Forum Discussion
NimbostratusiRule to insert route and use gateway
Hi
We have a one arm F5 LTM topology where the virtual server sits in the same VLAN (subnet) as the pool members. The gateway of the VLAN is a Palo Alto firewall which connects to an upstream router. As the pool members have their gateway set to the Palo Alto they can talk out successfully.
We now have a new requirement to set up a virtual server with an ephemeral pool member which sits out in the Amazon Web Services cloud. So the pool member is actually an AWS ELB.
The health monitors are working fine so the F5 itself can route to the ELB in AWS and the client traffic makes it to the F5 as well. However client traffic never makes it to the ELB because the F5 does'nt have a route to AWS.
Our challenge is routing the return client traffic (outbound from VIP to pool member --> ELB in AWS) out of the F5. The only default route the F5 has is using the management interface.
Question is whether there is an iRule statement which can "insert this route" and "use this gateway". Alternatively if pool member = AWS insert this route / gateway.
thanks
2 Replies
arpydaysHow do the F5 Self-ips route out to AWS for health checks? seems like there are no TMM routes for AWS so not sure how the healthcheck routing is happening...
tatmotivCirrostratus
I don't see why you would need an irule for that. Why don't you simply add a static route, destined for your aws server and pointing to your firewall? Also, don't forget to configure some kind of SNAT in order to make return traffic from your aws server arrive on the BIGIP.
Ps: I don't understand how the health checks towards the aws server is working without routing entries. Do you have an explanation for that?
