Forum Discussion

davidy2001's avatar
Nov 07, 2022

F5 and its gateway

Hi I made basic F5 configuration based on F5 protocol. But I notice there is not gateway config towards outside connection. For example, the virtual server in F5 send message out via  its neighbor device. We do not need to define the neighbor device’s ip address at the F5. If so, F5 find the gateway through the incoming traffic, Is this correct? Thanks

  • Thanks very much. I found default gateway ip address in my F5. Please see below. The question is I did not add the Gateway Address on this page, can you tell which step I did to have the ip address 10.0.30.254 over there? 

    • Hi davidy2001 , 
         This Configuration Page Related to adding specific routes , and option Gateway here means it is the "next hop" interface. 
      we add this next hope with all vendors when we create a static routes. 

      This not the Default Gateway of F5 , or it is not the same meaning such as " servers , PCs ... ) 
      - you Can add hundreds of static routes with different Gateways " Next hops" , I mean the next hop here controls the flow or traffic vectors. 

      I hope this help you. 
      Ty 

    • So when you config your device for the first time using the "config" command on the console.

      You can or do put a default route in.

      I'm just not sure that feeds through into tmm so you see that.

      Having said that I'm on u14 so that might be different in different versions.

      • Hi PSFletchTheTek , 
                The Cli or Consol first time when issuing ( config ) command , its to configure management interface. 
        By using " Config " Command on bash , you give an ip address for management interface , and the default route is configured with an ip from the management subnet and we can say that is the default gateway for management traffic not real or data traffic. 

        Also , Management traffic is an adminstrative traffic which handled or processed by Control plan , not like real traffic or data traffic which processed by tmm or data plan. 

        Regards

  • I was going to say that, ti's saved many a issue for me!
    But its only helpful on incoming traffic, giving the f5 a chance of knowing where to send things back to.

    If you are trying to route to AD servers (for APM) or even radius servers then you'll ned to consider Netowrk > Routes.
    And/Or the default routes used by the linux kernal / management interface.

    Also consider that management and TMM can both have default routes!

  • Mohamed_Ahmed_Kansoh 

    Thanks for your reply. I think its ok without defining gateway at the F5, but the case only can work only if the switch launch the process. Lets have simple diagram like this:   Switch(layer3)---------F5-------Nodes

    The process is the switch launch the process and send traffic to F5. If F5 or node launch the process, the traffic would not know where to go, so it needs gateway pointing to the switch, right? 

    • Hi davidy2001 , 
              Of course there is a known direction of traffic. 
      > Lets have " L 3 Switch --- F5 --- Nodes " scenario : 
      - L3 switch direct its traffic to F5 because there is a " Route " specified on L3 Switch , this Route works as below :
      ( If you want to reach to a virtual server hosted by F5 , send or throw the traffic on F5 self ip (next hop in routing ) "where F5 self ip and switch are connected and have ips in same subnet") 
      - After That F5 will Process coming traffic and deliver this traffic to its internal nodes. 
       
      > Lets have " F5 , Or nodes " lunch the process of traffic : 
      - For F5 lunches traffic to L3 Switch , to lunch traffic to Switch " let we say  F5 needs to get updates from internet , so it must go through L3 Switch first , by creating a default route on F5 it self , this route says " if F5 want to send any traffic to its next hop and it will be L3 Switch interface in our Example) 

      - For Internal Nodes  , you first need to create new Virtual server on F5 to server Nodes traffic , in Case Nodes itself lunch traffic first , it must find a virtual server on F5 recieve its traffic. 
      This Virtual server Can be standard , or another type of Virtual servers is widely used for nodes if it want to reach to internet for updates " this type of Virtual servers called " Forwarding ip ". 

      - you know that nodes as a servers need to Configure a default gateway , to get out through it .

      > Simply , Routing is main controller For Traffic direction or Flow , For F5 or Switch , both of  devices get out based on its routes 
      > That was the traffic Flow from F5 perspective. 

      Thanks and hopfully it helps you. 
      Regards

  • Hi davidy2001 , 
             F5 do not need to define a gateway to it such as " servers , PCs , ... " , F5 needs only to main objects of configuration to make it alive in network ( Vlan and self ip " normal ip address from this Vlan subnet" ) 
    Lets simplify : 
    > we have F5 appliance and a Layer 3 Switch in front of. 
    We need to connect both of devices with each other. 
    I will talk about incomming traffic : 
    > Layer 3 Switch : 

    - assign a physical interface 

    - create VLAN and give it Tag 20 

    - give this interface ip from vlan 20 subnet " lets say " 20.20.20.0/24" and Layer 3 switch take 20.20.20.2

    > For F5 : 
    - Create VLAN and give it TAG 20 as well , assign one of F5 physical interfaces on it 

    - Create self IP address from Vlan 20 subnet lets say "20.20.20.3" and put Vlan_Tag 20 in it during its configuration.

    after that , both of devices can reach to other , now both of them at the same subnet. 

    > you can call the Layer 3 switch IP 20.20.20.2 as the Gateway of F5 it is up to you. 

    > After That you create a Virtual server , I know that Virtual server is Confusing you as you see that " Virtual server " is the only speaker with F5 Peer device : 
    This Logically or as traffic flow is Correct , But Physically the self IP " 20.20.20.3 " in our example it the only component that maintains the reachability with its peer device. 

    > if you do not Put the Peer device and F5 in same Vlan and give them IP address , they can not take. 

    > There is no configuration in F5 to create a Gateway of Peer device but Logically you can call it " Layer 3 Switch is Gateway of F5 to go outside the network ". 

    > that was my explanation , you can specify your request and I will follow up your requests and try to get solution for you. 

    Thank you