Forum Discussion
logan92
Altocumulus
AltocumulusHow to redirect outbound traffic to 2 ISP links
Hi, We have (LTM,GTM) , Can we implement LTM & GTM behind the firewall? and if yes ,how the LTM can monitor the 2 ISP links on the firewall? is it by using transparent monitoring?
This may work:
# Create transparent gateway ICMP health check monitor to monitor external IP (in this case Google DNS server)
create ltm monitor gateway-icmp MON-GATEWAY-ICMP-ISP destination 8.8.8.8:0 transparent enabled
# Create pool containing both ISP router IPs
create ltm pool POOL-OUTBOUND load-balancing-mode round-robin members add { <ISP1 ROUTER IP>:0 <ISP2 ROUTER IP>:0 } monitor MON-GATEWAY-ICMP-ISP
# Create FastL4 virtual server
create ltm virtual VS-OUTBOUND destination 0.0.0.0:0 mask 0.0.0.0 pool POOL-OUTBOUND profiles add { fastL4 } source-address-translation { type automap } translate-address disabled translate-port disabled
Paulius
MVP
MVPThis does seem like it should function the way you would like with the exception of the health monitor. Keep in mind that with that monitor you're only monitoring the interface on the firewall rather than the connection from the firewall to the ISP so if routing is not functioning between the firewall and the ISP or the ISP has any routing issues that will not be detected.
Since it's a transparent monitor, wouldn't the health monitor be checking the reachability from the F5's self IP via each ISP router to Google's public DNS server (8.8.8.8) and hence, this would verify that traffic using each ISP was working?
- Paulius
I believe you're right but it's always possible that you can still have an issue on that ISP and that singular destination is accessible but other destinations are not. Thank you for the correction, I missed that piece in the health monitor pointing to the other destination.