Forum Discussion

Piotr_Lewandows's avatar
Piotr_Lewandows
Icon for Altostratus rankAltostratus
Apr 14, 2015

VS precedence

Hi,

 

I know all sols (at least I think so:-) about vs (or listener) precedence (talking about 11.2.0, so no source facter here). Still I cant't see info about precedence for such setup (let's use Performance (Layer4) type).

 

Destination for both: 0.0.0.0:* (so full wildcard)

 

Protocol:

 

  1. TCP or UDP
  2. All protocols

I assume that for TCP traffic matching Destination (as only match among other VSs) VS with protocol set TCP will be best match - still I can't see any explicit info so if someone more experienced can confirm I will appreciate (sure can do the test but right now my Lab is not working).

 

Piotr

 

application delivery
availability
deployment
LTM
TMOS
  • nitass_89166's avatar
    nitass_89166
    Apr 19, 2015

    i believe you are right.

     configuration

root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual fwd*
ltm virtual fwd {
    destination 0.0.0.0:0
    mask any
    profiles {
        fastL4 { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address disabled
    translate-port disabled
    vlans {
        v423
    }
    vlans-enabled
    vs-index 21
}
ltm virtual fwd_tcp {
    destination 0.0.0.0:0
    ip-protocol tcp
    mask any
    profiles {
        fastL4 { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address disabled
    translate-port disabled
    vlans {
        v423
    }
    vlans-enabled
    vs-index 22
}

 trace

[root@ve11c:Active:In Sync] config  tcpdump -nni 0.0 -s0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
17:28:31.876362 IP 200.200.200.101.33580 > 172.28.24.1.80: S 1462548285:1462548285(0) win 5840  in slot1/tmm0 lis=
17:28:31.876463 IP 172.28.24.14.33580 > 172.28.24.1.80: S 1462548285:1462548285(0) win 5840  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.893756 IP 172.28.24.1.80 > 172.28.24.14.33580: S 3365596456:3365596456(0) ack 1462548286 win 5792  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.893770 IP 172.28.24.1.80 > 200.200.200.101.33580: S 3365596456:3365596456(0) ack 1462548286 win 5792  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.895303 IP 200.200.200.101.33580 > 172.28.24.1.80: . ack 1 win 46  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.895329 IP 172.28.24.14.33580 > 172.28.24.1.80: . ack 1 win 46  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.896456 IP 200.200.200.101.33580 > 172.28.24.1.80: P 1:155(154) ack 1 win 46  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.896470 IP 172.28.24.14.33580 > 172.28.24.1.80: P 1:155(154) ack 1 win 46  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.898016 IP 172.28.24.1.80 > 172.28.24.14.33580: . ack 155 win 54  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.898030 IP 172.28.24.1.80 > 200.200.200.101.33580: . ack 155 win 54  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.927269 IP 172.28.24.1.80 > 172.28.24.14.33580: P 1:245(244) ack 155 win 54  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.927281 IP 172.28.24.1.80 > 200.200.200.101.33580: P 1:245(244) ack 155 win 54  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.928775 IP 200.200.200.101.33580 > 172.28.24.1.80: . ack 245 win 54  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.928785 IP 172.28.24.14.33580 > 172.28.24.1.80: . ack 245 win 54  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.929375 IP 200.200.200.101.33580 > 172.28.24.1.80: F 155:155(0) ack 245 win 54  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.929402 IP 172.28.24.14.33580 > 172.28.24.1.80: F 155:155(0) ack 245 win 54  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.954094 IP 172.28.24.1.80 > 172.28.24.14.33580: F 245:245(0) ack 156 win 54  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.954107 IP 172.28.24.1.80 > 200.200.200.101.33580: F 245:245(0) ack 156 win 54  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.955365 IP 200.200.200.101.33580 > 172.28.24.1.80: . ack 246 win 54  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.955375 IP 172.28.24.14.33580 > 172.28.24.1.80: . ack 246 win 54  out slot1/tmm0 lis=/Common/fwd_tcp
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 19, 2015

    i believe you are right.

