For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Dec 16, 2014

Layer2 Virtual Server and IP

Hi,

 

I am a newbie in networking so sorry for dumb question. I am not sure how exactly layer2 VS is working and why in configuration IP has to be set. As far as I can understand this type of VS is working as l2 bridge. For l2 bridge IP is not important, it knows only on which port given MAC address was learned and forwards frames with given destination MAC address to this port. My wild guess is that BIG-IP uses IP address to speed up forwarding. When ARP for IP configured for l2 VS is received it sends ARP reply with it's own MAC address. Then sending host directs frames to BIG-IP MAC address and BIG-IP just forwards this frames via a port when destination server is discovered. Is that right? I can't figure out what is then difference between l2 and l3 forwarding VS. In both cases IP address is identical with destination server IP, in both cases there in no pool and load balancing performed.

 

Piotr

 

application delivery
BIG-IP Access Policy Manager (APM)
design
LTM
security

8 Replies

    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      Dec 17, 2014
      Hi, Thanks for pointing me out but I already know this articles. I know about no pools for l2 or l4 forwarding. I am just wondering why Destination Host or Network IP addresses are still required for L2 forwarding VS. Piotr
    • Jay_41673's avatar
      Jay_41673
      Icon for Nimbostratus rankNimbostratus
      Feb 12, 2017

      Because the LB still proxies the connection and you are able to manipulate the outgoing packet at L4 (SNAT, Protocol Profiles etc.).

       

  • swo0sh_gt_13163's avatar
    swo0sh_gt_13163
    Icon for Altostratus rankAltostratus
    May 15, 2015

    Hey Piotr_L,

    do you think the following answers your question? Or gives a clue at lease? Lori explained the L2 VS use case as following.

    Layer 2 Forwarding Virtual Service (Bridge)    For situations where a proxy should be used to bridge two different Ethernet collision domains, a layer 2 forwarding virtual service an be used.  It can be provisioned to be an opaque, semi-opaque, or transparent bridge. Bridging two Ethernet domains is like an old timey water brigade. One guy fills a bucket of water (the client) and hands it to the next guy (the proxy) who hands it to the destination (the server/service) where it's thrown on the fire. The guy in the middle (the proxy) just bridges the gap (you're thinking what I'm thinking - that's where the term came from, right?) between the two Ethernet domains (networks).

    Article: https://devcentral.f5.com/articles/back-to-basics-the-many-modes-of-proxies

    I hope this helps.

    Cheers! Darshan

    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      May 18, 2015
      Hi Darshan, Nice article, did not know this one before. Still it's rather explaining how L2 forwarding works in generic terms (and this part I think I understand). It's not explaining why IP is necessary for VS. I was rather looking for some kind of docs describing in more details packet handling when L2 Forwarding VS is used. Piotr
    • swo0sh_gt_13163's avatar
      swo0sh_gt_13163
      Icon for Altostratus rankAltostratus
      May 18, 2015
      Umm... I got the point. Since the VS would act as typical L2 bridge, there shouldn't be any IP applied. I will wait for someone to clarify the thread.