Publicly accessible internal VLAN

Altostratus

Jun 15, 2010

You want to look at "Loose Intiate"

https://support.f5.com/kb/en-us/solutions/public/5000/400/sol5420.html

Occasionally, it may be necessary for the BIG-IP Local Traffic Manager (LTM) to pass asynchronous packets from a server. For example, if the BIG-IP LTM is deployed in a one-IP network topology with the node servers configured to use the BIG-IP as their gateway, and a client from a remote network connects directly to the node server (that is, sends a SYN packet directly to the node server), the node server's SYN/ACK response packet will be sent to the client through the BIG-IP LTM. If the BIG-IP LTM is not configured to accept and pass this packet, the packet will be dropped and the connection will fail.

In order to pass traffic to the client's network, you must configure the BIG-IP LTM with a forwarding virtual server. Typically, you would use a network or wildcard forwarding virtual server.

To enable BIG-IP to pass the asynchronous SYN/ACK packet, you must enable the Loose Initiation option in the FastL4 profile that is used by the forwarding virtual server.

Enabling Loose Initiation causes the system to initialize a connection when it receives any TCP packet, rather that requiring a SYN packet for connection initiation.

Enabling Loose Initiation on the FastL4 profile

Note: It is recommended that if you enable the Loose Initiation option, you also enable the Loose Close option. The Loose Close option specifies that the system closes a loosely-initiated connection when the system receives the first FIN packet from either the client or the server.

Important: Enabling Loose Initiation can permit stray packets to pass through the system. This can pose a security risk and reduce system performance.

To enable Loose Initiation on the FastL4 profile, perform the following steps:

From the Configuration utility, click Local Traffic.

Click Profiles.

From the Protocol dropdown tab, click FastL4.

Click the FastL4 profile used by your IP forwarding virtual server.

Check the Enabled checkbox for Loose Initiation.

Check the Enabled checkbox for Loose Close, if desired.

Click the Update button.

Forum Discussion

Publicly accessible internal VLAN

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Rewrite content in XML schema file.

Question regarding F5 Viprion Configuration Migration to VE.

Sending an HTTP request from iRule without delaying client requests

In F5 APM, how to include multiple DNS suffix?

Issue while migrating config from 4000s to r4600

Related Content

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

Load Balancing Omnissa Unified Access Gateway with BIG-IP LTM

Using F5 for load balancing internal traffic

2 internal server vlans

Overview of API Access Control and implementing API key access control with BIG-IP APM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS