F5 ingress and egress traffic using the same interface

Question

I have a setup where the members of the pool are not in an network attached to the F5 (they are reachable through routing). The interface used for reaching the members of the pool and the clients it is the same. I have created a virtual server with snat automap enabled. Is this a valid setup or I have to use different interfaces for ingress and egress?

lee_sutcliffe · Answer

This is perfectly valid, there is nothing technically wrong with having egress and ingress traffic using the same interface. 
There are arguments from a security point of view that you may want to force traffic in a typical North/South deployment but your configuration would certainly work. &nbsp;
Just be aware of bandwidth utilisation as you would be 'hair pinning' connections through an interface. F5 is a TCP proxy so for each connection coming in to the F5, you would have another going out to your pool members.
For example, if you have 1000 connections coming into the F5, (without OneConnect) you'll spawn 1000 additional connections to your pool members. &nbsp;

Forum Discussion

F5 ingress and egress traffic using the same interface

Recent Discussions

How to Renew F5 Device Certificate

UCS backup not loading Big IP DNS pool

XC Bot defense question

Big-IP not recognized by Big-IQ

Application only need to access from 2 uris

Related Content

Announcing F5 NGINX Ingress Controller v4.0.0

Use topology labels to reduce cross-AZ ingress traffic with F5 CIS and EKS

How to Use F5 Distributed Cloud to Obfuscate Ingress and Egress Traffic

Better together - F5 Container Ingress Services and NGINX Plus Ingress Controller Integration

Traffic Management User Interface Vulnerability: The Fix and Temporary Mitigation Options

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS