Forum Discussion

Sarah_258804's avatar
Apr 26, 2016

Do I need a self-ip in the same subnet as my virtual servers, or a VLAN ID?

Hi all.

 

So my external self IP is in the 10.251.12.0/24 subnet and my virtual servers are in the 10.251.10.0/24 subnet. However, I can't ping any of my vIPs from the F5 itself or outside of that network. I noticed that if I put the vIP in the 10.251.12.0/24 subnet I can ping it from the F5 as well as outside of the network. It's like my F5 doesn't want to advertise my virtual servers.

 

Am I missing configuration here? I do not have a VLAN defined for the virtual servers, nor do I have a self-IP in that range. Should I?

 

  • Josiah_39459's avatar
    Josiah_39459
    Historic F5 Account

    That depends. You don't NEED one, but if you don't have one, then BOTH the BIG-IP needs a way to route to your server from a different self-ip, either via a route or the default tmm gateway (it can NOT use the management gateway), AND the server needs a route to the self-ip it receives the traffic from. If you are on the same subnet it is easy because you don't have to configure any routing.

     

    As for VLANs, the logic is similar, you have to make sure the ingress/egress traffic have the same VLAN tag or disable VLAN-keyed connections (not recommended).

     

    • Sarah_258804's avatar
      Sarah_258804
      Icon for Cirrus rankCirrus
      Oh, quick question. Just want to make sure that having my external self-ip in the same subnet as my virtual servers will not affect Auto SNATing from the VS address to the external self-IP?
    • Sarah_258804's avatar
      Sarah_258804
      Icon for Cirrus rankCirrus
      Thanks Theo, for now I think I will keep my virtual servers in the same subnet as my external self-IPs. As long as there is no reason that I should not do this.
    • Theo_12742's avatar
      Theo_12742
      Icon for Cirrus rankCirrus
      There is no best practice--the flexibility of the platform is you can do either, and there are reasons to do both. I will say the simpler way is to create the Self IP.
      • IRONMAN's avatar
        IRONMAN
        Icon for Cirrostratus rankCirrostratus

        Can you please tell me reasons, why we use the VIP's are in different sub net?