For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Oliver_Zalazar_'s avatar
Oliver_Zalazar_
Icon for Nimbostratus rankNimbostratus
Aug 08, 2009

return traffic route for source address

Hello,

 

I have single bigip, 4 vlan, 4 nodos in cluster, the traffic passing through them is not changed(devices act as transparent)

 

I have some questions to them describe the diagram, this aplication intenet mobile 3g, I am, distributing traffic by ip source,with irules on vs ipfw 0.0.0.0/0, that directs traffic from the GGSN to member_pool (vip cluster 1 or 2), the incoming traffic not changed when passing through f5 and then radius servers, this is fine, ggsn->router-> vs ipfw 0.0.0.0/0 -> vip cluster ---> f5 --- > Radius, the Return traffic is ok, this problem is when the cluster switches the slave --> master, there is traffic that not returns navegation. Have I to add some special configuration for the return of traffic when the servers switch???

 

Thanks

 

trace capture

 

example:

 

incoming 172.29.72.65.request >172.29.148.3.3789: rad-account-request 20 [id 162] (DF

 

0ut 172.29.148.3.radius-acct > 172.29.72.65.3789: rad-account-resp 20 [id 162] (DF)

 

-----------------

 

| cliente movil 3G|

 

-----------------

 

|

 

-----------------

 

| INTERNET |

 

-----------------

 

|

 

|

 

|

 

--------

 

| | ip GGSN1 172.29.72.66 i

 

ip GGSN1 172.29.72.65 ------- -------

 

| GGSN1 | | GGNS2 |

 

------- -------

 

| |

 

| |

 

-----------

 

|

 

|

 

-------

 

| ROUTE1|

 

-------

 

|

 

| VLAN200 ip 172.29.73.0/27

 

------------

 

| f51 vs ipfw |

 

| 0.0.0.0/0 |

 

------------

 

|

 

| VLAN201 ip 172.29.73.0/30

 

------------------------------

 

| |

 

vip cluster1 | 172.29.73.106 vip cluster2 |172.29.73.103

 

| |

 

--------------- ---------------------------

 

| eth4 eth4| eth4| |eth4

 

--------------- --------------- --------------- -------------

 

|cluster master | |cluster slave | |cluste master | |cluster slave|

 

--------------- --------------- ---------------- --------------

 

|eth5 | eth5 | eth5 |eth5

 

| VLAN 202 | | VLAN202 |

 

--------------- ------------------

 

| |

 

vip cluster1 | 172.29.77.106 172.29.77.103|vip cluster2

 

----------------------------------------

 

| vLAN202 ip 172.29.77.0/30

 

|

 

------------

 

| f51 vs ipfw|

 

| 0.0.0.0/0 |

 

------------

 

| VLAN37 ip 172.29.77.0/27

 

| |

 

------------

 

| ROUTE1 |

 

| |

 

------------

 

|

 

|

 

------------

 

| RADIUS |

 

| SERVER |

 

------------

 

ip radius server 172.29.148.3
config
design

1 Reply

  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Aug 10, 2009
    Does the VIP cluster use the same mac address between both master and slave?