     configuration

root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual fwd*
ltm virtual fwd {
    destination 0.0.0.0:0
    mask any
    profiles {
        fastL4 { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address disabled
    translate-port disabled
    vlans {
        v423
    }
    vlans-enabled
    vs-index 21
}
ltm virtual fwd_tcp {
    destination 0.0.0.0:0
    ip-protocol tcp
    mask any
    profiles {
        fastL4 { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address disabled
    translate-port disabled
    vlans {
        v423
    }
    vlans-enabled
    vs-index 22
}

 trace

[root@ve11c:Active:In Sync] config  tcpdump -nni 0.0 -s0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
17:28:31.876362 IP 200.200.200.101.33580 > 172.28.24.1.80: S 1462548285:1462548285(0) win 5840  in slot1/tmm0 lis=
17:28:31.876463 IP 172.28.24.14.33580 > 172.28.24.1.80: S 1462548285:1462548285(0) win 5840  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.893756 IP 172.28.24.1.80 > 172.28.24.14.33580: S 3365596456:3365596456(0) ack 1462548286 win 5792  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.893770 IP 172.28.24.1.80 > 200.200.200.101.33580: S 3365596456:3365596456(0) ack 1462548286 win 5792  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.895303 IP 200.200.200.101.33580 > 172.28.24.1.80: . ack 1 win 46  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.895329 IP 172.28.24.14.33580 > 172.28.24.1.80: . ack 1 win 46  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.896456 IP 200.200.200.101.33580 > 172.28.24.1.80: P 1:155(154) ack 1 win 46  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.896470 IP 172.28.24.14.33580 > 172.28.24.1.80: P 1:155(154) ack 1 win 46  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.898016 IP 172.28.24.1.80 > 172.28.24.14.33580: . ack 155 win 54  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.898030 IP 172.28.24.1.80 > 200.200.200.101.33580: . ack 155 win 54  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.927269 IP 172.28.24.1.80 > 172.28.24.14.33580: P 1:245(244) ack 155 win 54  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.927281 IP 172.28.24.1.80 > 200.200.200.101.33580: P 1:245(244) ack 155 win 54  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.928775 IP 200.200.200.101.33580 > 172.28.24.1.80: . ack 245 win 54  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.928785 IP 172.28.24.14.33580 > 172.28.24.1.80: . ack 245 win 54  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.929375 IP 200.200.200.101.33580 > 172.28.24.1.80: F 155:155(0) ack 245 win 54  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.929402 IP 172.28.24.14.33580 > 172.28.24.1.80: F 155:155(0) ack 245 win 54  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.954094 IP 172.28.24.1.80 > 172.28.24.14.33580: F 245:245(0) ack 156 win 54  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.954107 IP 172.28.24.1.80 > 200.200.200.101.33580: F 245:245(0) ack 156 win 54  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.955365 IP 200.200.200.101.33580 > 172.28.24.1.80: . ack 246 win 54  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.955375 IP 172.28.24.14.33580 > 172.28.24.1.80: . ack 246 win 54  out slot1/tmm0 lis=/Common/fwd_tcp
    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      Apr 19, 2015
      Thanks a lot, better to be safe than sorry. Now I sure that I was right :-) Piotr
  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Apr 19, 2015

    i believe you are right.

     configuration

root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual fwd*
ltm virtual fwd {
    destination 0.0.0.0:0
    mask any
    profiles {
        fastL4 { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address disabled
    translate-port disabled
    vlans {
        v423
    }
    vlans-enabled
    vs-index 21
}
ltm virtual fwd_tcp {
    destination 0.0.0.0:0
    ip-protocol tcp
    mask any
    profiles {
        fastL4 { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address disabled
    translate-port disabled
    vlans {
        v423
    }
    vlans-enabled
    vs-index 22
}

 trace

[root@ve11c:Active:In Sync] config  tcpdump -nni 0.0 -s0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
17:28:31.876362 IP 200.200.200.101.33580 > 172.28.24.1.80: S 1462548285:1462548285(0) win 5840  in slot1/tmm0 lis=
17:28:31.876463 IP 172.28.24.14.33580 > 172.28.24.1.80: S 1462548285:1462548285(0) win 5840  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.893756 IP 172.28.24.1.80 > 172.28.24.14.33580: S 3365596456:3365596456(0) ack 1462548286 win 5792  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.893770 IP 172.28.24.1.80 > 200.200.200.101.33580: S 3365596456:3365596456(0) ack 1462548286 win 5792  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.895303 IP 200.200.200.101.33580 > 172.28.24.1.80: . ack 1 win 46  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.895329 IP 172.28.24.14.33580 > 172.28.24.1.80: . ack 1 win 46  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.896456 IP 200.200.200.101.33580 > 172.28.24.1.80: P 1:155(154) ack 1 win 46  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.896470 IP 172.28.24.14.33580 > 172.28.24.1.80: P 1:155(154) ack 1 win 46  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.898016 IP 172.28.24.1.80 > 172.28.24.14.33580: . ack 155 win 54  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.898030 IP 172.28.24.1.80 > 200.200.200.101.33580: . ack 155 win 54  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.927269 IP 172.28.24.1.80 > 172.28.24.14.33580: P 1:245(244) ack 155 win 54  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.927281 IP 172.28.24.1.80 > 200.200.200.101.33580: P 1:245(244) ack 155 win 54  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.928775 IP 200.200.200.101.33580 > 172.28.24.1.80: . ack 245 win 54  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.928785 IP 172.28.24.14.33580 > 172.28.24.1.80: . ack 245 win 54  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.929375 IP 200.200.200.101.33580 > 172.28.24.1.80: F 155:155(0) ack 245 win 54  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.929402 IP 172.28.24.14.33580 > 172.28.24.1.80: F 155:155(0) ack 245 win 54  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.954094 IP 172.28.24.1.80 > 172.28.24.14.33580: F 245:245(0) ack 156 win 54  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.954107 IP 172.28.24.1.80 > 200.200.200.101.33580: F 245:245(0) ack 156 win 54  out slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.955365 IP 200.200.200.101.33580 > 172.28.24.1.80: . ack 246 win 54  in slot1/tmm0 lis=/Common/fwd_tcp
17:28:31.955375 IP 172.28.24.14.33580 > 172.28.24.1.80: . ack 246 win 54  out slot1/tmm0 lis=/Common/fwd_tcp
    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      Apr 19, 2015
      Thanks a lot, better to be safe than sorry. Now I sure that I was right :-) Piotr
  • Willian_Guilher's avatar
    Willian_Guilher
    Icon for Cirrus rankCirrus
    May 05, 2015

