Forum Discussion

Sanjay_Yadav_17's avatar
Sanjay_Yadav_17
Icon for Nimbostratus rankNimbostratus
Jan 22, 2015

Configuring LTM with 5 different VLAN

Hello Team,

 

In my setup there is 5 different vlan subnet with different default gateway, So how I will configure default gateway for each vlan because I migrating F5 from cisco ACE context .

 

Please guide me to create context in F5 for each VLAN subnet.

 

Thanks

 

application delivery
BIG-IP Access Policy Manager (APM)
LTM
security
TMOS

7 Replies

  • Sanjay_Yadav_17's avatar
    Sanjay_Yadav_17
    Icon for Nimbostratus rankNimbostratus
    Jan 22, 2015
    Thanks for reply...but actually I want to add default gateway for each vlan..for example.. VLAN2= 0.0.0.0 0.0.0.0 x.x.2.1 VLAN3=0.0.0.0 0.0.0.0 x.x.3.1 but I am getting error...already 0.0.0.0 0.0.0.0 exist.. Please help...
  • NikhilB's avatar
    NikhilB
    Icon for Employee rankEmployee
    Jan 22, 2015

    As per Eric's response, you will need to have several router domains to accomplish this. You cannot have multiple default gateways in the default route domain 0. You can certainly have separate routes via different next hop address in route domain 0.

     

    • NikhilB's avatar
      NikhilB
      Icon for Employee rankEmployee
      Jan 23, 2015
      To add: not sure if you may want to look into gateway pools based on what you described. May not apply but worth looking into.
  • NikhilB_149913's avatar
    NikhilB_149913
    Historic F5 Account
    Jan 22, 2015

    As per Eric's response, you will need to have several router domains to accomplish this. You cannot have multiple default gateways in the default route domain 0. You can certainly have separate routes via different next hop address in route domain 0.

     

    • NikhilB_149913's avatar
      NikhilB_149913
      Historic F5 Account
      Jan 23, 2015
      To add: not sure if you may want to look into gateway pools based on what you described. May not apply but worth looking into.
  • StephanManthey's avatar
    StephanManthey
    Icon for Nacreous rankNacreous
    Jan 25, 2015

    Hi Sanjay,

     

    as described by the previous replies, the so called "route domains" may be an approach to meet your requirements.

     

    Route domains allow to build independent routing facilities and prevent from cross communication between them i.e. for security reasons or in case you are using overlapping IP address space.

     

    But perhaps the so called "AutoLastHop" feature already does what you are looking for?

     

    AutoLastHop is a feature of the TMOS connection table. Whenever a new connection comes in it stores the inbound VLAN and nexthop MAC address (will be the one of your nexthop router or firewall on inbound VLAN). All received responses will be returned exactly through this path as long as you are not disabling AutoLastHop globally or for a particular virtual server.

     

    This way TMOS makes sure traffic flows symmetrically and responses are delivered through the same path were the request was received from.

     

    The feature does not help in case TMOS has to forward traffic to a non-locally attached network (i.e. with network virtual servers in IP forwarding mode). In this case VLAN specific virtual servers (PerformanceL4 mode, Destination Address/Port Translation disabled, Pool containing the next hop router interface IP with port "0") will do the job.

     

    Back to your initial question: without using routing domains it is not possible, afaik.

     

    Thanks, Stephan