For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ltp_55848's avatar
ltp_55848
Icon for Nimbostratus rankNimbostratus
Jun 29, 2011

Wildcard forwarding for direct node traffic with PBR

Hi All,     Apologies if this question has been asked before; I've waded my way through a lot of forum posts but haven't seen the problem I'm facing - feel free to prove otherwise.     I a...
config
design
ltp_55848's avatar
ltp_55848
Icon for Nimbostratus rankNimbostratus
Jun 30, 2011
Hi Bhattman,

 

 

I've reread through the PBR documentation but don't understand your test configuration above; this would deny requests directly to the nodes from the 10.4.0.0/16 network, correct? (I've probably grossly misunderstood it).

 

 

I want to allow connections from the 10.4.0.0/16 network to the nodes (for monitoring and testing purposes) and from what I can see, return traffic is hitting the F5's. Below is a sanitised capture of return traffic from a direct request form a 10.4.0.0/16 client to the node:

 

 

11:48:20.427729 IP test.test.com.http > 10-X-X-X.test.com.38557: S 1328028531:1328028531(0) ack 2177636694 win 5792

 

 

Unfortunately, after hitting the F5's the traffic seems to be dropped either by the F5's or lost in the ether. The statistics of the wildcard forwarding virtual server shows the incoming traffic counters incrementing but does not register an equivalent outgoing flow.