Forum Discussion
Dan_G_195141
Nimbostratus
NimbostratusWildcard VS does not forward traffic on assigned VLAN
Hi there,
I need some help from the community. 🙂
I can't get a wildcard virtual server to match/forward traffic. I've been fighting with this for a few days now. Maybe I'm missing something simple?
Setup is HA pair / BIG-IP 13.1.0.3 Build 0.0.5 Point Release 3
A little background.
I created this wildcard vs in response to following requirements:
1) Send tcp,udp syslog traffic to new pool (lets call it syslog_pool) in VLAN1002) Preserve source-ip header for all traffic sent to new pool (No SNAT)In order to preserve source-ip I set the floating self-ip (172.16.0.6) in VLAN100 as the default gateway for servers in the syslog_pool (instead of usual gateway 172.16.0.1). This is to prevent an asymmetric route with snat automap disabled.
However the default-route on the F5 pair is not appropriate for traffic sourced from these servers destined for external networks.
I tried to solve the default-route problem by sending all traffic sourced from this VLAN back to the correct gateway (pool vlan100_net_gateway [172.16.0.1] in VLAN100) as follows (IP's and VLAN ID's obfuscated):
ltm virtual syslog_ip_route_0 {
destination 0.0.0.0:any
mask 255.255.255.255
pool vlan100_net_gateway
profiles {
ip_route_fastl4 { }
}
source 0.0.0.0/0
translate-address disabled
translate-port disabled
vlans {
VLAN100
}
vlans-enabled
vs-index 1540
}
ltm profile fastl4 ip_route_fastl4 {
app-service none
defaults-from fastL4
idle-timeout 300
loose-initialization enabled
reset-on-timeout disabled
}
ltm virtual-address 0.0.0.0 {
address any
arp disabled
icmp-echo disabled
mask 255.255.255.255
traffic-group traffic-group-1
}
net self 172.16.0.6 {
address 172.16.0.6/24
allow-service all
floating enabled
traffic-group traffic-group-1
unit 1
vlan VLAN100
}
Problem: zero traffic matches this wildcard vs. Stats on the virtual server, the virtual address, and vlan100_net_gateway pool are all zeros.
I can ping the floating-ip (default gateway) from the servers.
I can access any VIP on the F5's (listening on all VLANs) from the servers via floating-ip as default gateway.
I see only SYN's for traffic sent to external networks when watching on the F5's with tcpdump.
I even tried moving VLAN, Self-IPs, Pool and VIP to brand new route domain. Same issue. 0 Traffic.
Any ideas?
Thanks!
are you sending tcp or udp traffic? fastl4 will match tcp traffic only, did you do any packet capture?
Dan_GI'm testing with TCP. I did packet captures on the F5 with tcpdump and see SYN's sent from server on self-ip VLAN but no packets match the wildcard virtial server per LTM stats.
My goal is to match all traffic (TCP, UDP) sent from servers (F5 set as gateway in inline mode) and forward to a specific gateway (pool) that is different from gateway configured in LTM.
I thought I could use a Performance L4 virtual server with a "alternate gateway pool" but maybe I need to use a Forwarding IP virtual server as described here: https://support.f5.com/csp/article/K7595. Maybe in conjunction with separate route-domain for alternate default route?
check
1) if the packet arrives via allowed vlan 2) if there is any other VIP configured with destination IP or/end TCP port of the client's side packet
