Nom_55811
Jun 21, 2010Nimbostratus
Source Port Mangled down OSPF Tunnel
Hi Guys,
We're currently transitioning to using advanced routing and BGP/OSFP advertisement of VIPs, and an issue has come up which is confusing me to no end. I hope someone can point me in the right direction.
Our setup us as follows:
2 x F5 BIG-IP 1600 w/ Advanced Routing in Active/Standby
1 x BGP Session to core network (advertise public IPs) (203.50.50.0/25)
1 x OSPF Session to core network (advertise private IPs) (10.20.1.0/24)
1 x Shared VIP range with Foundry ServerIRON Load balancer (203.0.100.0/24)
The issue is as follows:
10.20.1.1 sends DNS request to 203.0.100.1
Foundry delivers request to 10.20.2.1 as expected, response is sent to core network
Response packet delivered to F5 on OSPF interface as expected, packet has correct source port.
Response packet is delivered to 10.20.1.1 with incorrect source port
Something seems to be altering the source port of the response packet as it passes through the F5. I have tried changing the settings for Source Port to 'preserve strict' without any change in behavior. This also appears to be impacting TCP traffic, however DNS requests were the easiest to trace in our current network configuration.
If anyone could provide some suggestions, it would be greatly appreciated.
Thanks