For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Nathan_67739's avatar
Nathan_67739
Icon for Nimbostratus rankNimbostratus
Jan 15, 2010

Forcing "routed" traffic back to gateway

We currently have a LTM 3600 (running 10.0.1), set up in a router-on-a-stick model (vlan based network with backend servers and VIPs logically, but not physically, behind the LTM).     We a...
config
design
Nathan_67739's avatar
Nathan_67739
Icon for Nimbostratus rankNimbostratus
Jan 18, 2010
But see - that's the problem - the traffic has to pass through the LTM or load balancing/ssl-offloading won't work right. Note - SNAT is _NOT_ in use here... Yes, if it were SNAT'd, it'd be trivial, cause at that point, I wouldn't bother putting ANY of the subnets logically behind the LTM other than the VIP subnet.

 

 

Another way of looking at this (alternative scenario) - pretend I'm an ISP that has two completely distinct customers. I give each one of them their own subnet, and each of them are fed from a different routed uplink on the LTM. I don't want the LTM to route directly between the two customer networks, since the firewall might not even be under my control.