Forum Discussion
Cirrostratuswhich virtual server will be hit?
Hi, we created following virtual forwarding server for internet traffics on LTM.
virtual server : internet-vs
source ip: 192.12.0.1 ( downstream firewall external interface IP)
destination: 0.0.0.0/0
For the return traffics of this VS, do we need to create another virtual server? If we create a new virtual forwarding server like below, will the return traffics of VS "internet-vs" hit this VS "Test-VS"?
virtual server: Test-VS
source: 0.0.0.0/0
destination: 192.12.0.1
Can someone please advise? Thanks in advance!
2 Replies
- Melissa_C
Moderator
Hello Herman2024
Noticed there was a response from AXI_MJ and wanted to encourage you to update your post if it has helped answer your question or if you have follow up questions.
-Melissa
AXI_MJAltocumulus
For normal return traffic, you would not usually need a second forwarding virtual server.
Once the initial flow hits internet-vs, BIG-IP creates a connection table entry for that session and keeps the flow state (including things like the return path / last hop information). So if the original flow is something like:
192.12.0.1:10729 -> 1.1.1.1:80
the return traffic:
1.1.1.1:80 -> 192.12.0.1:10729
would normally be matched against the existing connection entry and forwarded as part of the same flow, rather than hitting a different forwarding VS.
I’d only expect another forwarding VS to matter if this is actually a new connection, or if the return traffic does not match the existing flow tuple/state.
