F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

jyulkbox_48590's avatar
jyulkbox_48590
Icon for Nimbostratus rankNimbostratus
Jun 14, 2010

Publicly accessible internal VLAN

Hello,     I'm trying to use Big IP for load balancing SIP servers. Unlike many of the discussions I read here my setup is such that each server needs to be accessible individually as well as l...
config
design
Chris_Miller's avatar
Chris_Miller
Icon for Altostratus rankAltostratus
Jun 14, 2010
You want to look at "Loose Intiate"

 

 

https://support.f5.com/kb/en-us/solutions/public/5000/400/sol5420.html

 

 

Occasionally, it may be necessary for the BIG-IP Local Traffic Manager (LTM) to pass asynchronous packets from a server. For example, if the BIG-IP LTM is deployed in a one-IP network topology with the node servers configured to use the BIG-IP as their gateway, and a client from a remote network connects directly to the node server (that is, sends a SYN packet directly to the node server), the node server's SYN/ACK response packet will be sent to the client through the BIG-IP LTM. If the BIG-IP LTM is not configured to accept and pass this packet, the packet will be dropped and the connection will fail.

 

In order to pass traffic to the client's network, you must configure the BIG-IP LTM with a forwarding virtual server. Typically, you would use a network or wildcard forwarding virtual server.

 

 

To enable BIG-IP to pass the asynchronous SYN/ACK packet, you must enable the Loose Initiation option in the FastL4 profile that is used by the forwarding virtual server.

 

 

Enabling Loose Initiation causes the system to initialize a connection when it receives any TCP packet, rather that requiring a SYN packet for connection initiation.

 

 

Enabling Loose Initiation on the FastL4 profile

 

Note: It is recommended that if you enable the Loose Initiation option, you also enable the Loose Close option. The Loose Close option specifies that the system closes a loosely-initiated connection when the system receives the first FIN packet from either the client or the server.

 

 

Important: Enabling Loose Initiation can permit stray packets to pass through the system. This can pose a security risk and reduce system performance.

 

 

To enable Loose Initiation on the FastL4 profile, perform the following steps:

 

 

From the Configuration utility, click Local Traffic.

 

 

Click Profiles.

 

 

From the Protocol dropdown tab, click FastL4.

 

 

Click the FastL4 profile used by your IP forwarding virtual server.

 

 

Check the Enabled checkbox for Loose Initiation.

 

 

Check the Enabled checkbox for Loose Close, if desired.

 

 

Click the Update button.