lab LTM - networks not hitting default gateway

Question

Hi,&nbsp;I have installed a VM version of the F5 LTM. I have connected 3 interfaces on 3 networks form mgt, internal and external networks. The internal network is connected to an existing server vlan and the external is connected to an existing data vlan.&nbsp; I have created a virtual machine and pool members but my main issue is that from the F5 I can ping all assigned self IPs but only the default gateway of the mgt vlan. &nbsp;What I am trying to achieve is I have 2 servers and an F5 actually all on the same lab network. All I need to do is to route traffic into the f5 pointing towards the virtual machine IP and then route to either server based on a health monitor but I think I'm missing something basic. Oh I also have a default gateway pointing to the mgt address.&nbsp; Any info would be greatly receivedthanks&nbsp;Graeme

sam_novak · Answer

If I'm understanding correctly, your pool members aren't hitting their intended nodes. Ever since I ran into issues doing OCSP stapling I've become pretty aware of how the routing I have setup affects availability. One thing I've observed is that traffic on the Self-IPs do not use the default gateway of the mgmt interface, so I needed to add a route to a subnet, using the gateway of the network my internal interface is in.

Example:

Internal interface: 172.16.0.4/24 - gateway of 172.16.0.1

Target node IP: 172.16.1.4

Under network -> Routes, add a route

Destination: 172.16.1.0

Netmask: 255.255.255.0

Resource type: Gateway

Resource: 172.16.0.1

That's what I do; for things like OCSP, I lookup the IP of the OCSP responder with nslookup, and add /32 routes out to them. I might be being overly cautious by creating single IP routes to internet resources, that I need to 'host' locally, but I haven't found any major issues with it, and we aren't using it in a way where I want to integrate it with OSPF or BGP. I also want to avoid check and egg issues be I create a route to the network I have the mgmt interface on, but again, I might just be being overly cautious.

graemes · Answer

Hi Sam, I think I'm following your logic. Maybe I can explain this better. So from the top I have 2 servers that are the targets. Addresses are 10.100.192.71 and 72.

My goal is to route from an endpoint through the f5 to an IP that forwards to either of 10.100.192.71 or 72 depending on the health monitor GURL.

So I have created the pool members and added them to a virtual server with address 10.100.192.76. I think this far is ok.

I have added an external network on 10.100.5.176- this is my endpoints network. that I want to be able to get to 10.100.192.71 and 72. I have created a vlan and self ip for this.

I have also created an internal network on 10. 100.26.11- not sure if I really need this as the main concept it to get the external network devices to talk to 10.100.192.76. One question here is do I need to add the /24 network or adding a host acceptable

After I have set all that up I'm not able to get to the 2 servers in question from a device on the external network (its actually within the network just on a different vlan on esxi)

When troubleshooting I'm not able to hit the .1 addresses of the external network from the F5 as there is no known route. I'm new to the setup of the F5 and I think I may be over complicating it.

I'm not referencing DNS so I don't know is OCSP would come into this?

kind regards,

Graeme

Forum Discussion

lab LTM - networks not hitting default gateway

2 Replies

Recent Discussions

Telemetry streaming to Elasticsearch

Provisioning r2600 equipment

Could not connect to SMTP host.

Block CBC

active/active Support Declarative Onboarding

Related Content

What is Multi-Cloud Networking?

Demo Guide & Video Series for F5 Distributed Cloud Network Connect (Multi-Cloud Networking)

Delete Management Default Route?

Multi-Cluster, Multi-Cloud Networking for K8S with F5 Distributed Cloud – Architecture Pattern

Overlapped Networks Question