    I am not sure if I understand this setup correctly. I have a forwarding (IP) virtual server configured, but when I run the command tmsh list ltm virtual (virtual_server_name) I do not see the destination port as being port 0, but "any" instead. I'm assuming that both mean the same thing, but just wanted to make sure.

     

    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      May 05, 2015
      Hi, Yes, 0 and Any is equal, look at the VS list in GUI, there is info in Service Port column 0 (Any). Piotr
  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    May 06, 2015

    I have a forwarding (IP) virtual server configured, but when I run the command tmsh list ltm virtual (virtual_server_name) I do not see the destination port as being port 0, but "any" instead.

    root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list cli global-settings service
cli global-settings {
    service name
}
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual fwd
ltm virtual fwd {
    destination 0.0.0.0:any
    mask any
    profiles {
        fastL4 { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address disabled
    translate-port disabled
    vlans {
        v423
    }
    vlans-enabled
    vs-index 44
}
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) modify cli global-settings service number
root@(ve11c)(cfg-sync Not All Devices Synced)(Active)(/Common)(tmos) list ltm virtual fwd
ltm virtual fwd {
    destination 0.0.0.0:0
    mask any
    profiles {
        fastL4 { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address disabled
    translate-port disabled
    vlans {
        v423
    }
    vlans-enabled
    vs-index 44
}
    • Willian_Guilher's avatar
      Willian_Guilher
      Icon for Cirrus rankCirrus
      May 06, 2015
      Sweet Thank you @nitass. Works like a charm. root@(bigipA)(cfg-sync Changes Pending)(ModuleNotLicensed:Active)(/Common)(tmos) list ltm virtual forward_virtual ltm virtual forward_virtual { destination 0.0.0.0:0 ip-forward ip-protocol tcp mask any profiles { fastL4 { } } translate-address disabled translate-port disabled vlans-disabled }
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    May 06, 2015

    I have a forwarding (IP) virtual server configured, but when I run the command tmsh list ltm virtual (virtual_server_name) I do not see the destination port as being port 0, but "any" instead.

    root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list cli global-settings service
cli global-settings {
    service name
}
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual fwd
ltm virtual fwd {
    destination 0.0.0.0:any
    mask any
    profiles {
        fastL4 { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address disabled
    translate-port disabled
    vlans {
        v423
    }
    vlans-enabled
    vs-index 44
}
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) modify cli global-settings service number
root@(ve11c)(cfg-sync Not All Devices Synced)(Active)(/Common)(tmos) list ltm virtual fwd
ltm virtual fwd {
    destination 0.0.0.0:0
    mask any
    profiles {
        fastL4 { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address disabled
    translate-port disabled
    vlans {
        v423
    }
    vlans-enabled
    vs-index 44
}
    • Willian_Guilher's avatar
      Willian_Guilher
      Icon for Cirrus rankCirrus
      May 06, 2015
      Sweet Thank you @nitass. Works like a charm. root@(bigipA)(cfg-sync Changes Pending)(ModuleNotLicensed:Active)(/Common)(tmos) list ltm virtual forward_virtual ltm virtual forward_virtual { destination 0.0.0.0:0 ip-forward ip-protocol tcp mask any profiles { fastL4 { } } translate-address disabled translate-port disabled vlans-disabled }