Hello community!

Question is changed as I got more details

I'm facing strange issue with F5 LTM. ver: #TMSH-VERSION: 14.1.4

We have Virutal servers configured on specific ip and port for UDP traffic (syslog on port 514)

When we run tcpdump on F5 we see following behaviour:

1. Incoming UDP packet mapped to /Common/VIP_UDP_514 with original TTL
2. Outgoing UDP packet with original src IP and destination IP send to MAC address of gateway with TTL like in incoming packet
3. Outgoing UDP packet with destination address of Pool member with TTL of 255
4. Duplicate packet of packet sent in point 2. with smaller TTL (-1) or smaller
5. Duplicate Outgoing UDP packet with original src IP and destination IP send to MAC address of gateway with TTL like in incoming packet from point 4
6. Dupliacte Outgoing UDP packet with destination address of Pool member with TTL of 255

It looks like there is some kind of loop created by F5 but we do not see configuration that could lead to this behaviour.

Any ideas? What component/configuration could lead to such loop?

We have other VIPs for the sme ip with different ports but similar configuraiton.

We do not have any wildcard VIP

ltm virtual /Common/VIP_UDP_514 {
    description VIP_UDP_514
    destination /Common/10.1.1.66:514
    ip-protocol udp
    mask 255.255.255.255
    pool /Common/Log_Collector_UDP_514
    profiles {
        /Common/udp { }
    }
    source 0.0.0.0/0
    translate-address enabled
    translate-port disabled
}