drop
3 TopicsPacket loss between Fortigate and B2250
Hello, I am having an issue that I have not been able to resolve, so hoping someone here can point me in the right direction. I have a Fortigate 3700D with 3x 40G interfaces aggregated, with 3x VLANS on the aggregate interface. Then I have 3x B2250´s configured where each blade has 1x 40G from the Fortigate, and configured as trunk with the vlans added. Now when I tried pinging the F5 locally from the Fortigate and from the internet with virtual IP configured, I got maybe 50% drops of packets, both icmp and dns lookups to the F5DNS server. This was with the Fortigate configured as L4 algorithm (layer 4) , and F5 as "Source/Destination IP address port". I then changed the Fortigate to L3 algorithm (layer 3), and I have a much better response rate on the icmp and dns packets (even though I would assume L4 is correct for the source/destination ip address port config on f5 side? So not sure why it works better now..) So while pings do not drop that often, I still get drops maybe every 7-8 time I try. When doing a tcpdump on the F5 I see that the icmp requests stop working everytime right after an ARP request is made from the Fortigate to the F5, as seen from screenshot attached. Might this be due to the F5 blades using different mac addresses, and the Fortigate being confused by that? (even though I set it to work on L3?.. Anyone know or can point me in the right direction? Thanks in advance!71Views0likes1CommentDrop reason counters.rx_portd_rdisc
Hello everyone, i'm asking for your help in order to undestand some values i'm seeing when looking for the drop reason in my big ip devices I have 2 big ip i5600 devices in an Active/Standby configuration and both of them are reporting packet drops Both devices have a unique trunk of 2 interfaces (1.1 and 1.2)which process all the application traffic (the HA configuration use this trunk too). When runnig tmsh "show /net interface" i can see 1.7M in the "Drops in" field. When running "tmctl drop_reason" according to https://my.f5.com/manage/s/article/K31938413 i can see the field "counters.rx_portd_rdisc" with a value of "1058490" which i thinks its arround 1M. Both devices reports similiar values for "counters.rx_portd_rdisc" but ONLY in the interface 1.2 I cant find any information related to the "counters.rx_portd_rdisc" field of the drop reason. Someone have an idea of what "counters.rx_portd_rdisc" means? Thanks in advance for your answers!Solved171Views0likes3CommentsiRule to discard specific DNS REQUEST
Hi We use F5 DNS and we saw there is many DNS request to us. for example. we have many spam dns request for www.seo.com which is not exist in our domain name. (it's non-existing domain spam) Can we have irule to discard only this request for www.seo.com in our listener? Is this irule work? when DNS_REQUEST { if {([string tolower [DNS::question name]] equals "www.seo.com")} { drop (or DNS::drop) } else { } }1.5KViews0likes1Comment