aglinka
Nimbostratus
NimbostratusMultiple TCP-ACK and UDP packet transmissions
Hello community!
Question is changed as I got more details
I'm facing strange issue with F5 LTM. ver: #TMSH-VERSION: 14.1.4
We have Virutal servers configured on specific ip and port for UDP traffic (syslog on port 514)
When we run tcpdump on F5 we see following behaviour:
- Incoming UDP packet mapped to /Common/VIP_UDP_514 with original TTL
- Outgoing UDP packet with original src IP and destination IP send to MAC address of gateway with TTL like in incoming packet
- Outgoing UDP packet with destination address of Pool member with TTL of 255
- Duplicate packet of packet sent in point 2. with smaller TTL (-1) or smaller
- Duplicate Outgoing UDP packet with original src IP and destination IP send to MAC address of gateway with TTL like in incoming packet from point 4
- Dupliacte Outgoing UDP packet with destination address of Pool member with TTL of 255
It looks like there is some kind of loop created by F5 but we do not see configuration that could lead to this behaviour.
Any ideas? What component/configuration could lead to such loop?
We have other VIPs for the sme ip with different ports but similar configuraiton.
We do not have any wildcard VIP
ltm virtual /Common/VIP_UDP_514 {
description VIP_UDP_514
destination /Common/10.1.1.66:514
ip-protocol udp
mask 255.255.255.255
pool /Common/Log_Collector_UDP_514
profiles {
/Common/udp { }
}
source 0.0.0.0/0
translate-address enabled
translate-port disabled
}