Forum Discussion

Amitabha_118500's avatar
Amitabha_118500
Icon for Nimbostratus rankNimbostratus
May 22, 2014

Client and VIP and Load balanced Nodes in the same network

Hello F5 experts, May I know if the following scenario works? The source client traffic and the Load balanced Nodes are in the same network (same VLAN). I have automap SNAT configured. F5 is not the default gateway.

 

The symptom I am seeing is that the traffic gets all the way to the destination server with source IP address NATed to F5 interface IP. The destination server replied, but the traffic never gets to the source server.

 

Thanks. Kim

 

5 Replies

  • What you are describing is a standard case for using a SNAT, automap or otherwise.

     

    I'd run some packet dumps on the F5 and maybe on the client as well, looking for where the traffic is failing.

     

  • Thanks Robert. What's weird is that it works once out of many trials. It also works from the default gateway, router.

     

    Do you any good tcpdump command I can use to capture the traffic before and after NAT?

     

    Thanks for your help.

     

  • What you describe matches the behavior of having client and node in the same network but -without- SNAT defined for the virtual -- node responds L2 to client instead of L3 via F5.

     

  • From bash shell of the LTM, run this tcpdump command:

     

    tcpdump -nni 0.0:n -s0 host 1.1.1.1 and host 2.2.2.2

     

    Replace 1.1.1.1 with the IP address of your client, and 2.2.2.2 with the IP address of your server. This will capture all traffic between the client and server. Also capture just the client traffic and just the server traffic just to see if you see anything unexpected there:

     

    tcpdump -nni 0.0:n -s0 host 1.1.1.1

     

    tcpdump -nni 0.0:n -s0 host 2.2.2.2

     

    Feel free to paste the results here for the community to analyze.

     

  • Thanks for all your responses. We have narrowed it down to the source physical server that VM is on. F5 is sending response back to the source server with right MAC, but the packet got lost somewhere.