Auto Last Hop - Return Traffic without Routes:
By
default, the BIG-IP system auto_lasthop global variable is enabled. Auto Last Hop maintains a connection table recording
the interface and MAC address of the upstream device which sent the flow to the
Big-IP and sends reply packets to this interface/MAC address.
Systems - Configuration - Local Traffic - General:
The Big-IP tracks the source MAC
address of incoming connections and returns traffic from pools to the source
MAC, regardless of routing table.
show sys connection
-the
connection table shows the lasthop information for an object.
Last Hop Pool
If the MAC address of the
device that sends inbound traffic to the BIG-IP system changes (such as
when redundant firewalls or routers failover), the BIG-IP system will continue
to send return traffic to the old MAC address. Because the network device
owning the old MAC address will no longer be accepting return traffic, this
situation causes all existing long-lived connections to fail.
This can be resolved by configuring
the BIG-IP virtual servers to use a last hop pool. This configuration will
override the auto_lasthop variable. The pool selected for last hop contains the
firewall or router addresses, which enables the BIG-IP system to select an
alternative IP address and, therefore, a new MAC address in the event that one
of the firewall devices fails.
Local Traffic - Virtual Server - Click on Virtual Server Name - Advance (Configuration) - Last hop Pool
How to configure Last Hop Pool ?
1. Configure Pool - contains the firewall or router addresses.
2. Go to Virtual Server and call the Pool under Last Hop Pool
No comments:
Post a Comment