Forum Discussion
NimbostratusVLAN-Group virtual server problem
Hi
I've a trouble with some problem. I access virtual server but pool member doesn't respond SYN packet. Let's see packet flow
Assume client ip : x .......virtual server : y.......... member : z (x,z is in the same vlan) z is mail server y is typical virtual server with no SNAT
x ---> y SYN
y <--- x SYN+ACK
x ---> y ACK
x ---> z SYN
x----> z SYN
x ----> z SYN
z <---- x RST
This system is use VLAN-Group. Is this flow is properly (client handshake with VS then client handshake with member) ?
I didn't see virtual server handshake with member. Is this properly for VLAN-Group ?
So x can connect z if bypass BIG-IP. and BIG-IP can connect z directly. but x can't connect z via virtual server y
Which cause that can happen? Is this Asymmetric routing problem even though I use VLAN-Group?
Thank you
1 Reply
What_Lies_Bene1Cirrostratus
I'm not sure this is a VLAN Group issue, it seems more likely it's a routing issue on the server side. If x to z works that suggests the real server doesn't have a route back to the client back via the F5. You either need to change the routing on the server so it routes responses to the client back through the F5 or enable SNAT on the VS.
