Forum Discussion
Source Port Mangled down OSPF Tunnel
We're currently transitioning to using advanced routing and BGP/OSFP advertisement of VIPs, and an issue has come up which is confusing me to no end. I hope someone can point me in the right direction.
Our setup us as follows:
2 x F5 BIG-IP 1600 w/ Advanced Routing in Active/Standby
1 x BGP Session to core network (advertise public IPs) (203.50.50.0/25)
1 x OSPF Session to core network (advertise private IPs) (10.20.1.0/24)
1 x Shared VIP range with Foundry ServerIRON Load balancer (203.0.100.0/24)
The issue is as follows:
10.20.1.1 sends DNS request to 203.0.100.1
Foundry delivers request to 10.20.2.1 as expected, response is sent to core network
Response packet delivered to F5 on OSPF interface as expected, packet has correct source port.
Response packet is delivered to 10.20.1.1 with incorrect source port
Something seems to be altering the source port of the response packet as it passes through the F5. I have tried changing the settings for Source Port to 'preserve strict' without any change in behavior. This also appears to be impacting TCP traffic, however DNS requests were the easiest to trace in our current network configuration.
If anyone could provide some suggestions, it would be greatly appreciated.
Thanks
- Nom_55811
Nimbostratus
I've just played with the Source Port settings and discovered the following: - aj1
Nimbostratus
Hi Nom,
Did you actually find a solution to this. I have almost the same issue, that is, the source port in DNS reply is changed from 53 to something else as it passes through the F5. The weird part is that i cannot see that packet leaving the internal vlan via tcpdump but the packet shows up in the server's tcpdump (mis-ported). The server drops that packet and is not getting built (since DNS replies are getting mangled as they pass through F5). I have tried the "autolast hop" feature but that didn't work out.
PS: Our deployment has an active/standby viprion pair and two Juniper routers in full-mesh OSPF for link redundancy. There is no routing internally, all done using floating-IP.
Would greatly appreciate any help. Has been driving me nuts for a week now.
Thanks!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com