Forum Discussion

arpydays's avatar
arpydays
Icon for Nimbostratus rankNimbostratus
Jul 01, 2016

Forwarding VS and Route Domains

Hi,

I have an LTM setup with 2 RDs, RD0 and RD1. Both RDs have default routes to their respective gateways, all tested and working.

I have configured an IP Forwarding VS in RD0 listening on 0.0.0.0/0 and have a SNAT pool in RD1 associated with the VS. I want traffic to flow through the VS in RD0 and egress RD1. When I test this it doesn't work and I get a RST. If I make TWO change to the config to validate connectivity it works, the two changes are 1) change VS to L4 Perf and add pool with default gateway as pool member. So I've validated that the SNAT pool works etc. When I look at a low level tcpdump I see the follow RST cause in the trace…

rst_cause="[0x23e4909:259] No available SNAT addr" peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0

Any ideas why this wouldn't work? Using v12.1hf1

1 Reply

  • i'm not surprised, i think your SNAT pool should be in RD0, if you don't use the pool mechanism the RD0 traffic will stay routed in RD0 going through is default gateway. Thus he will expect a snat in the RD.

     

    When you use the pool method , you directly tell bigip too leak to RD1 thus you will use a snat in RD1.

     

    What you could do is breaking strict isolation and add a route in rd0 for your destination pointing to a gateway in rd1.