Packet rejected remote IP proto TCP: Destination VIP disabled

Summary

The TM.ContinueMatching db variable affects how the BIG-IP system processes traffic when a higher precedence virtual server is disabled and a lower precedence virtual server is available.

Description

When the TM.ContinueMatching db variable is set to true, the BIG-IP system checks if another virtual server is available to handle a request if the higher precedence virtual server is disabled.

In the following example, the port-specific virtual server is disabled, which allows the system to use the wildcard virtual server 10.10.1.10:* to handle a client request to 10.10.1.10:80:

TM.ContinueMatching = true

Virtual Server: 10.10.1.10:80
Status: Disabled

Virtual Server: 10.10.1.10:*
Status: Up and Available

When the TM.ContinueMatching db variable is set to false, the BIG-IP system does not allow a lower precedence virtual server to handle a request when a higher precedence virtual server is disabled. Additionally, the BIG-IP system rejects the packet and log information, similar to the following example in the /var/log/ltm file:

01200006:4: Packet rejected remote IP 172.16.64.2 port 1687 local IP 10.10.1.10 port 80 proto TCP: Destination VIP disabled

By default, the TM.ContinueMatching db variable is set to false in BIG-IP 9.4.0 and later. Prior to BIG-IP 9.4.0, the TM.ContinueMatching db variable is set to true by default.

Recommendations

When configuring virtual servers that may overlap in IP addresses and/or ports, you should consider the following factors:

• If you do not want another matching virtual server to handle an incoming request that is destined for a disabled virtual server, you must set the TM.ContinueMatching db variable to false.
• If you want another matching virtual server to process an incoming request that is destined for a disabled virtual server, you must set the TM.ContinueMatching db variable to true.

You can change this behavior by modifying the TM.ContinueMatching db variable. To do so, perform the one of the following procedures, appropriate for your version:

BIG-IP 11.x

1. Log in to the Traffic Management Shell (tmsh) by typing the following command:

   tmsh

   Note: If you are currently logged in to the tmsh shell, you can skip this step.

2. Modify the TM.ContinueMatching db variable to either true or false by typing the following command:

   modify /sys db tm.continuematching value [true|false]

3. Save the change by typing the following command:

   save /sys config

BIG-IP 9.x through 10.x

1. Log in to the command line.
2. Modify the TM.ContinueMatching db variable to either true or false by typing the following command:

   bigpipe db TM.ContinueMatching [true|false]

3. Save the modifications by typing the following command:

   bigpipe save all

Supplemental Information