For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

graemes's avatar
graemes
Icon for Nimbostratus rankNimbostratus
May 20, 2019

lab LTM - networks not hitting default gateway

Hi,   I have installed a VM version of the F5 LTM. I have connected 3 interfaces on 3 networks form mgt, internal and external networks. The internal network is connected to an existing server vl...
application delivery
LTM
network
Sam_Novak's avatar
Sam_Novak
Icon for Altostratus rankAltostratus
May 20, 2019

If I'm understanding correctly, your pool members aren't hitting their intended nodes. Ever since I ran into issues doing OCSP stapling I've become pretty aware of how the routing I have setup affects availability. One thing I've observed is that traffic on the Self-IPs do not use the default gateway of the mgmt interface, so I needed to add a route to a subnet, using the gateway of the network my internal interface is in.

 

Example:

Internal interface: 172.16.0.4/24 - gateway of 172.16.0.1

Target node IP: 172.16.1.4

 

Under network -> Routes, add a route

Destination: 172.16.1.0

Netmask: 255.255.255.0

Resource type: Gateway

Resource: 172.16.0.1

 

That's what I do; for things like OCSP, I lookup the IP of the OCSP responder with nslookup, and add /32 routes out to them. I might be being overly cautious by creating single IP routes to internet resources, that I need to 'host' locally, but I haven't found any major issues with it, and we aren't using it in a way where I want to integrate it with OSPF or BGP. I also want to avoid check and egg issues be I create a route to the network I have the mgmt interface on, but again, I might just be being overly cautious.