Forum Discussion
Network Forwarding VS and traffic
Hi,is correct to thinkthat theNetwork Forwarding VScan solvethis requirement,and if so, what parameters should I look?
This is my first post and i'm having trouble with a network forwarding VS configuration.
This is the scenario.
ServerTSM ServerMonitor
192.168.8.180/25 192.168.8.190/25
| |
|
VRRP Gateway
192.168.8.250
|
|
ExtVLAN
192.168.8.240/25
LTM
192.168.9.120/26
IntVLAN
|
|
TSMClient
192.168.9.70/26
There are other VSs configured, but not affect this traffic.
LTM Default Gateway: 192.168.8.250
TSMClient Default Gateway: 192.168.9.120
Default routing behavior.
I need to pass traffic from the external VLAN to the internal VLAN for Backup & Restore traffic (IBM TSM) and monitoring (SNMP) - Administrative Purpose (Telnet, SSH).
So i decided based on F5 literature, that a Network Forwarding VS was the most suitable solution, but it did not work.
So i did capture traffic to see what was happening. My surprise was that ICMP traffic came and went without any problems on the external VLAN servers, but for some reason, snmp, ssh, telnet traffic, coming through the external VLAN to LTM, exit to the internal VLAN, but did not return any response.
Thanks for all.
nitassEmployee
for some reason, snmp, ssh, telnet traffic, coming through the external VLAN to LTM, exit to the internal VLAN, but did not return any response.was it syn packet? what bigip platform are you using? if it has pva chip, pva has to be disabled before.
sol6546: Recommended methods and limitations for running tcpdump on a BIG-IP system
https://support.f5.com/kb/en-us/solutions/public/6000/500/sol6546.html?sr=17538338- Yes, there is no SYN-ACK from the TSM Client.
The platform are two BIG-IP 3600 10.2
OK. I'll try with PVA disabled. - nitassI'll try with PVA disabled.3600 platform does not have pva chip.
there is no SYN-ACK from the TSM Client.does client send syn-ack? can you check on client machine? - I don't know. I'm afraid that i can't access to the client machine until tomorrow.
I'll try to sniffing the client machine port, and see what's happened with the TCP segment.
Any other idea about what can i check or recheck for troubleshooting? - nitasswhat tcpdump command did you use?
if nat/snat is not used, can you try this one?
tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host x.x.x.x and host y.y.y.y
x.x.x.x is source ip address e.g. tsm server, server monitor
y.y.y.y is destination ip address e.g. tsm client - Hi,
Yesterday I tried the Host Forwarding instead of Network Forwarding and after making some troubleshooting, we find that the local Firewall on the client machine was preventing the return of answers to some protocols and IPs, including the forwarding IP.
So, I guess that the local Firewalls of the other clients were preventing the Network Forwarding VS receive the response.
Thanks for all!!! ;-)
