For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ganesh_Garg's avatar
Ganesh_Garg
Icon for Nimbostratus rankNimbostratus
Jul 31, 2015

Routing problem when accessing the application via virtual server.

We have deployed LTM(11.6.0 HF5) in inline mode. When I try accessing direct node on a specific port to test the application, it's working fine, But when I am try accessing the application via VIP, some Routing Error is there.

 

3-way handshake is happening with Virtual server but LB is sending Rst-ACK immediately. Any Suggestions?

 

Below is the screenshot: -

 

 

application delivery
LTM
management
TMOS
TMSH

7 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 31, 2015

    Routing on the client side obviously looks fine. Do you see any server side traffic?

     

  • Ganesh_Garg's avatar
    Ganesh_Garg
    Icon for Nimbostratus rankNimbostratus
    Jul 31, 2015

    There is no server side connections for the above pasye wireshark.. But yes from LB I am able to reach servers on required ports. Also when I bypass LB and hit direct server by using forwarding VS.. Connection seems fine....

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 31, 2015

    I guess more specifically I'm asking if you see any traffic on the server traffic, even just an attempt (initial SYN)?

     

    Also when you say

     

    Also when I bypass LB and hit direct server by using forwarding VS

     

    Are you saying that you're bypassing the load balancer and sending traffic through a forwarding virtual server? Can you elaborate on that?

     

  • Ganesh_Garg's avatar
    Ganesh_Garg
    Icon for Nimbostratus rankNimbostratus
    Jul 31, 2015

    No, there is no initial syn for server side connection..

     

    By bypassing the LB i mean that we have deployed LTM in inline mode.. LB selfip is the default gayeway for servers.. traffic is just being forwarded via LTM(without any load balancing mechanism) with the help if ip forwarding virtual servers..

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 31, 2015

    Okay, so we now know that this is internal traffic going out. Correct me if I'm wrong here.

     

    We know that if you configure a wildcard (0.0.0.0:0/0) IP forwarding virtual server and create a default route on the BIG-IP that points to your outbound router, that traffic passes through that correctly.

     

    But if you configure a standard virtual server (presumably also 0.0.0.0:0/0) and assign it a pool (presumably the same outbound router), that this doesn't work.

     

    Am I close?

     

  • Ganesh_Garg's avatar
    Ganesh_Garg
    Icon for Nimbostratus rankNimbostratus
    Jul 31, 2015

    Issue was with configuration, Route domain ID was missing in the Nodes. :(