsp;

techgeeeg · Answer

You mean you just enabled the snat on the VS?&nbsp;

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

LOAD-BALANCING FOR INTERNAL TRAFFIC

7 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can't access on prem dns when using F5LTM as a gateway

Issue with TLS Version 1.1 Deprecated Protocol

Service discovery is not happening in AS3

Load balanced RDP VIP use in APM

Deleting an AS3 Tenant

Related Content

Using F5 for load balancing internal traffic

Transparent Load Balancing in Azure

Four Active/Active load balancing examples with F5 BIG-IP and Azure Load Balancer

Practical considerations for using Azure internal load balancer and BIG-IP

How to achieve hiding internal URLs and HTTP dynamic redirection with F5 XC HTTP Load Balancer

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS