Forum Discussion
TCP Traffic Path Diagram
Hi all,
It's bugged me ever since I looked at the ADF exam blueprint that there still wasn't a definitive document or diagram available that described or showed the TCP Traffic Path and Order of Operations of a packet passing through an F5. I'm aware of the BigIP Path Graph v1.7 from Red Education but that's five years old and hasn't been subject to any review. To that end I've recently started my own as you can see below.
Comments and more importantly corrections or queries are encouraged. Note as it stands I've not added many iRule events as I'd like to get the flow and order sorted first. I'm pretty sure what I've done is mostly correct but I'd love some review before I continue and finish off the server side operations. Many thanks in advance. You may need to right-click, open image/in new tab to see it full size.
New version - December 2015:
- AurelCirrusI'm wondering how a connection can be an existing one ( New TCP Connection SYN => NO) and also not in the Connection Table Entry (Connection Table Entry =>NO). Or does it mean that this is checked twice ?
- AurelCirrusJust great.
- Graham_33693Nimbostratus
You are more than welcome and thanks for the flow diagrams, the main driver behind the question is that F5 exposed some tcp profile parameters via iRule in v11.6.
- What_Lies_Bene1CirrostratusThanks G. Scott, I'll sort this out shortly. Update: Finally added November 2015.
- gsharriAltostratusExcellent diagram! Thank you for taking the time to put this together. I might add one additional entry and that is the virtual server "source" setting which appeared in v11.4? If defined the VS will accept connections from that source address only.
- Graham_33693Nimbostratus
Nice diagram, would it be possible to add the tcp profile client-side and server-side to the diagram please.
- What_Lies_Bene1CirrostratusHey again @Graham, I've now incorporated that with mention of where each profile is applied. There's no documentation on which event the commands are valid in but I'm pretty sure it's CLIENT_ACCEPTED, do tell me if I'm wrong.
- What_Lies_Bene1CirrostratusYou're welcome. Always great to get feedback.
- ch4f5_166880NimbostratusThis is awesome, thx! It is incredibly helpful to see the visual flow of order of operations on a VS.
- What_Lies_Bene1Cirrostratus
I don't think there is any difference where routing is concerned. Routing is concerned with the destination, not the source so any changes in the source have no affect. Hope that helps, if not, please do post back.
- aspindler34_133Nimbostratus
I have a question specifically regarding after a decision has been made to send a packet to be snatted or routed. If I leave the SNAT setting on my VIP as auto-map I know that the routing and forwarding from there on uses the self-IP of the vlan that is used in the static route. If I have a SNAT Pool implemented is there a decision that is made before the traffic is sent to the routing table? I am new to SNAT Pools. any help you can provide is greatly appreciated.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com