Forum Discussion

Evelio_191971's avatar
Evelio_191971
Icon for Nimbostratus rankNimbostratus
Mar 13, 2015

Ltm::Virtual Server: IPForwarding

Hello,

 

What is the Ltm::Virtual Server: IPForwarding virtual server shown on the output of "show ltm virtual all". (there is also a IPForwardingV6)

 

The story begins because we are seeing spikes of 10k in the number of connections every 15 min or so. Since the graph on Overview => Performance is an aggregate, we moved to poll stats over snmp to get the number of connections per virtual server.

 

to my surprise all virtual servers are ok expect the IPForwarding where i see the actual spikes. What traffic is treated by this virtual server? It doesnt seem to be the sum of all virtual servers but rather a different traffic.

 

cat /etc/issue BIG-IP 11.6.0 Build 0.0.401 Kernel \r on an \m

 

thanks evelio

 

application delivery
LTM
performance

1 Reply

Sort By
  • TJ_Vreugdenhil's avatar
    TJ_Vreugdenhil
    Icon for Cirrus rankCirrus
    Mar 13, 2015

    "A Forwarding (IP) virtual server forwards packets directly to the destination IP address specified in the client request. A Forwarding (IP) virtual server has no pool members to load balance." So basically this turns your F5 into a router and unless you have a traffic filter configured, it sends the packets you have in the destination VIP based on the routes you have on the F5.

     

    I see a lot of clients configure a wildcard forwarding VIP with destination 0.0.0.0:0 which allows any protocols through, IP, TCP, UDP, etc. Some clients configure a forwarding VIP in combination with a route friendly fastl4 profile to allow asymmetric routing. Other use it simply to all ICMP, traceroute, and other protocols that they don't want to just block at the F5.

     

    https://support.f5.com/kb/en-us/solutions/public/14000/100/sol14163.html

     

    https://support.f5.com/kb/en-us/solutions/public/7000/500/sol7595.html

     

    You can figure out what traffic is going through the F5 during these spikes by running a tcpdump and using the wireshark summary page to get a statistics for what kinds of traffic are occurring. You can set the snaplen to a lower value to not capture as much of the payload so your capture will not be huge...

     

    tcpdump -vvv -nni any:nnnp -s 100 -w everything.pcapng

     

    Also what is the destination IP and port of your forwarding VIP? Is it 0.0.0.0:0?