i do not have asymmetric routing in lab. what i am doing here is to snat to specific port number.
my bigip has 2 tmm. virtual server and pool member ports are 80. so, normally if source port on client-side is even, server-side will be even too. this make sure response will hit the same tmm it is sent out (by default, tmm is chosen by source port xor destination port).
anyway, it seems that when profile idle timeout is immediate, i am able to use whatever source port number on server-side (no need to be odd or even port number as source port on client-side).
configuration
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
destination 172.28.24.10:80
ip-protocol tcp
mask 255.255.255.255
pool foo
profiles {
fastl4_immediate { }
}
rules {
qux
}
source 0.0.0.0/0
vs-index 11
}
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
members {
200.200.200.101:80 {
address 200.200.200.101
}
}
}
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
when CLIENT_ACCEPTED {
snat 200.200.200.88 1111
}
}
trace
[root@ve11c:Active:In Sync] config tcpdump -nni 0.0 -s0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
02:34:20.455993 IP 172.28.24.1.1000 > 172.28.24.10.80: S 1290584564:1290584564(0) win 512 in slot1/tmm0 lis=
02:34:20.456085 IP 200.200.200.88.1111 > 200.200.200.101.80: S 1290584564:1290584564(0) win 512 out slot1/tmm0 lis=/Common/bar
02:34:21.457089 IP 172.28.24.1.1001 > 172.28.24.10.80: S 1397167148:1397167148(0) win 512 in slot1/tmm1 lis=
02:34:21.457178 IP 200.200.200.88.1111 > 200.200.200.101.80: S 1397167148:1397167148(0) win 512 out slot1/tmm1 lis=/Common/bar
02:34:22.458724 IP 172.28.24.1.1002 > 172.28.24.10.80: S 1258304707:1258304707(0) win 512 in slot1/tmm0 lis=
02:34:22.458821 IP 200.200.200.88.1111 > 200.200.200.101.80: S 1258304707:1258304707(0) win 512 out slot1/tmm0 lis=/Common/bar