Forum Discussion

kev_245_28249's avatar
kev_245_28249
Icon for Nimbostratus rankNimbostratus
Apr 22, 2011

Nexthop

Hi,   I am trying to configure the nexthop global cmd via an iRule inorder to send traffic to a particular gateway depending upon which vlan it hits.   In a simple vm lab I have one vlan 'Prod'...
application delivery
dev
devops
iRules
Zdenda's avatar
Zdenda
Icon for Cirrus rankCirrus

Hi, making this topic alive again..

Is this actually working for someone? I use very similar rule, just nexthop is defined on L3:

when CLIENT_ACCEPTED {
  snat automap
  node 10.253.1.205
  nexthop v814_10.231.65.16_m29 10.231.65.17
}

VIP settings like this:

ltm virtual testVIP {
    destination 10.34.26.20%80:any
    ip-protocol tcp
    mask 255.255.255.255
    partition test
    profiles {
        /Common/tcp-lan-optimized { }
    }
    rules {
        selectNode
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address disabled
    translate-port disabled
    vs-index 23
}

When client goes to 10.34.26.20 the connection is closed by LB and tcpdump shows a lot of SYN/RST traffic from LB to destination IP (63k packets last time). It looks like some internal loop. Client tested 1 connection using ftp.

"Translate address" on VS level is disabled, otherwise the nexthop command does not work and client gets TCP RST "No route to host"

I use 12.1.3 version.

StephanManthey's avatar
StephanManthey
Icon for MVP rankMVP
Mar 29, 2018

Hi Zdenda, you are working with a routing domain (

%80
in your example)? Very likely it will be required to specify the nexthop including the routing domain information (not tested): 

when CLIENT_ACCEPTED {
  snat automap
  node 10.253.1.205%80
  nexthop v814_10.231.65.16_m29 10.231.65.17%80
}

This might have been the cause for the no route error and will allow you to enable the destination NAT as it will be required for proper further routing. Cheers, Stephan