Forum Discussion

rameshr_132303's avatar
rameshr_132303
Icon for Nimbostratus rankNimbostratus
Mar 10, 2016

LTM not responding to iQuery

Hi All,

I currently have an existing solution which is like this:

GTM --> Layer 3 switch --> Trunk (vlans 1401 and 1402 allowed) --> LTM (self ips on vlan 1401 and 1402)

A simple diagram for this logically is like this:

    (vlan 1401)--->

Switch LTM (vlan 1402)--->

Now, the GTM needs to communicate with the self ip on vlan 1402, but to do that, it uses vlan 1401 as a transit to get there. when I did a tcp dump on the LTM for vlan 1401, I can see iQuery traffic coming from the GTM to the Self ip on vlan 1401, but when I do a tcpdump on vlan 1402, I can't see any iQuery traffic coming into the LTM. Seems to me like the LTM is dropping traffic when traffic comes from vlan selfip (1401) and going to another vlan self ip (1402).

Could someone help me understand why this is happening?

Thanks.

application delivery
BIG-IP
BIG-IP DNS
  • Brad_Parker_139's avatar
    Brad_Parker_139
    Mar 10, 2016

    BIG-IP does not respond to traffic destined for a self-ip if it is received on a different self-ip. I.e. if traffic destined for VLAN1402 is received on 1401, BIG-IP will drop it.

     

  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Mar 10, 2016

    BIG-IP does not respond to traffic destined for a self-ip if it is received on a different self-ip. I.e. if traffic destined for VLAN1402 is received on 1401, BIG-IP will drop it.

     

    • rameshr_132303's avatar
      rameshr_132303
      Icon for Nimbostratus rankNimbostratus
      Mar 10, 2016
      Hi Brad, Thanks for that; is this a security feature on the LTM and has this been outlined anywhere in F5 website/documentation? I ask this because, I haven't ever come across any information about this before and hence am wondering where F5 has documented this? Thanks.
    • Brad_Parker's avatar
      Brad_Parker
      Icon for Cirrus rankCirrus
      Mar 10, 2016
      Finally found it. Here you go. https://support.f5.com/kb/en-us/solutions/public/3000/400/sol3475.html
  • Brad_Parker_139's avatar
    Brad_Parker_139
    Icon for Nacreous rankNacreous
    Mar 10, 2016

    BIG-IP does not respond to traffic destined for a self-ip if it is received on a different self-ip. I.e. if traffic destined for VLAN1402 is received on 1401, BIG-IP will drop it.

     

    • rameshr_132303's avatar
      rameshr_132303
      Icon for Nimbostratus rankNimbostratus
      Mar 10, 2016
      Hi Brad, Thanks for that; is this a security feature on the LTM and has this been outlined anywhere in F5 website/documentation? I ask this because, I haven't ever come across any information about this before and hence am wondering where F5 has documented this? Thanks.
    • Brad_Parker_139's avatar
      Brad_Parker_139
      Icon for Nacreous rankNacreous
      Mar 10, 2016
      Finally found it. Here you go. https://support.f5.com/kb/en-us/solutions/public/3000/400/sol3475.html