Forum Discussion

Nimbostratus

Apr 29, 2020

How to configure One ARM setup with multiple VLAN

I have attached our network scenario as an attachment here. My concern is how to configure the F5 LTM as One ARM having multiple VLANS where the VIP and the actual nodes are in different VLAN. A defa...

application delivery

BIG-IP

Maisha

Nimbostratus

May 08, 2020

Hi ,

Thanks for your advise. I did setup the external and internal vlan as your told and also created self-ip and floating ip for each vlan. I also setup SNAT and it worked perfectly for me but it creates another issue. It could not preserve the Client's source IP address (We need to preserve it). If I take off the SNAT then it can't reach the Virtual server IP at all. I think an asymmetric routing occurred here but I could not find a solution to resolve it> Can you suggest me something?

My Client IP = 10.10.100.100

My External VLAN10= selfip 1010.10.10, floating self-ip 10.10.10.12

My Virtual server = 10.10.10.50

My Internal VLAN20= selfip 1010.20.10, floating self-ip 10.10.20.12

My Nodes are on VLAN20= 10.10.20.21 & 10.10.20.22 (but their default GW IP 10.10.20.1 is at the L3 Switch, since these nodes and not directly connected to the F5). Both f5 and Nodes are VM hosts and are connected to a L3 switch.

PeteWhite
Employee
May 08, 2020
If you don’t want to use SNAT then you have two options - make the default route for the servers the big-ip floating up address, or use SNAT and insert the x-forwarded-for header in the http profile.
- Maisha
  Nimbostratus
  May 08, 2020
  Hi
  
  Thanks for your reply. I can't use F5 as a default GW. I also have several TCP custom port based Virtual servers where I can't use HTTP profiles to insert x-forwarder and also an x-forwarder will need custom config at the Web server side which is not possible as well. I saw something about "nPath routing" will that work? I have to implement it at Layer3, I beleieve?
- PeteWhite
  Employee
  May 08, 2020
  Hi Maisha, nPath deals with asymmetric routing ie traffic comes in via the big-ip but goes back to the client via a different path. You do that with a layer 4 vs with loose init and loose close set. Pete
- Maisha
  Nimbostratus
  May 08, 2020
  I need to create a fastL4 custome profile enable loose init and loose close set. Do I need to add/select then from all of my Virtual Servers which requires a Direct routing to the client bypassing the F5?
  
  the following guide said to use iApp? https://www.f5.com/services/resources/deployment-guides/npath-routing-direct-server-return-big-ip-v114-ltm