Forum Discussion

Nimbostratus

Jul 25, 2018

F5 ingress and egress traffic using the same interface

I have a setup where the members of the pool are not in an network attached to the F5 (they are reachable through routing). The interface used for reaching the members of the pool and the clients it ...

Nacreous

Jul 25, 2018

This is perfectly valid, there is nothing technically wrong with having egress and ingress traffic using the same interface. There are arguments from a security point of view that you may want to force traffic in a typical North/South deployment but your configuration would certainly work.

Just be aware of bandwidth utilisation as you would be 'hair pinning' connections through an interface. F5 is a TCP proxy so for each connection coming in to the F5, you would have another going out to your pool members. For example, if you have 1000 connections coming into the F5, (without OneConnect) you'll spawn 1000 additional connections to your pool members.

Forum Discussion

F5 ingress and egress traffic using the same interface

Recent Discussions

VPN fragmented IP packets dropped

iRule interpretation assistance

F5 Access Guard Deprecated: ZTA APM

Inquiry on F5's Maintenance Mode Feature for Pool Members

ASM Bot Defense JS and CSP

Related Content

How to Use F5 Distributed Cloud to Obfuscate Ingress and Egress Traffic

ExternalName Service and Authentication Subrequests with NGINX Ingress Controller

Traffic Management User Interface Vulnerability: The Fix and Temporary Mitigation Options

NGINX ingress proxy for Consul Service Mesh

Scale Multi-Cluster OpenShift Deployments with F5 Container Ingress Services