Forum Discussion
NimbostratusIs static self-IP necessary for WAN connection in a cluster setup ?
Hi all,
I have a new single link ISP connection into my F5 (active, passive) as shown in below diagram.
The connection between the ISP router and my F5 unit is a /30 network (.211 use by ISP router and .222 to be use by F5).
q1) In this case, can I just create a floating self-ip (.222) so that in the event that node1 go down, the self-ip can still failover / float to node2 ?
q2) what would be the need of a static self-ip for such setup above ?
Hope some gurus here can point me in the right direction.
Thank you.
Hannes_Rapp_162Nacreous
Why not use one internal subnet for point to point connection from your ISP router to your BigIPs? I.e. Network 192.168.0.0/24 can operate in place of 118.201.75.220/30 and you will not miss out on anything, unless you have a valid reason to maintain full BGP routing table in that BigIP cluster. Basically your ISP is wasting 3 usable public IP addresses to allocate you one useful address. You could potentially cut your ISP costs if you asked for a single routed IP solution instead of current proposal.
If you want to go with what is on the network diagram - you do need a local-only SelfIP on each unit. It's a pre-requisite to configure Floating SelfIP. BUT there's no significance for device operation if you populate these local-only SelfIPs with IP addresses that your ISP will not route in the Internet for you. So you can populate your BigIP 01 local-only SelfIP with 118.201.75.217/29 and BigIP 02 local-only SelfIP with 118.201.75.218/29. Confirm this wish with your ISP.
sjksjkak88_3405Hi Hannes,
Thanks for your reply.
The segment right now between the ISP and F5 is a /30 network namely 118.201.75.221 and 118.201.75.222
I understand I will need to create a static self-ip before creating a floating one.
Can I somehow "trick" F5 by creating a static self-ip .e.g 118.201.75.220/29 but in actual fact this IP/29 was not assigned by the ISP to us. (we are only allocated a /30)
Since the ISP is routing to us using the .222/30 IP as its next hop, and i have configured .222 as a floating IP, communication from and to device will use .222/30 IP which is valid.
Will there be any implication then since the "fake" static self-ip (118.201.75.220/29 in this case) is never actually in use ?
Regards,
Noob
- Hannes_Rapp_162
Since you didn't confirm the need for full BGP table, my first recommendation is still to scrap that /30 network and build something that is nice to look at.
I'm not entirely sure on the implications of using network address .220/30 or broadcast address .223/30 as host addresses without seeing full interface configuration in that ISP router (or router cluster?). In some cases it is possible to violate network sub-netting standards and get away with it. Nowadays even /31 point to point links are used in production with a bit of trickery. However, there are a strict set of criteria for this to work. Inform your ISP about your addressing plans, and then test this. 10 Minute maintenance or downtime window should suffice here.
Hannes_RappWhy not use one internal subnet for point to point connection from your ISP router to your BigIPs? I.e. Network 192.168.0.0/24 can operate in place of 118.201.75.220/30 and you will not miss out on anything, unless you have a valid reason to maintain full BGP routing table in that BigIP cluster. Basically your ISP is wasting 3 usable public IP addresses to allocate you one useful address. You could potentially cut your ISP costs if you asked for a single routed IP solution instead of current proposal.
If you want to go with what is on the network diagram - you do need a local-only SelfIP on each unit. It's a pre-requisite to configure Floating SelfIP. BUT there's no significance for device operation if you populate these local-only SelfIPs with IP addresses that your ISP will not route in the Internet for you. So you can populate your BigIP 01 local-only SelfIP with 118.201.75.217/29 and BigIP 02 local-only SelfIP with 118.201.75.218/29. Confirm this wish with your ISP.
- sjksjkak88_3405
Hi Hannes,
Thanks for your reply.
The segment right now between the ISP and F5 is a /30 network namely 118.201.75.221 and 118.201.75.222
I understand I will need to create a static self-ip before creating a floating one.
Can I somehow "trick" F5 by creating a static self-ip .e.g 118.201.75.220/29 but in actual fact this IP/29 was not assigned by the ISP to us. (we are only allocated a /30)
Since the ISP is routing to us using the .222/30 IP as its next hop, and i have configured .222 as a floating IP, communication from and to device will use .222/30 IP which is valid.
Will there be any implication then since the "fake" static self-ip (118.201.75.220/29 in this case) is never actually in use ?
Regards,
Noob
- Hannes_Rapp
Since you didn't confirm the need for full BGP table, my first recommendation is still to scrap that /30 network and build something that is nice to look at.
I'm not entirely sure on the implications of using network address .220/30 or broadcast address .223/30 as host addresses without seeing full interface configuration in that ISP router (or router cluster?). In some cases it is possible to violate network sub-netting standards and get away with it. Nowadays even /31 point to point links are used in production with a bit of trickery. However, there are a strict set of criteria for this to work. Inform your ISP about your addressing plans, and then test this. 10 Minute maintenance or downtime window should suffice here.