Forum Discussion
NimbostratusLTM networking issue:
HI There, a quick networking question: Two modes of networking are implemented in our BIG-IP v12.1.2 active/standby setup:
- F5 as L3 of servers. With wildcad forwarding VS and forwarding fastL4 protocol profile.
- F5 as a bridge to an FWSM firewall. FWSM is L3 of servers . F5 bridge is established by aggregating two VLANs in a single VLAN group, with a single self-IP for the VLAN group. This mode is useful when we want traffic to go through both F5 and FWSM.
Both modes described are supplying full connectivty to the servers reside on the networks, with one exception, which is the cause of the issue: Servers that reside on the bridged networks are unable to establish TCP/UDP connectivity to servers that reside on routed networks (F5 as L3). All other directions of connectivity are succeeded:
The only faulty direction, in terms of establishing connections, is from hosts on bridged networks to hosts in routed networks.
Also: no SNAT is used in our setup. We have rotues all the way in our VLAN based network.
Any suggestion on troublshooting this? Thanks!
11 Replies
gersbahCirrostratus
Do you have Loose Initiation enabled on the forwarding VS? If so (or maybe even if not) you could look into the VS attribute "Source Port: Preserve Strict" and/or the global option "VLAN-keyed connections".
I can't possibly tell if this is the reason for your problems. But your description sounds vaguely familiar to an issue I had once, where SYNACK Responses (received on a different VLAN than the original SYN, with VLAN-keyed Connections disabled at the time) were treated as new connections, their source port (which was actually the destination port of the SYN) was re-mapped and therefore the TCP handshake failed.
