Forum Discussion
NimbostratusLTM as L3 gateway
NimbostratusFor security purpose, all your VMs are already guaranteed to have 2 or more IP addresses in different VLANs. The interface of a web server (or other service) that terminates untrusted requests must be completely segregated from the interface that accepts SSH connections. In a typical design scenario that considers good network security practices, there are even more, usually 3 IP addresses, all in different VLANs, per VM. First one is for Management. Second is for front-end (listener of untrusted requests), and third is for back-end - interface that the VM itself uses to communicate to external dependencies such as database or authentication server. It's also not a bad idea to configure that back-end interface as a secondary listener which accepts trusted requests that bypass BigIP (Your app developers will be forever grateful)
Assuming a Linux Web Server as VM, you can use iproute2 software to create multiple default gateways and map them to specific interfaces. If you use BigIP, there are no valid drawbacks to have the front-end interface of a VM use BigIP as its Default Gateway.
NimbostratusWell, whether it's a production design or lab environment you're going for, you will have to use BigIP as the gateway (either default or IP rule) for the client-side interface, OR use SNAT to avoid asymmetric routing problems.
I just recommend you follow the initial setup guide and you're done. After that, it's a matter of creating a LTM Virtual Server and a Pool according to standard procedures. There are no fancy steps required that defer from defaults. If your servers require outbound connectivity to internet via BigIP (i.e. access to Linux repositories or Github), also set up a 0.0.0.0/0 Virtual Server as pointed out by Stanislas.
Gl
