Hi all, It's bugged me ever since I looked at the ADF exam blueprint that there still wasn't a definitive document or diagram available that described or showed the TCP Traffic Path and Order of Operations of a packet passing through an F5. I'm aware of the BigIP Path Graph v1.7 from Red Education but that's five years old and hasn't been subject to any review. To that end I've recently started my own as you can see below. Comments and more importantly corrections or queries are encouraged. Note as it stands I've not added many iRule events as I'd like to get the flow and order sorted first. I'm pretty sure what I've done is mostly correct but I'd love some review before I continue and finish off the server side operations. Many thanks in advance. You may need to right-click, open image/in new tab to see it full size. New version - December 2015:

Oh, and for the purposes of simplification at this point, I'm assume a standard VS where relevant.

thanks for the diagram. this is exactly what I was looking for.

You're welcome. It's still a work in progress but I'm pretty sure it's accurate.

I have a question specifically regarding after a decision has been made to send a packet to be snatted or routed. If I leave the SNAT setting on my VIP as auto-map I know that the routing and forwarding from there on uses the self-IP of the vlan that is used in the static route. If I have a SNAT Pool implemented is there a decision that is made before the traffic is sent to the routing table? I am new to SNAT Pools. any help you can provide is greatly appreciated.

I don't think there is any difference where routing is concerned. Routing is concerned with the destination, not the source so any changes in the source have no affect. Hope that helps, if not, please do post back.

TCP Traffic Path Diagram

49 Replies

What_Lies_Bene1
Cirrostratus
Mar 19, 2015
Thanks G. Scott, I'll sort this out shortly. Update: Finally added November 2015.
Graham_33693
Nimbostratus
Mar 19, 2015
You are more than welcome and thanks for the flow diagrams, the main driver behind the question is that F5 exposed some tcp profile parameters via iRule in v11.6.
Aurel
Cirrus
Nov 04, 2015
Just great.
Aurel
Cirrus
Nov 04, 2015
I'm wondering how a connection can be an existing one ( New TCP Connection SYN => NO) and also not in the Connection Table Entry (Connection Table Entry =>NO). Or does it mean that this is checked twice ?
andrew_C1
Nimbostratus
Nov 11, 2015
Aurel, to answer, with routing. If the F5 is in path in a multipath environment and a failure on another path occours you can have traffic that matches a forwarding VIP that is mid flow appear and you dont want those flows to be denied.
What_Lies_Bene1
Cirrostratus
Nov 23, 2015
Hey @Aurel. You have a point. There are a few possibilities, one, it's a FastL4/Performance VS with Loose options enabled or two, a timeout of some sort has occurred. I'm just working on a new version so I'll think this through some more.
jsprattler
Nimbostratus
Nov 24, 2015
Could you please tell me where a Network Forwarding Virtual Server (NFVS) would fit in this diagram? I'm particularly wondering the order of precedence for: NFVS, VS, SNAT
What_Lies_Bene1
Cirrostratus
Nov 25, 2015
Hey ~jsprattler, the general order doesn't change: VS, then SNAT, then NAT. The preference when different types of VS's could match is the most specific match based on this (now added to the diagram anyway): - IP Address:Service Port - IP Address:* - IP Network:Service Port - IP Network:* - *:Service Port - *:*
Aurel
Cirrus
Nov 25, 2015
@ andrew : Hi Andrew, i don't get everything you said. But i got that there's is a first "table" for SYN packets not terminating on the BigIP. Forwarding VS is a case where TCP connections are not terminating here. Could you just explain " You don't want those to be denied" ? Thank you for your reply.
Aurel
Cirrus
Nov 25, 2015
@ What Lies Beneath : Hi What, thanks for replying. Well, everything not terminating on the BigIP could be existing as a previous SYN has been seen, but not in the BigIP connection table. I'm interested on the new version you're talking about, could you tell something ? Thanks.