Source Port Mangled down OSPF Tunnel

Question

Hi Guys,&nbsp;
&nbsp;We're currently transitioning to using advanced routing and BGP/OSFP advertisement of VIPs, and an issue has come up which is confusing me to no end.  I hope someone can point me in the right direction.&nbsp;
&nbsp;Our setup us as follows:&nbsp;
&nbsp;2 x F5 BIG-IP 1600 w/ Advanced Routing in Active/Standby
&nbsp; 1 x BGP Session to core network (advertise public IPs) (203.50.50.0/25)
&nbsp;1 x OSPF Session to core network (advertise private IPs) (10.20.1.0/24)
&nbsp;1 x Shared VIP range with Foundry ServerIRON Load balancer (203.0.100.0/24)&nbsp;
&nbsp;The issue is as follows:
&nbsp;10.20.1.1 sends DNS request to 203.0.100.1
&nbsp;Foundry delivers request to 10.20.2.1 as expected, response is sent to core network
&nbsp;Response packet delivered to F5 on OSPF interface as expected, packet has correct source port.
&nbsp;Response packet is delivered to 10.20.1.1 with incorrect source port&nbsp;
&nbsp;Something seems to be altering the source port of the response packet as it passes through the F5.  I have tried changing the settings for Source Port to 'preserve strict' without any change in behavior.  This also appears to be impacting TCP traffic, however DNS requests were the easiest to trace in our current network configuration.&nbsp;
&nbsp;If anyone could provide some suggestions, it would be greatly appreciated.&nbsp;
&nbsp;Thanks&nbsp;

nom_55811 · Answer

I've just played with the Source Port settings and discovered the following: 
&nbsp; Change - produces incrementing source ports starting from 2059 (may have been more before that, but that's the lowest in my tcpdump) 
&nbsp; Preserve - Source port for DNS response is always 1025 
&nbsp; Preserve Strict - No response packet received

aj1 · Answer

Hi Nom, &nbsp;
Did you actually find a solution to this. I have almost the same issue, that is, the source port in DNS reply is changed from 53 to something else as it passes through the F5. The weird part is that i cannot see that packet leaving the internal vlan via tcpdump but the packet shows up in the server's tcpdump (mis-ported). The server drops that packet and is not getting built (since DNS replies are getting mangled as they pass through F5). I have tried the "autolast hop" feature but that didn't work out.&nbsp;
PS: Our deployment has an active/standby viprion pair and two Juniper routers in full-mesh OSPF for link redundancy. There is no routing internally, all done using floating-IP.&nbsp;
Would greatly appreciate any help. Has been driving me nuts for a week now.&nbsp;
Thanks! &nbsp;

Forum Discussion

Source Port Mangled down OSPF Tunnel

2 Replies

Recent Discussions

Need advise to setup a policy on F5

Web acceleration

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Related Content

F5 BIG-IP Access Policy Manager (APM) Machine Tunnels for Windows

SSL VPN Split Tunneling and Office 365

DNS Tunnel Mitigation v2

DNS Tunneling Protection

Bgp inside ipsec tunnel