Forum Discussion

konstantinos_do's avatar
konstantinos_do
Icon for Nimbostratus rankNimbostratus
Jul 25, 2018

F5 ingress and egress traffic using the same interface

I have a setup where the members of the pool are not in an network attached to the F5 (they are reachable through routing). The interface used for reaching the members of the pool and the clients it ...
application delivery
BIG-IP
LTM
Lee_Sutcliffe's avatar
Lee_Sutcliffe
Icon for Nacreous rankNacreous
Jul 25, 2018

This is perfectly valid, there is nothing technically wrong with having egress and ingress traffic using the same interface. There are arguments from a security point of view that you may want to force traffic in a typical North/South deployment but your configuration would certainly work.

 

Just be aware of bandwidth utilisation as you would be 'hair pinning' connections through an interface. F5 is a TCP proxy so for each connection coming in to the F5, you would have another going out to your pool members. For example, if you have 1000 connections coming into the F5, (without OneConnect) you'll spawn 1000 additional connections to your pool members.