Forum Discussion

genseek_32178's avatar
genseek_32178
Icon for Nimbostratus rankNimbostratus
Oct 29, 2013

VIP Issue

Hi Experts,   We have a VIP with pool members doing asymmetric routing causing the reply packet to bypass F5 and goin directly to upstream router. For this reason, url mapped to the VIP is not wor...
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 29, 2013

We are not doing asymmetric routing using snat. What i meant was asymmetric routing is causing reply pkt to bypass f5.

 

Ah, I see. So if understand correctly, asymmetric routing is not your intention, but because the server can route directly back to the client, the replies are bypassing the F5. You have a few options:

 

  1. Make the servers use the F5 as their default gateway.

     

  2. Apply SNAT and inject the client's source into the payload or header.

     

If this is HTTPS traffic, you'll need to offload the SSL at the F5 to be able to insert an HTTP header. You can optionally re-encrypt but it isn't expressly required. You can apply an HTTP profile with the XFF option enabled, or you can do the same in an iRule.