Forum Discussion
Sep 19, 2013
You can have a look at your connection table:
tmsh show sys conn all-properties
As W.L.B. already pointed out, beside the tuple and timeouts also the last hop information (MAC address) is stored, the ingress VLAN and even the egress VLAN (not on display unfortunately).
Btw, using the last hop information improves the performance, as no additional lookups are required to forward the servers response. There is one disadvantage to keep in mind: A failover on the routers may lead to a situation where responses are still forwarded to the initial MAC address. As this router / firewall is in 'standby' now, these packets will be dropped. Turning off auto last hop selectively is one workaround. Setting the HSRP / VRRP virtual MAC address as last hop via iRule is another one.Using virtual address space (both for VIPs and SNATs / NATs) to be reached via floating self IPs is a common concept in F5 deployments. And yes, 1st time it sounds strange to everyone who is familiar with typical router / firewall deployments. 🙂
PS: Things become complicated in active / active deployments (multiple traffic groups).