F5 Virtual Edition AWS Internet Routing
I have a Virtual F5 fronting some internet facing services with elastic IPs that then get routed to internal AWS hosts and that all works fine. My instance has multiple interfaces, eth0 being the mangement VLAN (10.0.2.1), eth1 being "external" (a subnet that has a security group that allows external internet connectivity), and subsequent interfaces for different lab subnets. I've been approached to create an APM VIP where the node is external to my VPC however my F5 can't seem to route to the internet. I have a default route set with the destination set as 0.0.0.0 set to "Use Gateway" and I provide the gateway address of the "external" interface (10.0.5.1). If I ssh to the F5 itself and attempt to ping an external host it resolves DNS but then times out. If I force ping to use the management interface, eth0, it works no problem (I opened up the security group on the management subnet earlier attempting to troubleshoot this issue). Obviously I don't want to route traffic through my management interface, but I can't seem to understand why I can't route traffic through the default gateway on my "external" interface. I am able to ping that gateway from the F5, and I can communicate with hosts on that subnet. Here is the route table:
[root@ip-10-0-2-150:Active:Standalone] config route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
127.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tmm0
127.3.0.0 0.0.0.0 255.255.255.0 U 0 0 0 mgmt_bp
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 9 0 0 eth0
10.0.102.0 0.0.0.0 255.255.255.0 U 0 0 0 F5_EAST_VIP1
10.0.103.0 0.0.0.0 255.255.255.0 U 0 0 0 F5_EAST_VIP2
10.0.100.0 0.0.0.0 255.255.255.0 U 0 0 0 F5_WEST_VIP1
10.0.101.0 0.0.0.0 255.255.255.0 U 0 0 0 F5_WEST_VIP2
10.0.5.0 0.0.0.0 255.255.255.0 U 0 0 0 External
127.7.0.0 127.1.1.254 255.255.0.0 UG 0 0 0 tmm0
0.0.0.0 10.0.5.1 0.0.0.0 UG 0 0 0 External
0.0.0.0 10.0.2.1 0.0.0.0 UG 9 0 0 eth0
I have a single route table for the VPC that includes all subnets, and a single route domain on the F5 that includes all VLANs.