cancel
Showing results for 
Search instead for 
Did you mean: 

Multiple TCP-ACK and UDP packet transmissions

aglinka
Nimbostratus
Nimbostratus

Hello community!

Question is changed as I got more details

I'm facing strange issue with F5 LTM. ver: #TMSH-VERSION: 14.1.4

We have Virutal servers configured on specific ip and port for UDP traffic (syslog on port 514)

When we run tcpdump on F5 we see following behaviour:

  1. Incoming UDP packet mapped to /Common/VIP_UDP_514 with original TTL
  2. Outgoing UDP packet with original src IP and destination IP send to MAC address of gateway with TTL like in incoming packet
  3. Outgoing UDP packet with destination address of Pool member with TTL of 255
  4. Duplicate packet of packet sent in point 2. with smaller TTL (-1) or smaller
  5. Duplicate Outgoing UDP packet with original src IP and destination IP send to MAC address of gateway with TTL like in incoming packet from point 4
  6. Dupliacte Outgoing UDP packet with destination address of Pool member with TTL of 255

 

It looks like there is some kind of loop created by F5 but we do not see configuration that could lead to this behaviour.

 

Any ideas? What component/configuration could lead to such loop?

We have other VIPs for the sme ip with different ports but similar configuraiton.

We do not have any wildcard VIP

ltm virtual /Common/VIP_UDP_514 { description VIP_UDP_514 destination /Common/10.1.1.66:514 ip-protocol udp mask 255.255.255.255 pool /Common/Log_Collector_UDP_514 profiles { /Common/udp { } } source 0.0.0.0/0 translate-address enabled translate-port disabled }

 

0 REPLIES 0