Re: [load balancing] BIG-IP TCP session table question

From: Bill Whitson <b.whitsonIZZATf5.com>
Date: Fri Jan 07 2005 - 16:01:19 EST

Matt,

The answer to this question is somewhat version dependent. Assuming you are
on 4.x or earlier, enabling IP forwarding should allow just about anything
through. Even with IP forwarding enabled, some versions will not allow
packets to pass if the source address matches a SNAT and BIG-IP did not
catch the syn to set up a connection.

In more recent versions, you can also use a forwarding virtual server.

See the following docs to get started:

http://tech.f5.com/home/bigip/solutions/iprouting/sol473.html
http://tech.f5.com/home/bigip/solutions/natsnat/sol2251.html

Bill 

-- 
Bill Whitson
Solutions Engineer
AskF5
Desk: 206-272-6587
Mobile: 206-604-7048
b.whitson@f5.com
AskF5: http://tech.f5.com/
On 1/7/05 10:50 AM, "Matt Bazan" <Mbazan@onelegal.com> wrote:
> Have a question about how the BIG-IP handles TCP sessions.  I have a
> need for the BIG-IP to allow TCP session traffic through (from one
> interface to another, both ints in same VLAN) when the BIG-IP was not
> privy to the intial syn of the three way handshake.
> 
> In other words, the syn of the three way handshake is being bridged by
> the BIG-IP (therefore not creating an entry in the BIG-IPs session
> table) but the return syn/ack is being routed back through the BIG-IP.
> When BIG-IP checks it's session table it sees that there is not a
> corresponding entry for this session and then promptly drops the packet.
> Is there a way to make the BIP-IP more permissive in this regard?
> 
> Thanks again -
> 
> Matt
> 
> ____________________
> The Load Balancing Mailing List
> Unsubscribe:    mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
> Archive:        http://vegan.net/lb/archive
> LBDigest:       http://lbdigest.com
> MRTG with SLB:  http://vegan.net/MRTG
> Hosted by:    http://www.tokkisystems.com
> 
____________________
The Load Balancing Mailing List
Unsubscribe:    mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive:        http://vegan.net/lb/archive
LBDigest:       http://lbdigest.com
MRTG with SLB:  http://vegan.net/MRTG
Hosted by:	http://www.tokkisystems.com
Received on Fri Jan 7 17:04:12 2005

This archive was generated by hypermail 2.1.8 : Fri Jan 07 2005 - 17:06:36 EST