How to route packets from a route domain to default

Question

My understanding on route domains is that one could configure a route domain to peek into a parent for routes, hence allowing packets to move across route domains. 
&nbsp;  
&nbsp; However I've setup my device as follows: 
&nbsp;  
&nbsp; - VLAN 1 (external) 
&nbsp; - VLAN 110 (internal) 
&nbsp; - Route domain 0 (default) with VLAN external 
&nbsp; - Route domain 110 (internal) with VLAN internal, parent is route domain 0. 
&nbsp; - Self IP 10.7.1.254 / 255.255.0.0 on VLAN external 
&nbsp; - Self IP 192.168.0.254%110 on VLAN internal 
&nbsp; - SNAT automap for all addresses on VLAN internal 
&nbsp;  
&nbsp; In this configuration, I can't route packets from a host on VLAN internal out hosts on the external VLAN. 
&nbsp;  
&nbsp; If I remove the route domains, then it works fine.  That's with the following: 
&nbsp;  
&nbsp; - VLAN 1 (external) 
&nbsp; - VLAN 110 (internal) 
&nbsp; - Route domain 0 (default) with all VLANs 
&nbsp; - Self IP 10.7.1.254 / 255.255.0.0 on VLAN external 
&nbsp; - Self IP 192.168.0.254 on VLAN internal 
&nbsp; - SNAT automap for all addresses on VLAN internal 
&nbsp;  
&nbsp; Any thoughts?

jrahm · Answer

Solution 9933 (Click here) details a nat issue between route domains, but I'm not sure if this includes snats.  Might want to open a case with support to verify.

chris_15807 · Answer

I can't imagine SNATs wouldn't work and it would still pass test.  They're pretty essential if you're going to have multiple VLANs with the same IP subnets - which is one of the discussed advantages of using route domains. 
&nbsp;  
&nbsp; I guess I'll raise a support request. 
&nbsp;  
&nbsp; cheers, 
&nbsp; chris

jrahm · Answer

OK, so after some bang-head-against-wall moments this morning, I was able to get this working with some help from Mr. L4L7 himself.  On my v10HF2 system, I can get RD1 to forward traffic to RD0 with snat automap enabled, but not with a default snat.  I had to create a virtual forwarder (0.0.0.0%1) with snat automap enabled, then do a restart on tmm.

chris_15807 · Answer

I can't reproduce this work-around. 
&nbsp;  
&nbsp; Do you mean a virtual server, configured as: 
&nbsp; - destination type: host 
&nbsp; - destination address: "0.0.0.0%110" 
&nbsp; - service port: "* All Ports" 
&nbsp; - type: "forwarding (layer 2)" 
&nbsp; - protocol: "* All protocols" 
&nbsp; - enabled on vlan "internal" 
&nbsp; - SNAT Pool: "automap" 
&nbsp;  
&nbsp; ? 
&nbsp;  
&nbsp; I restarted tmm by "bigpipe restart tmm" (also did a box reboot).  No joy. &nbsp;

jrahm · Answer

yes, but as network (0.0.0.0/0.0.0.0), not host.

Forum Discussion

How to route packets from a route domain to default

6 Replies

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

F5 Big-IQ read-only API username creation.

email alert when service restarts

all possible Domain names that F5 may need to communicate to

irule that presents certificate doesn´ t run in TLSv1.3

APM local DB "passwd_expire" usage

Related Content

FQDN nodes in non-default route domains

Decrypting BIG-IP Packet Captures without iRules

Decrypting BIG-IP Packet Captures Automatically

Multiple Default Gateways

UDP TCP Packet Duplication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS