Forum Discussion
npath dsr configuration ltm 11.x
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-1-0/6.html
however it may be that some of the guide appears from 2 different sources ( different vip's mentioned ) that may be causing some confusion for me.
Basically I've got an ltm test system setup and server as so
f5 test vip
10.10.220.63
perf fastL4 profile with Loose Close off
i.e.
vip is as so
ltm virtual npath_tcp {
destination 10.10.220.63:any
ip-protocol tcp
mask 255.255.255.255
pool npath_ipip_pool
profiles {
fastl4_npath_pva { }
}
translate-address disabled
translate-port disabled
vlans-disabled
}
pool was created per doc as well
ltm pool npath_ipip_pool {
allow-nat no
members {
10.10.220.66:any {
address 10.10.220.66
session monitor-enabled
state down
}
}
monitor min 1 of { t.ipip }
profiles {
ipip
}
}
on the host
module ipip is loaded
all settings are loaded into proc as document and the interfaces are set as
eth0- 10.10.220.66
lo:0 - 10.10.220.63
tunl0 - 10.10.220.66
if I run tcpdump on the interfaces and attempt to connect from the other end I see no traffic
what am I doing wrong?
- hooleylistCirrostratusHi,
- bman_12685NimbostratusBased off docs for version 11.2.x pool does not require an additional self ip for DSR, pool member is marked up and I can tcpdump on the pool member and see the traffic request for whatever port I attempt to test.
- bman_12685NimbostratusI've been pulling my hair out on this one a bit and moved it to a separate pair of f5's that are behind a firewall, so the configuration is more textbook, I have the same issue the only other thing I can think of if someone has any input would be in the way I am testing.
- Zeljko_123076Nimbostratus
Hi Could anyone please confirm source IP of the IPIP tunnel between F5 and server...
I did verification of L3 DSR (for SIP,DHCP/UDP) using virtual edition 11.3 and couldn't get LB to source the tunnel from it's IP - it always used client IP as a source of the tunnel (unless SNAT was enabled but then both tunnel and client IPs are changed).
I cannot get my server ('black box') to accept IPIP tunnel from anywhere. Is there a way to force F5 to use it's IP as source of IP (or GRE) tunnel in npath l3?
Thank you for your time /Zeljko
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com