Hi, I want to setup a new F5 box in my network. Before, i do that i want to understand how it can actually be configured in Routed and Bridge mode. I would really appreciate if someone can guide me on this. F5 is connected to AGG pair A, with upstream device as Access Router and downstream device as L2 TOR switches connecting servers, as below. Core | Access Router | | F5---Trunk----Agg Switch - A | | L2Hst TOR Switch | | | | Server1 Server2 I want to start with Routed mode configuration using tmsh. TH-genseek

i created 2 vlans/selfips; one is internal which connects to server and the other one is external which connects to Agg Switch-A. server's default gateway is F5. F5's default gateway is Agg Switch-A. please let us know if i misunderstood anything here. e.g. root@B3600-R66-S41(Active)(tmos) list net trunk trunk1 net trunk trunk1 { cfg-mbr-count 2 id 2 interfaces { 2.1 2.2 } mac-address 0:1:d7:b3:ab:13 } root@B3600-R66-S41(Active)(tmos) list net vlan internal net vlan internal { interfaces { trunk1 { tagged } } tag 4094 } root@B3600-R66-S41(Active)(tmos) list net vlan external net vlan external { interfaces { trunk1 { tagged } } tag 4093 } root@B3600-R66-S41(Active)(tmos) list net self 1.1.1.1/24 net self 1.1.1.1/24 { allow-service default vlan internal } root@B3600-R66-S41(Active)(tmos) list net self 2.2.2.2/24 net self 2.2.2.2/24 { allow-service default vlan external } root@B3600-R66-S41(Active)(tmos) list net route default net route default { gw 2.2.2.254 }

Thank you for the quick reply, nitass. I appreciate. I see that you have not created the pools and the correspoding virtual servers for load balancing. Can you do that also, please?

of course. e.g. root@B3600-R66-S41(Active)(tmos) list ltm pool foo ltm pool foo { members { 1.1.1.11:http { } 1.1.1.12:http { } 1.1.1.14:http { } } } root@B3600-R66-S41(Active)(tmos) list ltm virtual bar ltm virtual bar { destination 2.2.2.10:http ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } }

Nitass, Can you also calrify the following along with the rest.... a) Are the F5 internal and external VLANs, in same lines as Client and Server VLAN in Cisco CSM? If yes, then in routed mode, for Cisco, we use to configure the VIP of the virtual server in client VLAN range. In F5, the VIP sits on the external VLAN range or any other range other than internal and external? I have seen few deployments of F5, where the VIPs sit directly on internet IP range.

a) Are the F5 internal and external VLANs, in same lines as Client and Server VLAN in Cisco CSM? i am sorry i never used CSM, so i am not able to answer it. In F5, the VIP sits on the external VLAN range or any other range other than internal and external? I have seen few deployments of F5, where the VIPs sit directly on internet IP range.virtual server is able to be listening on any ip range.

Basic Setup of F5 | DevCentral

38 Replies

nitass
Employee
Jan 13, 2012
i did ping from pc to virtual server address. tcpdump was run on bigip.

the tcpdump output above shows icmp echo request reached bigip and bigip replied with icmp echo reply.
genseek_32178
Nimbostratus
Jan 13, 2012
but i'm not able to ping the VIP from within F5 itself.

Do you see any reason why this could happen? I mean usual reasons.
nitass
Employee
Jan 13, 2012
i have no idea yet.

is there any special in the virtual server configuration?
genseek_32178
Nimbostratus
Jan 13, 2012
In the below, VS configuration, can you tell me what is the purpose of the cmd - vlans q_mps_r_10.221.256.0_27 enable ?

What it does, when it is mapped to a VS? Is it a normal configuration to map vlans to Virtual servers just like pools, profiles etc?

virtual wlireports_df_wlxbici_80_vs {

pool wlireports_df_wlxbici_80_pl

destination 10.221.256.254:http

ip protocol tcp

profiles fastl4_default_gns_pr {}

vlans q_mps_r_10.221.256.0_27 enable
nitass
Employee
Jan 13, 2012
what is the purpose of the cmd - vlans q_mps_r_10.221.256.0_27 enable ? the virtual server is enabled on q_mps_r_10.221.256.0_27 vlan only. that means if traffic has to come from that vlan to hit the virtual server.

What it does, when it is mapped to a VS? Is it a normal configuration to map vlans to Virtual servers just like pools, profiles etc?that is fine. it might have some scenario which we do not want virtual server to be listening on every vlan.

can you try this command and see if arp is enabled or not?

b virtual address 10.221.256.254 list all

this is mine.

[root@ve1023:Active] config b virtual address 172.28.19.79 list all virtual address 172.28.19.79 { enable limit 0 arp enable route advertisement disable mask 255.255.255.255 floating enable unit 1 server any partition Common }
genseek_32178
Nimbostratus
Jan 13, 2012
Arp is enabled.

Actually, in the below configuration, the cmd - vlans q_mps_r_10.221.256.0_27 enable is not there, instead it is as below.

virtual wlireports_df_wlxbici_80_vs {

pool wlireports_df_wlxbici_80_pl

destination 10.221.256.254:http

ip protocol tcp

profiles fastl4_default_gns_pr {}

vlans q_mps_r_172.20.500-24 enable

vlans q_mps_r_203.36.134.0_192 enable

So, inbound traffic is coming on VIP,10.221.256.254. But the corresponding vlan, vlans q_mps_r_10.221.256.0_27 enable, is not mapped to the VS.

Could this be the reason? If yes, why?
nitass
Employee
Jan 13, 2012
i do not think so. virtual server is on port 80 but the problem we are taking is icmp (vlan on virtual server should not matter).

10.221.256.254 should be pingable anyway.
genseek_32178
Nimbostratus
Jan 13, 2012
Btw...i cannot see the ARP for the VIP.

Forum Discussion

Basic Setup of F5

38 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

error code 503 redirect irule

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

OWA File Upload URIs for WAF Bypass

F5 AWAF/ASM learning only from Trusted traffic?

F5OS VLAN naming length restrictions

Related Content

Less than 60 seconds lab setup

Implementing basic OAuth with F5 BIG-IP APM

Troubleshooting BIG-IP - The Basics

Getting Started with iRules: Basic Concepts

Basic OAuth concept and OAuth with F5 solutions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS