Forum Discussion

Nitesh's avatar
Nitesh
Icon for Cirrus rankCirrus
Aug 20, 2021

Is InterVLAN Routing possible in F5

  From below topology i want to ping from TEST_PC to firewall interface IP(172.16.3.254). From same TEST_PC i can ping WEB_SERVER. I am not sure why ping to firewall is not working. I have ping poli...
application delivery
BIG-IP
BIGIPF5LTM
LTM
  • Mike757's avatar
    Mike757
    Aug 21, 2021

    Instead of "destination 172.16.3.254:any" use "0.0.0.0/0:any". This creates a full router without filter on source or destination IPs. The kernel's routing table is used to forward traffic.

Mike757's avatar
Mike757
Icon for MVP rankMVP

Instead of "destination 172.16.3.254:any" use "0.0.0.0/0:any". This creates a full router without filter on source or destination IPs. The kernel's routing table is used to forward traffic.

CA_Valli's avatar
CA_Valli
Icon for MVP rankMVP
Aug 24, 2021

This should work. F5 is a default-deny device meaning all traffic that does not match a Listener (Virtual Server in this case) or an active connection in table will be dropped.

 

To route packets, as Mike said, you will need to configure a VS with target network as your destination address. This can be anything, from a single IP 172.16.1.1:any to a network 172.16.0.0/16:any to 0.0.0.0/0:any that will match all traffic. If you want to filter which clients can talk with said network, you can modify "source" and "VLAN" options so that only clients whose traffic comes from a specific netowrk or on a specific VLAN will match the Routing VS.

 

AutoMap will NAT your Client IP with F5 self-ip address on the VLAN where traffic is routed. For non-connected networks you should specify routes in Network>Routes section. You can confirm which interface is used for egress with bash command "ip route get x.x.x.x"