For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

swjo_264656's avatar
swjo_264656
Icon for Cirrostratus rankCirrostratus
Nov 22, 2017

Multi L3DSR traffic handling

Hi guys.

I have question regarding Multi L3DSR using SDN license.

client -> L4-1

s VIP -> L4-2
s VIP -> Server.

all of topology is L3DSR, using encapsulation IPIP.

this is L4-1`s configuration

ltm virtual /Common/VS_10.10.10.10-80-L3DSR { destination /Common/10.10.10.10:80 ip-protocol tcp mask 255.255.255.255 pool /Common/P-10.10.10.10-80-L3DSR_check_10.10.10.10 profiles { /Common/L3DSR-TCP-Profile { } } source 0.0.0.0/0 translate-address disabled translate-port disabled } ltm profile fastl4 /Common/L3DSR-TCP-Profile { app-service none defaults-from /Common/fastL4 hardware-syn-cookie disabled idle-timeout 300 loose-close enabled pva-offload-dynamic disabled tcp-handshake-timeout 10 } ltm pool /Common/P-10.10.10.10-80-L3DSR_check_10.10.10.10 { members { /Common/20.20.20.4:80 { address 20.20.20.4 ---> this is L4-2`s self IP. } } monitor /Common/M-10.10.10.10-HTTP-80-L3DSR profiles { /Common/ipip } } ltm monitor tcp /Common/M-10.10.10.10-HTTP-80-L3DSR { adaptive disabled defaults-from /Common/tcp destination 10.10.10.10:80 interval 5 ip-dscp 0 recv none recv-disable none send none time-until-up 0 timeout 11 transparent enabled } net tunnels tunnel /Common/TEST_tunnel-1 { local-address 10.10.10.4 mode outbound profile /Common/ipip remote-address 20.20.20.4 }

ltm virtual /Common/VS_10.10.10.10-80-L3DSR { destination /Common/10.10.10.10:80 ip-protocol tcp mask 255.255.255.255 pool /Common/P-10.10.10.10-80-L3DSR profiles { /Common/L3DSR-TCP-Profile { } } source 0.0.0.0/0 translate-address disabled translate-port disabled vlans { /Common/TEST_tunnel-2 } vlans-enabled } ltm pool /Common/P-10.10.10.10-80-L3DSR { members { /Common/50.50.50.100:80 { address 50.50.50.100 --> this is Real server } } monitor /Common/M-10.10.10.10-HTTP-80-L3DSR profiles { /Common/ipip } } ltm monitor tcp /Common/M-10.10.10.10-HTTP-80-L3DSR { adaptive disabled defaults-from /Common/tcp destination 10.10.10.10:80 interval 5 ip-dscp 0 recv none recv-disable none send none time-until-up 0 timeout 11 transparent enabled } net tunnels tunnel /Common/TEST_tunnel-2 { local-address 20.20.20.4 mode outbound profile /Common/ipip remote-address 10.10.10.4 }

In this case, Health check is up. but regarding client traffic, L4-2 didn`t handling and have destination unreachable messages.

All of L4`s gateway is L3. and this test network is private and isolated public.

Is there anyone to resolve this issue?

thank you.

application delivery
BIG-IP
l3dsr
LTM
sdn
No RepliesBe the first to reply