Forum Discussion
Joe_L_
May 13, 2013Nimbostratus
The External interface is 128.6.31.124, which is the floating traffic-group IP between the active-passive failover F5 pair. The internal network is 172.16.88.224/28, on VLAN "Adobe_Connect". The F5 floating IP on that interface is 172.16.88.225, which is also set to the primary gateway address on all servers attached to that network. The default route for the F5 traffic (non-management) is 128.6.31.65, located on the External net.
The forwarding VS is "Adobe-Connect_Net", defined as follows:
ltm virtual /Common/Adobe-Connect_Net {
description 172.16.88.224/28
destination /Common/172.16.88.224:0
ip-forward
mask 255.255.255.240
profiles {
/Common/AC_Net_fastL4 { }
}
source 0.0.0.0/0
translate-address disabled
translate-port disabled
vlans-disabled
}
ltm profile fastl4 /Common/AC_Net_fastL4 {
app-service none
defaults-from /Common/fastL4
idle-timeout 300
ip-tos-to-client pass-through
ip-tos-to-server pass-through
keep-alive-interval disabled
link-qos-to-client pass-through
link-qos-to-server pass-through
loose-close enabled
loose-initialization enabled
mss-override 0
reassemble-fragments disabled
reset-on-timeout enabled
rtt-from-client disabled
rtt-from-server disabled
software-syn-cookie disabled
tcp-close-timeout 5
tcp-generate-isn disabled
tcp-handshake-timeout 5
tcp-strip-sack disabled
tcp-timestamp-mode preserve
tcp-wscale-mode preserve
}
To clarify what I said in the prevoius message, packets (ping, SSH, etc) are arriving at the External interface of the F5, and being properly passed to the Adobe_Connect internal interface. Reply packets from the servers on that network, however, are *NOT* being passed back the other way. (ie. The Adobe_Connect interface sees the packets, but according to tcpdump, they aren't being passed back to the External interface.)