For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Doran_Lum_13484's avatar
Doran_Lum_13484
Icon for Nimbostratus rankNimbostratus
Nov 07, 2016

Difference between LTM Mgmt IP and Self IP

Hi all, why are we able to configure the F5 LTM using either F5 Mgmt or Self-IP address ?

 

I understand the Mgmt IP is solely use to configure the F5 at the inital stage and then later I start to use the Self-IP Floating IP to do any further configuration to avoid making the changes on the inactive node. But does it matter if we configure the LTM on either Mgmt IP or Self-IP ?

 

To go deeper into Self-IP I read up the link below, but I still can't understand F5 Self-IP completely. I only can understand that it's used as a default route to my VIPs which are on a different VLAN. https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-routing-administration-11-6-0/5.html

 

application delivery
LTM

3 Replies

  • Samir_Jha_52506's avatar
    Samir_Jha_52506
    Icon for Noctilucent rankNoctilucent
    Nov 07, 2016

    Its your choice how you are managing f5 device
    . Basically management is use to manage f5 device configuration, Monitoring snmp, etc. Self IP address is an IP address on the f5 system that you associate with a VLAN, to access hosts in that VLAN. Most organization restrict self-ip to access LB device & don't segregate mgmt traffic to self-IP & avoid mess during troubleshooting.

  • hari_126827's avatar
    hari_126827
    Icon for Cirrus rankCirrus
    Nov 07, 2016

    Hi,

     

    In my view, Mgmt Int. have its security reasons so that it will be in trusted network., and TMM interface could have LB traffic ( if needed + mgmt. traffic)

     

    So yes (but not recommended), there is no issue observed in using self IP with confirming that "port lockdown" settings allowing SSH and 443 (whish is there in "allow default" port lockdown option)

     

    please see if below links to see if it could help to reach the conclusion:

     

    sol13284: Overview of management interface routing (11.x - 12.x)

     

    sol13250: Overview of port lockdown behavior (10.x - 11.x)

     

    sol7312: Overview of the management port

     

  • Jinshu's avatar
    Jinshu
    Icon for Cirrus rankCirrus
    Nov 07, 2016

    You can access BIG IP GUI via self IP address (Consider it is not locked down) or management IP address.

     

    I strongly suggest to aviod self IP address to use for any management related activities. There are situations like device offline etc where only management address will be active on system.

     

    -Jinshu