Forum Discussion
ToS getting reset to 0 when egress from LTM
Scenario:
Micrsoft Lync front-end servers. Their gateway is on the LTM. Client requests to the front-end are balanced by virtual servers on a variety of ports.
The Lync servers are configured to mark their SSL-TLS SIP traffic (port 5061) as AF31. From packet captures, I have found that the markings are in tact while traversing the link to the LTM back-end network. However, when getting capture from the front-end interfaces, the DSCP has been reset to 0.
I have a TCP profile set on the virtual server that is listening on 5061, which has the options enabled to pass-through ToS and QoS. What else am I missing here?
I found a bug that looks somewhat related, but I am not running a SIP profile and this traffic is TCP.
http://support.f5.com/kb/en-us/solutions/public/14000/000/sol14019.html
- Sean_Youngberg_Nimbostratus
I verified that Pool settings are all correctly set to Pass Through. I suppose I will next try to set the ToS value in the TCP profile instead of using Pass Through.
- player_72606Nimbostratuswe have the same issue, can you please update us, any progress? as a workaround we are using an irule to prevent the zeroing : when CLIENT_ACCEPTED { set client_tos [IP::tos] } when SERVER_CONNECTED { IP::tos $client_tos }
- Sean_Youngberg_NimbostratusI have a case started. I will update this question with the outcome. Thanks!
- What_Lies_Bene1CirrostratusI'd agree that a ticket with F5 would be beneficial to you and others.
- What_Lies_Bene1Cirrostratus
Could be another bug. I wonder, are the Pool IP ToS setting also set to Pass Through. They should be as it's the default. I've no idea if they take precedence or not unfortunately although this suggests the TCP profile does.
You might also try setting the value to 65535 although it seems like a very old solution.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com