Forum Discussion
BIG-IP does not route traffic from "internal vlan" to "external vlan"
Hello,
My name is Joaquin, I am working in a lab for a implementation of BIG-IP 2000S LTM, I pass to explain my topology and what is happening.
I will load balance the outgoing traffic to 2 links of internet for example: Link 1: 1.1.1.5 and Link 2: 2.2.2.5, I added 3 Self-IPs one 1.1.1.1 that points to the Link 1, and the other 2.2.2.1 that points to the Link 2. Then I added 2 nodes one is the 1.1.1.5 and other 2.2.2.5 on a pool (pool_dfg) for the load balance. And also I created an Internal vlan (untaged) that points to a host 192.168.1.1 with his respective self-ip (ex: 192.168.1.100) on interface 1.1 and external vlan (untaged) that points to Link 1 ( int 1.3), and Link 2 ( int 1.4), and a default route 0.0.0.0/0 that points to the pool pool_dfg of the links!
From the F5, I can ping the interfaces of the routers and it loadbalances the "pings" between one link and the other as I want, and if I connect one host behind the routers I can ping it too, but here is the problem from the host on the Internal VLAN (192.168.1.1), I can ping the interfaces of the F5 (self ips, example: 1.1.1.1), but the pings doesn't pass from the F5, for example If I want to ping the "node Link 1 -1.1.1.5- router interface" I can't and the same with "node Link 2", the packets never arrive.
I think I am missing some essential thing. If you could help me I will be so greatfull, If you need some information more, don't doubt in ask.
**_First of anything thanks you so much for reading my ask!_**
- JMart_143192Nimbostratus
I had not configured the Forwarding Virtual server, now the traffic is passing as I wanted!!
Thanks you so much for the help! Regards
- JMart_143192Nimbostratus
Thanks both of you, I will be analizing the information you give me and then I will feedback, thanks you so mucho for the help!!
Regards
- gsharriAltostratus
BIGIP is a default deny device. It will not route or pass traffic between vlans until told to. For the scenario you describe you will need what's called a wildcard virtual server using the pool you configured that contains your links to load balance traffic to the internet. A forwarding virtual server cannot be used because they do not provide load balancing capabilities.
- NikhilBEmployee
Have you configured a NFVS - network forwarding virtual server?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com