For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Daniel_Ao_10370's avatar
Daniel_Ao_10370
Icon for Nimbostratus rankNimbostratus
Apr 05, 2013

[Strange problem] LTM virtual server sometimes not forward traffic to pool

Recently, I found that some dns query packets from Internet users to 202.175.3.3 (VIP under my F5 BIGIP 1600) loop between ISG1000 and BIGIP 1600. When packet arrive LTM, LTM did not forward this packet to the pool member but forward back to the upstream network device (firewall). Then, upstream network device forwad this packet back to BIGIP1600 again. This packet was ping pong between upstream network device and BIGIP 1600. When the TTL value of this packet count down to zero, 202.175.3.3 send out an ICMP type 11 message (time to live exceeded in transit) to the source IP.

 

I was wondering why LTM did not forward the packets to the pool members sometimes. I have opened a support case in F5 and the support send me the below KB link.

 

https://support.f5.com/kb/en-us/sol...14104.html

 

 

I have done the configuration according to the KB but it didn't help. Any comment for this case????

 

 

BIGIP 1600 TMOS version: 11.2.1

 

config
design

5 Replies

  • Jnon's avatar
    Jnon
    Icon for Nimbostratus rankNimbostratus
    Apr 06, 2013
    Is your pool the default pool on the Virtual or LB based on iRule?
  • Daniel_Ao_10370's avatar
    Daniel_Ao_10370
    Icon for Nimbostratus rankNimbostratus
    Apr 06, 2013

    The pool is the default pool on the virtual server. no irules applied for this virtual server.

     

  • Jnon's avatar
    Jnon
    Icon for Nimbostratus rankNimbostratus
    Apr 06, 2013
    I have seen in ver 9.x where a new pool sometimes would just not have a pointer or something associated, and it just wouldn't accept traffic, deleting the pool and recreating it worked to fix it.

     

     

    In version 10.x I've had issues after I run a reload license command - where irules that were pointing to a pool that wasn't associated with a vip, were no longer working, in that case also the stats on the pool would not clear out, even if you deleted the pool and recreated it, that stats would come back, and at time's I've had to rebuild the pool under a new name.

     

     

    Not sure if your running into either of those issues, I might the issues in Ver 9, would only show up when the pool was first built, in version 10, I've not seen that, so far has only been associated when applying a new license.
  • Jnon's avatar
    Jnon
    Icon for Nimbostratus rankNimbostratus
    Apr 06, 2013
    I might add - as I read you message again, it appears it is just happening sometimes, you might watch the ltm log and see if you see any signs the pool members are flip flopping

     

  • marspc_300684's avatar
    marspc_300684
    Icon for Nimbostratus rankNimbostratus
    Nov 26, 2016

    Hi,

     

    I have the same issue when sometimes (every 2 days) the virtual server stops sending traffic to the pool and the only thing that fixes it is enable/disable the virtual server and connecting it to a different pool.

     

    I use version BIG-IP 10.2.2 Build 763.3 Final.

     

    I read this post and my issue looks very similar.

     

    Any ideas what to try next?