For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rgalvan_76808's avatar
rgalvan_76808
Icon for Nimbostratus rankNimbostratus
Nov 07, 2012

Redirect All TCP Traffic

Did somebody have experience in using F5 to refirect all tcp traffic to a wan optimization appliance like BlueCoat or Riverbed.

 

For example:

 

virtual WanOp {

 

destination 0.0.0.0:0

 

ip protocol tcp

 

profile fastL4

 

pool WanOp

 

}

 

pool WanOp {

 

monitor all tcp

 

member 10.10.10.1:0

 

}

 

What I need is to redirect all tcp traffic and also the server responses (Inbound/Outbound) because im using IP-Spoofing and i dont want asymmetrical routing that could break the connections.

 

Thanks for your help.

 

Regards!

 

application delivery
dev
devops
iRules

7 Replies

  • Mohamed_Lrhazi's avatar
    Mohamed_Lrhazi
    Icon for Altocumulus rankAltocumulus
    Nov 07, 2012
    All TCP traffic need to go to 10.10.10.1? What about UDP traffic?

     

    What if you made 10.10.10.1 the default gateway, and just dropped all UDP traffic?

     

     

  • rgalvan_76808's avatar
    rgalvan_76808
    Icon for Nimbostratus rankNimbostratus
    Nov 08, 2012

    I need only TCP redirection, and I can´t use it as a default gateway because the Wan Op appliance will become in a sigle point of failure, previusly I was using WCCP but it is not enough intelligent to notice if the Wan Op is processing traffic or not, thats why we are using F5.

     

     

    Diagram:

     

    WAN Routers ======= F5 in HA ========= Core Switch

     

    l l

     

    Wan Op Appliance

     

    *Wan Op appliance is connected to F5

     

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 08, 2012
    Shame you can't just use WOM! =]

     

     

    How are you going to test (from and with the F5) if the appliance is processing traffic or not?
  • rgalvan_76808's avatar
    rgalvan_76808
    Icon for Nimbostratus rankNimbostratus
    Nov 08, 2012

    Wan Op appliances have some acceleration tests to see if it is processig traffic or not, we can use this tests on CLI or Web and depending on the result, the F5 should redirect or not the traffic

     

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 08, 2012
    Sorry, I meant, can the F5 direct the traffic to the WAN Op device via IP? What I'm thinking is you use two wildcard VS's, one for outbound with a pool containing the WAN Op device and WAN router - priority group activation will be used to always prefer the WAN Op device unless it fails. Same for the inbound but second pool member of the core switch. Each VS on a dedicated VLAN so they don't interfere with each other. Getting my drift?