On my network, recurrent curl tests to a virtual server (10.184.1.12) only fail when the source ip is on the same subnet. (eg,10.184.1.78)
When recurrent curl tests are performed from any other subnet (eg,10.243.2.3 or 10.123.34.5) to the destination virtual server (10.184.1.12), they NEVER fail.
Are there any leads to what can warrant this.
It could be that the backend servers are trying to respond directly to the user that initiated the curl instead of F5. If this is the case, the user RST the connection. Do you have SNAT in place?
HI,EBEN,SNAT is in place.
However,I have a one-armed mode scenario.
The virtual server,back-end servers and snatch pools are all in the same subnet (10.184.1.x)
packet captures will probably help a lot, one on the big-ip to see where traffic halts and one on the server to see what happens there.
In addition, share the output of "tmsh list ltm virtual <virtual-server-name>"
another chance is the listening on VLANs setting, is that enabled and not on all VLANs?
Can you check that snat is set to automap (to avoid asymetric routing).
Then during curl can you process a capture:
tcpdump -nni 0.0 host 10.184.1.12 and host 10.184.1.xxx
where 10.184.1.xxx is your source IP in the same subnet that you VS.
You can see firts if you have an response from F5 and if the response come from Self IP.
Keep me update.
Okay Youssef,i would do so and revert. I'm also wary, it may be a problem with the VIRTUAL environment, as that whole subnet is on our Virtual VMware infrastructure
In all case capture will allow you to check what's happening (don't forget to check snat).
keep me in touch. good luck.
Thanks for your help,after further trubleshooting,i made a discovery with the help of our Virtualization team. The problem only exists on nodes built with Microsoft Hyper-V, but the Virtual machines built with VMWARE don't have the problem.
I will find out why that behavior existson Hyper-V and update here.
interesting, feels like Hyper-V might not accept certain traffic due to unexpected MAC addresses or such.