Forum Discussion

Sean_Youngberg_'s avatar
Sean_Youngberg_
Icon for Nimbostratus rankNimbostratus
Sep 16, 2013

ToS getting reset to 0 when egress from LTM

Scenario:

 

Micrsoft Lync front-end servers. Their gateway is on the LTM. Client requests to the front-end are balanced by virtual servers on a variety of ports.

 

The Lync servers are configured to mark their SSL-TLS SIP traffic (port 5061) as AF31. From packet captures, I have found that the markings are in tact while traversing the link to the LTM back-end network. However, when getting capture from the front-end interfaces, the DSCP has been reset to 0.

 

I have a TCP profile set on the virtual server that is listening on 5061, which has the options enabled to pass-through ToS and QoS. What else am I missing here?

 

I found a bug that looks somewhat related, but I am not running a SIP profile and this traffic is TCP.

 

http://support.f5.com/kb/en-us/solutions/public/14000/000/sol14019.html

 

  • I verified that Pool settings are all correctly set to Pass Through. I suppose I will next try to set the ToS value in the TCP profile instead of using Pass Through.

     

    • player_72606's avatar
      player_72606
      Icon for Nimbostratus rankNimbostratus
      we have the same issue, can you please update us, any progress? as a workaround we are using an irule to prevent the zeroing : when CLIENT_ACCEPTED { set client_tos [IP::tos] } when SERVER_CONNECTED { IP::tos $client_tos }
    • Sean_Youngberg_'s avatar
      Sean_Youngberg_
      Icon for Nimbostratus rankNimbostratus
      I have a case started. I will update this question with the outcome. Thanks!
    • What_Lies_Bene1's avatar
      What_Lies_Bene1
      Icon for Cirrostratus rankCirrostratus
      I'd agree that a ticket with F5 would be beneficial to you and others.
  • Could be another bug. I wonder, are the Pool IP ToS setting also set to Pass Through. They should be as it's the default. I've no idea if they take precedence or not unfortunately although this suggests the TCP profile does.

     

    You might also try setting the value to 65535 although it seems like a very old solution.