Forum Discussion

kev_245_28249's avatar
kev_245_28249
Icon for Nimbostratus rankNimbostratus
Apr 22, 2011

Nexthop

Hi,   I am trying to configure the nexthop global cmd via an iRule inorder to send traffic to a particular gateway depending upon which vlan it hits.   In a simple vm lab I have one vlan 'Prod'...
application delivery
dev
devops
iRules
Zdenda_101923's avatar
Zdenda_101923
Icon for Altocumulus rankAltocumulus

Hi, making this topic alive again..

Is this actually working for someone? I use very similar rule, just nexthop is defined on L3:

when CLIENT_ACCEPTED {
  snat automap
  node 10.253.1.205
  nexthop v814_10.231.65.16_m29 10.231.65.17
}

VIP settings like this:

ltm virtual testVIP {
    destination 10.34.26.20%80:any
    ip-protocol tcp
    mask 255.255.255.255
    partition test
    profiles {
        /Common/tcp-lan-optimized { }
    }
    rules {
        selectNode
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address disabled
    translate-port disabled
    vs-index 23
}

When client goes to 10.34.26.20 the connection is closed by LB and tcpdump shows a lot of SYN/RST traffic from LB to destination IP (63k packets last time). It looks like some internal loop. Client tested 1 connection using ftp.

"Translate address" on VS level is disabled, otherwise the nexthop command does not work and client gets TCP RST "No route to host"

I use 12.1.3 version.

Zdenda_101923's avatar
Zdenda_101923
Icon for Altocumulus rankAltocumulus
Mar 29, 2018

Tried that as well as full path of vlan /partition/vlan. Still the same.

 

For me it looks that F5 does not support DNAT (change VIP IP to server IP in packet) and using nexthop command on the same VIP. (I noticed that issue on some older post here in devcentral using version 9.x, looks like F5 did not fix that yet)