Forum Discussion

JamesCrk's avatar
JamesCrk
Icon for Cirrus rankCirrus
Mar 22, 2023

Route friendly virtual server

In article - K7595 its discussed that the default routing behaviour of a virtual server is stateful. We got bitten by this once where a session apparently got out of state and got dropped (the traffic flow was a health check between an HA pair of devices so it caused a bit of chaos).


The fix was to create a new virtual server (fast l4) for the /29 subnet and follow the section "Emulate stateless IP routing with BIG-IP LTM forwarding virtual servers" which resolved the issue.


What I am interested in, can we see the packets being dropped somewhere in the cli? Our existing virtual server that was dropping this traffic is 10.0.0.0/8, I suspect its probably dropping a lot more than we know about, I am just interested in seeing what’s being dropped and whether I want to try and change the default setting of this catch all forwarder or not.

  •  

    F5 for TCP traffic should send TCP RST not drop it and you can enable debug for this :
    K13223: Configuring the BIG-IP system to log TCP RST packets

    https://my.f5.com/manage/s/article/K13223

     

    Still this may cause high cpu during working hours or log file getting too big and hard disk utlization, so better do this outide working hours.

     

    For UDP it is a bit harder .