Forum Discussion
Lee_Sutcliffe_5
Nimbostratus
NimbostratusVS Precedence
Hi
I have a question relating to VS precedence and which VS would process the packet in the following example:
Packet - destination IP > 10.10.10.10 destination port > TCP/80
VIP-A 10.10.10.0:80
protocol tcp
mask 255.255.255.0
VIP-B 10.10.10.10:80
protocol udp
mask 255.255.255.255
My understanding having read https://support.f5.com/kb/en-us/solutions/public/6000/400/sol6459.html is that there is a higher emphasis on the VS with the longest subnet match.
However, in the in above example, this would be VIP-B - but the protocol for this VS is UDP.
Would VIP-B process the request and subsequently drop traffic - or is the BigIP intelligent enough to match on a VS with a lower precedence, but one that has the correct protocol configured?
Many thanks
Lee
- JRahm
Admin
Hi Lee, When a listener lookup occurs, the precedence linked above matches as expected for all matching traffic types. For example, consider the following three virtuals:
- 10.10.10.0:0/25 *All Protocols
- 10.10.10.0:0/25 *UDP
- 10.10.10.0:0/24 *TCP
If you send an http request to 10.10.10.40, the vip 1 will receive the traffic. If you send an http request to 10.10.10.140, vip 3 will receive the traffic. If you delete vip 1 and retry an http request to 10.10.10.40, it will bypass vip 2 because of a protocol mismatch and match vip 3.
So to answer your question, yes, the precedence matters first, but only when the virtual is capable of handling that traffic. A UDP virtual, even with a longer match, isn't capable of handling TCP traffic, so it doesn't apply.
Lee_SutcliffeNacreous
Hi Jason,
Thanks for your explanation, that question has been bugging me for a while!
Lee
