For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Tiger86_92132's avatar
Tiger86_92132
Icon for Nimbostratus rankNimbostratus
Apr 19, 2011

A simple load balancing network

Hi,

 

I'm using BIG-IP 1600 with LC module. I need to config a simple load balancing network (just need outbound load balance), here's my network:

 

- I have 2 VLAN external for 2 internet lines, with 2 modems connect PPPOE to the Internet (use NAT on modems) (192.168.101.0/24 and 192.168.102.0/24)

 

- and 1 VLAN internal for clients (10.8.23.0/24)

 

 

I followed the configuration guide:

 

- create VLANs

 

- config self IPs for all VLAN

 

- define 2 Links for internet lines

 

- create Pool named default_gateway_pool that include 2 LAN IPs of the modems

 

- define a wildcard virtual server with default_gateway_pool

 

- create default route: using Pool default_gateway_pool

 

 

From F5, I can ping clients, LAN IPs of routers and ping to the Internet but from client, I can ping only the self IP of internal VLAN. I use self IP of internal VLAN for gateway for clients, is it rights ?

 

 

Could anyone tell me what step I missed ?

 

 

Many thanks

 

config
design

30 Replies

  • Cspillane_18296's avatar
    Cspillane_18296
    Icon for Nimbostratus rankNimbostratus
    Apr 19, 2011
    Hello,

     

     

    did you turn off address and port translation for the outbound Virtual Server? Also ensure it is enabled only on the internal VLAN (where the clients are).

     

     

    You should also enable SNAT on the Virtual Server (just use SNAT Automap for now).

     

     

    If you have a floating internal IP address, use that rather than a static one (to allow for failover situations, assuming you have a HA pair).

     

     

    Let us know how you get on.

     

     

    Chris
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 19, 2011
    i agree with chris. i think u've to use snat automap on the wildcard virtual server. otherwise, u need static route to 10.8.23.0/24 on the internet gateway.

     

     

    additionally, tcpdump should show what wrong is.

     

    tcpdump -nni 0.0 icmp

     

     

    cheer!
  • Tiger86_92132's avatar
    Tiger86_92132
    Icon for Nimbostratus rankNimbostratus
    Apr 20, 2011
    Thank you for your supports. I enable SNAT on the wildcard virtual server and use SNAT on the internal VLAN, then it works.
  • Tiger86_92132's avatar
    Tiger86_92132
    Icon for Nimbostratus rankNimbostratus
    Apr 20, 2011
    By the way, I can not ping any host on the Internet from clients although clients can connect to the Internet. Did I still miss something ?
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 20, 2011
    have u enabled Snat.AnyIpProtocol db variable? it is in preference setting page.

     

     

    Snat.AnyIpProtocol = enable
  • Minn_62043's avatar
    Minn_62043
    Icon for Cirrostratus rankCirrostratus
    Apr 21, 2011
    You can also check your Protocol in virtual server's settings page. By default, it is "TCP" only.
  • Tiger86_92132's avatar
    Tiger86_92132
    Icon for Nimbostratus rankNimbostratus
    Jun 08, 2011
    Now, I need to NAT some internal IPs to the Internet. I don't know exactly what i have to do, can I use NAT & SNAT together ?
  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Jun 08, 2011
    Yes, that's no problem... Just select the options and go.

     

     

    H