Forum Discussion

young19918's avatar
young19918
Icon for Cirrus rankCirrus
May 23, 2023

Can a floating IP be the next hop for routing?

Hello, Recently tried using HA in Route mode. Here is my structure : I thought floating ip can be the next hop of Route. So I set the next hop in Client Route as 1.1.1.3 & Switch's is 2.2.2...
application delivery
  • Paulius's avatar
    Paulius
    May 24, 2023

    young19918 

    So from client 1.1.1.4 you are attempting to reach server on 3.3.3.1 on tcp/80 or possibly tcp/443? If your routing is in place and you can indeed ping 3.3.3.1 from 1.1.1.4 and the other way around then it could be your forwarding virtual server that is not allowing the traffic to pass through the F5. You should be able to perform a tcpdump on the active F5 of the following and see where the traffic is going.

    tcpdump -nni 0.0:nnp host <source_IP> and port <destination_port>

    tcpdump -nni 0.0:nnp host 1.1.1.4 and port 80

    In your topology I would make the switch an L2 switch for the VLAN that sits behind the F5s and have the F5s and server be in subnet 2.2.2.0/24 with the gateway for the server being 2.2.2.3. If forcing the switch to be in routed servse another purpose for you then keep it but if not I wouldn't do it because it adds unneeded complexity without much benefit. If your intent is to be able to manage the switch by an IP you can always IP it from that same 2.2.2.0/24 subnet and reach it.

young19918's avatar
young19918
Icon for Cirrus rankCirrus

Hi Paulius ,

Thanks for your reply.

After setting it up, Client and Server can ping each other
But the Client cannot browse to the server through VIP, I tried to browse the Server directly without VIP, but it also failed ......

Paulius's avatar
Paulius
Icon for MVP rankMVP
May 24, 2023

young19918 

So from client 1.1.1.4 you are attempting to reach server on 3.3.3.1 on tcp/80 or possibly tcp/443? If your routing is in place and you can indeed ping 3.3.3.1 from 1.1.1.4 and the other way around then it could be your forwarding virtual server that is not allowing the traffic to pass through the F5. You should be able to perform a tcpdump on the active F5 of the following and see where the traffic is going.

tcpdump -nni 0.0:nnp host <source_IP> and port <destination_port>

tcpdump -nni 0.0:nnp host 1.1.1.4 and port 80

In your topology I would make the switch an L2 switch for the VLAN that sits behind the F5s and have the F5s and server be in subnet 2.2.2.0/24 with the gateway for the server being 2.2.2.3. If forcing the switch to be in routed servse another purpose for you then keep it but if not I wouldn't do it because it adds unneeded complexity without much benefit. If your intent is to be able to manage the switch by an IP you can always IP it from that same 2.2.2.0/24 subnet and reach it.

  • young19918's avatar
    young19918
    Icon for Cirrus rankCirrus
    May 24, 2023

    Paulius ,

    Thanks for your help.

    I have already fix it.