HI all, as per K7595 we created a route forwader with loose initation and loose close enabled, however we still have traffic hitting this route forwarder get dropped as out of state every month or so...
that looks good. fyi, we are using similar "stateless" ip forwarding virtual servers extensively in our datacenter with inline i5800 appliances and no issues. we use wildcard forwarders (0.0.0.0/0) and route domains to carve up different segments. combination of static and dynamic routing. this way our clients go thru the F5 with no SNAT requirement on datacenter apps.
other couple of things comparing configs you might check/verify:
in the forwarding virtual server properties do you have source-port preserve-strict enabled? ran into a "bug" where sometimes this can be a problem if not set to "strict" and ports were translating and that could cause a RST if the end to end port pair/socket is now different.
and translate-address and translate-port disabled?
and is your protocal set to any (not just tcp or udp)?
also curious about your /32 on the listener? what is the use case you are doing? as mentioned ours are wildcard and we then let routing decide how to move the packet. we don't have any gateway IP on the F5 since a downstream router is the subnet's gateway, and we have routing established between the F5 and router. but if you do have gateways on the F5 are they being accomplished thru this /32 or via a separate self IP (floating if you are doing redundant and basically similar to vrrp/hsrp)? we've done that before, using self IP as the subnet gateway and wildcard forwarder to pass all the stateless packets thru once the devices arp for the gateway.
hope this helps please share more info and maybe another idea/detail will surface...
It’s a strange story as to why we have these here in the first place, we have a 10.0.0.0/8 route forwarder aswell, when this issue first occurred a year or two ago immediately following an upgrade, TAC got involved and could see the connection broken because no routing was happening, they put this /32 and immediately resolved the issue, much to my argument that this had worked fine for years until then with only the /8 route forwarder, but we couldn't argue with results.
And for an additional piece of information, this traffic flow that gets broken occasionally, is bigd between two gtm devices, this ltm sits in between them doing nothing more than routing and firewalling. Its hard to be sure but it appears bigd doesn’t honour the tcp reset and keeps trying to use the same session, we never touch the gtm's to fix this, just delete and re-add the forwarder and all works again.