Forum Discussion
ltp_55848
Jul 05, 2011Nimbostratus
After some though on the matter; I ended up creating an iRule on the wildcard virtual server on the backend VLAN to output some verbose logging for the purposes of gathering information form an LTM perspective.
What I found was that the return traffic from a client directly to a backend node (not via a VIP) was being PBR'ed as expected to the F5 self-IP on the backend node's VLAN. However, because the F5 was unaware of the initial traffic flow (it came via the network and not from the F5), the return traffic flow was seen as a client connection to the F5's, with the server being the original requesting client.
The solution was to use an exceedingly simple iRule on the wildcard virtual server for the backend VLAN to set the client nexthop to an F5 self-IP on a "external" VLAN.