For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

InfoSec_38553's avatar
InfoSec_38553
Icon for Nimbostratus rankNimbostratus
Mar 05, 2011

Is possible to get muti floating IP?

Hello,

 

 

It hard for me to explain my issue this why I explain it twice. I hope it will be clear and asked for any more clarify.

 

 

I'm working to let our F5 able to connect with different destinations.

 

 

According to our need I should let F5 connect with different floating IP, but same zone of the first floating IP.

 

 

For example:

 

I have myvlan and the following self IP:

 

10.0.10.11

 

10.0.10.12 as floating

 

 

I need another floating to work with myvlan2 such as:

 

10.0.10.13 as floating

 

 

When I tried to do that the following error appears:

 

 

01070354:3: Self IP 10.0.10.13 / ***.***.***.***: This network is defined on two vlans (myvlan and myvlan2)

 

 

 

Is it possible to set multi floating each one in different interface for same netwrok?

 

 

Do you have another way to do this? I didn't want to create different network IP if possible.

 

 

 

--------------------------------------------------------------------------------------------------------

 

 

For more explanation:

 

 

F5 go out to end servers by public IP.

 

 

We have two public IP for different service, when F5 goes out it should have one of these IPs.

 

example public IP:

 

 

- 212.212.212.222

 

- 212.212.212.333

 

 

To assign F5 floating IP to public IP (using NAT) it couldn't assign it with two IPs

 

 

We can't assign 10.0.10.12 to get 212.212.212.222

 

and same time 10.0.10.12 to get 212.212.212.333

 

 

 

my solution was to set 10.0.10.12 to get 212.212.212.222

 

and assign 10.0.10.13 to get 212.212.212.333

 

 

After that the following message appears:

 

 

01070354:3: Self IP 10.0.10.13 / ***.***.***.***: This network is defined on two vlans (myvlan and myvlan2)

 

 

 

 

Maybe the solution to get another IP with different network, but I don't prefers this one.

 

 

 

Note:

 

 

10.0.10.12 member of myvlan

 

10.0.10.13 member of myvlan2

 

 

and I used myvlan2 with different interface than myvlan.

 

 

 

 

Please guide me.

 

 

config
design

7 Replies

  • L4L7_53191's avatar
    L4L7_53191
    Icon for Nimbostratus rankNimbostratus
    Mar 05, 2011
    Have a look at route domains (assuming you're on 10.x): http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos_management_guide_10_1/tmos_route_domains.html?sr=13101146

     

     

    -Matt
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Mar 05, 2011
    Can you elaborate on "two public IP for different service?" If you're not in the mood for route domains, an iRule might be an option. Or, if you're trying to use different public addresses for different outbound ports, then you could simply create separate Virtual Servers with separate SNAT Pools. Just need to understand more about what you're going for.
  • InfoSec_38553's avatar
    InfoSec_38553
    Icon for Nimbostratus rankNimbostratus
    Mar 06, 2011
    Posted By L4L7 on 03/05/2011 10:47 AM

     

    Have a look at route domains (assuming you're on 10.x): http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos_management_guide_10_1/tmos_route_domains.html?sr=13101146

     

     

    -Matt

     

     

     

    Hi,

     

     

    I tried with route it use three options:

     

    - Getway

     

    - Pool

     

    - Vlan

     

     

     

    I can't use any of them.

     

     

    If I tried assign 10.0.10.13 (new floating IP) to mylan2 which use different interface.

     

     

    If route had more feature for Interface would be very helpful for my.

     

     

    Thank you.

     

  • InfoSec_38553's avatar
    InfoSec_38553
    Icon for Nimbostratus rankNimbostratus
    Mar 06, 2011
    Posted By Chris Miller on 03/05/2011 10:54 AM

     

    Can you elaborate on "two public IP for different service?" If you're not in the mood for route domains, an iRule might be an option. Or, if you're trying to use different public addresses for different outbound ports, then you could simply create separate Virtual Servers with separate SNAT Pools. Just need to understand more about what you're going for.

     

     

    My problem maybe will be solved if I used different IP from different network and assign it to different vlan.

     

     

    to be clear I mean by Nat firewall Nat.

     

     

    The firewall will Nat F5 self floating IP to public IP to connect with out side or public service.

     

     

    As you know I can't assign same IP when I use Nat (in firewall).

     

     

    I will explain again.

     

     

    I have two service from two VIP each one should be translate to different IP address to be possible to use Nat from the firewall.

     

     

    My VIPs:

     

     

    10.0.10.11 port 80

     

     

    Another VIP:

     

     

    10.0.10.11 port 222

     

     

     

    I want the first VIP got out with IP:

     

    10.0.10.12 (floating IP)

     

     

    And the second VIP go out with IP:

     

    10.0.10.13 (floating IP)

     

     

     

    Note:

     

    I have two device as (Active and Standby) this why I need use floating.

     

     

     

    Is it OK to create two floating IP or not possible?

     

     

     

     

    Thank you all

     

     

  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Mar 06, 2011
    I don't understand why you should have to use a floater here. Why not create a SNAT Pool with 10.10.10.12 as the only member and configure your 10.10.10.11:80 Virtual Server to use that SNAT Pool. Then, create a SNAT Pool with 10.10.10.13 as the only member and have your 10.10.10.11:222 Virtual Server use that SNAT Pool?

     

     

  • InfoSec_38553's avatar
    InfoSec_38553
    Icon for Nimbostratus rankNimbostratus
    Mar 07, 2011
    Posted By Chris Miller on 03/06/2011 06:26 AM

     

    I don't understand why you should have to use a floater here. Why not create a SNAT Pool with 10.10.10.12 as the only member and configure your 10.10.10.11:80 Virtual Server to use that SNAT Pool. Then, create a SNAT Pool with 10.10.10.13 as the only member and have your 10.10.10.11:222 Virtual Server use that SNAT Pool?

     

     

     

    Hi Chris,

     

     

    This what I really did it for now.

     

     

    It is working fine like what I want.

     

     

     

    Thank you all.

     

  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Mar 07, 2011
    Posted By InfoSec on 03/07/2011 03:12 AM

     

    Posted By Chris Miller on 03/06/2011 06:26 AM

     

    I don't understand why you should have to use a floater here. Why not create a SNAT Pool with 10.10.10.12 as the only member and configure your 10.10.10.11:80 Virtual Server to use that SNAT Pool. Then, create a SNAT Pool with 10.10.10.13 as the only member and have your 10.10.10.11:222 Virtual Server use that SNAT Pool?

     

     

     

    Hi Chris,

     

     

    This what I really did it for now.

     

     

    It is working fine like what I want.

     

     

     

    Thank you all.

     

     

    Very happy to see it's working. This is a great example where an iRule definitely would have worked but may not have been the best option. As I've often heard from F5 folks - "If there's a check-box or a dropdown option, use it before an iRule as that's likely the most efficient option."