Hi, I want to setup a new F5 box in my network. Before, i do that i want to understand how it can actually be configured in Routed and Bridge mode. I would really appreciate if someone can guide me on this. F5 is connected to AGG pair A, with upstream device as Access Router and downstream device as L2 TOR switches connecting servers, as below. Core | Access Router | | F5---Trunk----Agg Switch - A | | L2Hst TOR Switch | | | | Server1 Server2 I want to start with Routed mode configuration using tmsh. TH-genseek

i created 2 vlans/selfips; one is internal which connects to server and the other one is external which connects to Agg Switch-A. server's default gateway is F5. F5's default gateway is Agg Switch-A. please let us know if i misunderstood anything here. e.g. root@B3600-R66-S41(Active)(tmos) list net trunk trunk1 net trunk trunk1 { cfg-mbr-count 2 id 2 interfaces { 2.1 2.2 } mac-address 0:1:d7:b3:ab:13 } root@B3600-R66-S41(Active)(tmos) list net vlan internal net vlan internal { interfaces { trunk1 { tagged } } tag 4094 } root@B3600-R66-S41(Active)(tmos) list net vlan external net vlan external { interfaces { trunk1 { tagged } } tag 4093 } root@B3600-R66-S41(Active)(tmos) list net self 1.1.1.1/24 net self 1.1.1.1/24 { allow-service default vlan internal } root@B3600-R66-S41(Active)(tmos) list net self 2.2.2.2/24 net self 2.2.2.2/24 { allow-service default vlan external } root@B3600-R66-S41(Active)(tmos) list net route default net route default { gw 2.2.2.254 }

Thank you for the quick reply, nitass. I appreciate. I see that you have not created the pools and the correspoding virtual servers for load balancing. Can you do that also, please?

of course. e.g. root@B3600-R66-S41(Active)(tmos) list ltm pool foo ltm pool foo { members { 1.1.1.11:http { } 1.1.1.12:http { } 1.1.1.14:http { } } } root@B3600-R66-S41(Active)(tmos) list ltm virtual bar ltm virtual bar { destination 2.2.2.10:http ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } }

Nitass, Can you also calrify the following along with the rest.... a) Are the F5 internal and external VLANs, in same lines as Client and Server VLAN in Cisco CSM? If yes, then in routed mode, for Cisco, we use to configure the VIP of the virtual server in client VLAN range. In F5, the VIP sits on the external VLAN range or any other range other than internal and external? I have seen few deployments of F5, where the VIPs sit directly on internet IP range.

a) Are the F5 internal and external VLANs, in same lines as Client and Server VLAN in Cisco CSM? i am sorry i never used CSM, so i am not able to answer it. In F5, the VIP sits on the external VLAN range or any other range other than internal and external? I have seen few deployments of F5, where the VIPs sit directly on internet IP range.virtual server is able to be listening on any ip range.

Basic Setup of F5 | DevCentral

38 Replies

nitass
Employee
Jan 10, 2012
i do not see the internal or external cmd.internal and external are just vlan names. in your config, they are VLAN_A, VLAN_B, VLAN_C, etc. by the way, i do not think your bigip is in bridge mode.
genseek_32178
Nimbostratus
Jan 10, 2012
Ok,let me ask you directly.

["by the way, i do not think your bigip is in bridge mode.]

Are you concluding this because there is NO vlangroup cmd any where in the config?

What then is the mode, my bigip, is in?

If the existence of vlangroup cmd only criteria to say decide bridge or routed mode?
nitass
Employee
Jan 10, 2012
Are you concluding this because there is NO vlangroup cmd any where in the config?

What then is the mode, my bigip, is in?

If the existence of vlangroup cmd only criteria to say decide bridge or routed mode? i think you are not doing bridge since you do not have vlangroup configuration and also based on your diagram, access router and servers are in different subnet.
genseek_32178
Nimbostratus
Jan 10, 2012

OK.

Am also looking at the config part, where, i see that both the servers in the pool and the virtual IP are both in the same network.

Does it not indicate a bridge mode config?

Bcoz,in routed mode,both the servers pool and VIPs ought to b in different VLAN subnets, right?
nitass
Employee
Jan 10, 2012
Am also looking at the config part, where, i see that both the servers in the pool and the virtual IP are both in the same network.

Does it not indicate a bridge mode config? i do not think so. even both are in the same subnet, there is only one vlan.

Bcoz,in routed mode,both the servers pool and VIPs ought to b in different VLAN subnets, right?not really. virtual server and pool are able to be in the same vlan and bigip routes traffic between them.
genseek_32178
Nimbostratus
Jan 10, 2012
Thanks a ton!! nitass for your prompt and patience responses to all my questions. I really appreciate the effort. Thanks again.

As i'm from Cisco background and worked on Cisco load balancers, i was sort of conditioned on concepts around load balancers and therefore had to ask so many questions to understand the working of F5.

I must say, F5 is in LOT many ways different than Cisco load balancers in the way it works and has hoards of features to get hands on before one even starts feeling confortable with it.

If i have any questions in continutation to this thread, can i post them in the same thread or do i have to open a new thread?
nitass
Employee
Jan 10, 2012
you are welcome. :-)

If i have any questions in continutation to this thread, can i post them in the same thread or do i have to open a new thread?if it is a new question, i think opening a new thread may be good. it will be easier to understand for somebody searching it later.

additionally, there are other ways you can get help. one is F5 support and the other one is F5 SE in your country. F5 support is a good place if you think it is a bug or breakfix. F5 SE is the best to find a solution.
genseek_32178
Nimbostratus
Jan 13, 2012
nitass,

just rolled out a new VS on public ip..but not able to ping it from our edge access routers?

Another VIP on the same range, infact, the very next IP...is reachable from the access router?

Any idea..where i might be missing?

nitass

Employee

Jan 13, 2012

just rolled out a new VS on public ip..but not able to ping it from our edge access routers?do you know if icmp arrives at bigip?

the following is output when i run tcpdump on bigip and filter by virtual server address (172.28.19.79) and icmp.

[root@ve1023:Active] config  tcpdump -nni 0.0 host 172.28.19.79 and icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
04:22:50.815466 IP 192.168.206.42 > 172.28.19.79: ICMP echo request, id 1, seq 5, length 40
04:22:50.815484 IP 172.28.19.79 > 192.168.206.42: ICMP echo reply, id 1, seq 5, length 40
04:22:51.841650 IP 192.168.206.42 > 172.28.19.79: ICMP echo request, id 1, seq 6, length 40
04:22:51.841668 IP 172.28.19.79 > 192.168.206.42: ICMP echo reply, id 1, seq 6, length 40

genseek_32178
Nimbostratus
Jan 13, 2012
Thanks again nitass for the response..

I'm not able to ping the VIP from within the F5 prompt itself.

Forum Discussion

Basic Setup of F5

38 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Bash shell and ping command on F5 rseries

Same LTM Monitor applied to different Pools with Common Nodes

Request for Bug Tracker/Known Issues – BIG-IP Version 17.5.1.2

Owa did not show support id asm

error code 503 redirect irule

Related Content

Less than 60 seconds lab setup

Implementing basic OAuth with F5 BIG-IP APM

Troubleshooting BIG-IP - The Basics

Getting Started with iRules: Basic Concepts

Basic OAuth concept and OAuth with F5 solutions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS