Dear All, I am trying to configure BIG-IP LTM device to work in transparent mode in order to replace Cisco ACE device. I have already done several configurations but the results are not so good as it should be. As used the following guide : http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_implementation/sol_vlans.html1062318 As a result I am not able to ping the external and internal network it looks as the LTM Block the entire flow. Any help will be appreciated ! Thanks in advance !

Martin, Sounds like you need a forwarding virtual server setup. Unless you specifically have a virtual server set up then the f5 will block by default. To have a catch all vs, perhaps for inline mode, than a forwading virtual server is what you will need, alongside any application specific VSs you may have. Hope this helps, N

Hi Nathan, Thank you for your comment. I read somewhere about that forwarding virtual server but I noticed that if I use that VS I am not able to do Load Balancing functions (Not possible to configure Pool) I will just allow the L2 traffic to flow via my LTM. From my point of view it will be the best if I can use transparent mode and did a load balance functions + monitoring and so on. As addition I would like to apologize about my stupid questions but I am still new in that.

Yes you're right. A forwarding vs (either L2 or IP) simply takes a packet and forwards it on, as specified in the destination ip address or mac address. It simply makes the f5 act as a router. no load balancing is required. if you need to create pools of backend servers then you're most likely to create a standard virtual server with associated pool. Perhaps I'm not clear on what you mean by transparent mode. Rgds N

I doesn't like to use Layer 3 routing. In our current situation we had servers + LB + Gateway. We use a LB in a bridge mode Layer 2 switching only (Transparent as I said) we doesn't like to change that. It that possible in F5 ? A few days ago I do that with Routing Domains feature but it looks too complicated so I am still looking for some other options. Thank you !

i think we do not need virtual server for bridging traffic in vlan group. what platform and software version are you using? is it standalone unit or ha pair?

F5 LTM Transparent mode configuration

MartinVKonov_15
Nimbostratus
May 31, 2014
Hi Nitass,

Thank you very much for your answer I found it really useful but I am still working on my issue. My configuration is the same as yours but the problem is still there I will looking for some network issue because that is the only point for now. As addition are you using a Virtual F5 or Hardware one ?

I tried with the virtual one deployed over ESXi host and I noticed that the packet which are leaving the ESXi host are untagged. It looks like the ESXi remove the tag or F5 doesn't add them. Really strange beside the fact that in the tcpdump all looks fine.

Again thank you very much for your help.
nitass
Employee
Jun 01, 2014
As addition are you using a Virtual F5 or Hardware one ?

it is hardware.
MartinVKonov_15
Nimbostratus
Jun 02, 2014
Hi,

As a conclusion just to informed: I tried to put the F5 Virtual Appliance to work in a clear bridge mode (Layer 2) the problem looks as it is somewhere in the F5 Virtual Machine. I did a lot of Capture sessions and from network point of vie all is fine but F5 just block the entire flow. (doesn't like to switch traffic between both vlans)

I may hit something like that : http://support.f5.com/kb/en-us/solutions/public/12000/700/sol12703.html

but not fully sure !
nitass
Employee
Jun 02, 2014
I tried to put the F5 Virtual Appliance to work in a clear bridge mode (Layer 2) the problem looks as it is somewhere in the F5 Virtual Machine.

is arp record created correctly?

by the way, if you have evidence showing f5 is an issue, you may open a support case to verify if it is a bug and get it fixed. :-)
MartinVKonov_15
Nimbostratus
Jun 02, 2014
Hi Nitass,

The ARP record is incomplete it looks like the cables are cut ... :) According to the support case I would like to mentioned that I am still in our lab environment in order to be sure that all is working fine. I may thought for support option in the future.

Thanks again !

nitass

Employee

Jun 02, 2014

by the way, you have seen this, haven't you?

Use of VLAN groups (CR 137596)

Use of VLAN groups with BIG-IP VE requires proper configuration of the VMware vSwitch. To use the VLAN group feature, you must configure security policies on the vSwitch. The properties of the security policy that you need to configure are Promiscuous Mode and Forged Transmits. For any transparency mode, you must configure these properties to accept (rather than reject) the security policy exceptions on the vSwitch. For information about how to configure these options, see the VMware vCloud™ Director Configuration Guide.

Manual Chapter: Troubleshooting BIG-IP Virtual Edition

https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ve-setup-vmware-vcloud-11-2-0/5.html?sr=26007990

MartinVKonov_15
Nimbostratus
Jun 02, 2014
Heyyy Nitass,

It is working now! :) I am not sure how did you find that document but you are great. I read so many notes and comment regarding VLAN Group but I don't know how I am missing that.

Thank you very much for your help ! All the best man !
- b_136889
  Nimbostratus
  Mar 09, 2015
  Hey Martin, I am trying to use use the BigIp in l2 bridge mode, can you please tell me if you had used any other docs other than one specified by you in the question ? """ As used the following guide : http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_implementation/sol_vlans.html1062318 """
MartinVKonov_15
Nimbostratus
Mar 15, 2015
Hi,

I have used the book which is mentioned above. The one which you have is also good so all explanation there is correct. My personal advice is to us Layer 3 mode. It might cost much more effort and redesign but it will be a better choose in any case.

Regards Martin

Forum Discussion

F5 LTM Transparent mode configuration

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

Bot Profile - Transparent Mode ?

Integrating SSL Orchestrator with Symantec ProxySG: Transparent Proxy

ASM Transparent mode blocking CORS requests

Integrating SSL Orchestrator with CheckPoint Firewall VM-Transparent Proxy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS