Performance layer 4 VIP for SMTP not balancing

With a fastL4 vip hardware acceleration should be in use if your platform supports it. If that is the case the traffic would not be visible to tcpdump after the SYN to the servers (I can't remember if the SYN itself would be visible between the LTM and the servers if ePVA is being used). So it's possible that the some traffic is leaving the LTM and you just can't see it without disabling hardware acceleration for that vip.

That said, there are many things that could cause what you describe and we don't have enough information to draw any conclusions. Would you be able to post your virtual-server, pool, and self-ip info? Are the servers on the same network as the LTM, or is the LTM using a GW to reach them? Is the functional VIP on the same LTM, or do you mean that a similar vip on a different LTM works fine? Does the LTM successfully handle traffic for any other servers on the same network as these servers, or are these the only servers on that network that the LTM supports?

Thanks for the reply. The none working VIP is 10.229.103.49 NATpool 10.229.104.49 The working the working one is 10.229.103.37 NATpool 10.229.104.37

So they both exist on the same device in the same partition etc

The working one goes to a different set of server on a different subnet but the none working goes to 15.91.67.251 and 68.251 These aren't the real addresses but are NAT address on the other side of the firewall.

self IPs are 10.229.103.2 external and 10.229.104.2 internal

The LTM is a Viprion with dozens of servers and pools but these nodes are on a different network to the rest. There is a route and I would have thought if the monitors work then so should the vip. If the monitors are on 104.2 and the SNAT is 104.49 then the route should apply. 15.91.67.0/24 GW 10.229.104.1 and 10.91.68.0/24 10.229.104.1. Its the same gateway every other route uses.

The INFO about performance layer 4 is interesting although I can see traffic to the working VIP.

Your assumption regarding expected behavior when a route is present is correct (assuming you are referring to a data-plane route).

I can think of half a dozen different ways to move forward, but all of them would require posting a lot of information with a lot of back-and-forth for troubleshooting. For that reason I'd recommend contacting support. For that reason I'd recommend contacting support. I'd be going through the same things they will, and they won't have you posting half your config to a publicly accessible site. :)

--jesse

It has 2 pool members that are up using a SMTP monitor and the VIP is up. However when I do a TCPdump I see the client trying to connect and the traffic just disappearing. No balancing, no traffic from the SNAT address to the servers.

what tcpdump filter did you use? if route is configured properly, you should see at least syn packet.

OK I found the problem. There was a Packet filter on port 25 that didn't include the new VIP. I have no idea why someone would set up a packet filter with logging disabled but once the new VIP was put into the rule it all worked.

Thanks everyone for your input.