Forum Discussion
NimbostratusF5 Bridge design
Hi,
I need to configure F5 Bridge mode, but I'm very confused.
Let's suppose we have this design :
POOL_SERVERS 10.10.10.99 -------- F5 VIP 10.10.10.100 -------- ROUTER GATEWAY 10.10.10.1-------INTERNET
Some assert : The VIP addresses of services can be in the same or a different subnet but each server farm must be in one IP subnet because the SLB rewrites the MAC address associated with the VIP to be the MAC address of the real server"
How could this be possible for the VIP to be on different Subnet ? How ARP could works knowing that the "ROUTER GATEWAY" doesn't knows the VIP SUBNET ?
Many thanks for any clarification,
Joe YABUKI
joeyabuki_34204I also can read : Transparent: Specifies that the system uses Layer 2 forwarding with the MAC address of the remote system preserved. Translucent: Specifies that the system uses Layer 2 forwarding with the locally-unique bit set. Opaque: Specifies that the system uses proxy ARP with Layer 3 forwarding.
For me, for the F5 to have a VIP (VS), we need to configure the Opaque mode, how can other modes work if there is no proxy ARP ?
How could we decide which one to choose (Transparent, Translucent, Opaque) ?
Joe YABUKI
Simon_BlakelyEmployee
Just to clarify, F5 devices can bridge different VLANs into a single broadcast domain, and the options (transparent, translucent and opaque) relate to how VLAN bridging is achieved.
You must understand what you are trying to achieve and the behaviour of these modes if you wish to implement VLAN bridging - it is probably the easiest way to disrupt traffic in odd and difficult to trace ways. There is almost always a better and more understandable solution than VLAN bridging.
This has vary little to do with Virtual Servers which are (generally) proxy services that rewrite packet IP addresses based on the SNAT/SNAT automap settings. As long as the gateway can see the virtual server on one subnet and the pool members on another, no bridging should be required.