Forum Discussion
Nexthop
Hi, making this topic alive again..
Is this actually working for someone? I use very similar rule, just nexthop is defined on L3:
when CLIENT_ACCEPTED {
snat automap
node 10.253.1.205
nexthop v814_10.231.65.16_m29 10.231.65.17
}
VIP settings like this:
ltm virtual testVIP {
destination 10.34.26.20%80:any
ip-protocol tcp
mask 255.255.255.255
partition test
profiles {
/Common/tcp-lan-optimized { }
}
rules {
selectNode
}
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address disabled
translate-port disabled
vs-index 23
}
When client goes to 10.34.26.20 the connection is closed by LB and tcpdump shows a lot of SYN/RST traffic from LB to destination IP (63k packets last time). It looks like some internal loop. Client tested 1 connection using ftp.
"Translate address" on VS level is disabled, otherwise the nexthop command does not work and client gets TCP RST "No route to host"
I use 12.1.3 version.
- Mar 29, 2018
Hi Zdenda, you are working with a routing domain (
in your example)? Very likely it will be required to specify the nexthop including the routing domain information (not tested):%80
when CLIENT_ACCEPTED { snat automap node 10.253.1.205%80 nexthop v814_10.231.65.16_m29 10.231.65.17%80 }
This might have been the cause for the no route error and will allow you to enable the destination NAT as it will be required for proper further routing. Cheers, Stephan
- Zdenda_101923Mar 29, 2018Altocumulus
Tried that as well as full path of vlan /partition/vlan. Still the same.
For me it looks that F5 does not support DNAT (change VIP IP to server IP in packet) and using nexthop command on the same VIP. (I noticed that issue on some older post here in devcentral using version 9.x, looks like F5 did not fix that yet)
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com