LTM in one subnet

Question

Hi everyone&nbsp;
I have operated my LTMs in a flat address space since the first Load Balancer was sold by Dell over 10 years ago.&nbsp;
I was successfull using a config that worked serial cable HA. I  went a step further and wanted to configure "Network Failover". I tried to set this up referencing the provided documentation and I continually run up against the gui complaining that the things I want to do cant be done beacuse the internal and external interfaces  are on the same subnet. I have exhausted my good will with F5 customer support. They are at best unsure whether a flat address space can be supported in "Network  Failover HA"&nbsp;
By flat address space    I mean :&nbsp;
IP subnet 5.5.5.x &lt;--external interface -  - internal interface  IP subnet 5.5.5.x&nbsp;
 &nbsp;
My question is does anybody run their F5 in one subnet (flat address space) ? (as above)  Is this posible ? If so how ?&nbsp;
 &nbsp;
Desperate. If this cannot work I must resign to hardware failover only... :&lt;&nbsp;
 &nbsp;

mersin_108215 · Answer

I run my 3600s in a similar way. But, I don't use Network Failover. 
&nbsp; For config sync, I connected each device together using a spare port, and created a unique subnet for them to talk on. 10.255.255.0/30 
&nbsp; SelfIPs 
&nbsp; 10.255.255.1 bigip3600-01 
&nbsp; 10.255.255.2 bigip3600-02 
&nbsp;  
&nbsp; I use the serial cable for heartbeat traffic and failover. 
&nbsp;  
&nbsp;  &nbsp;

davis16_81740 · Answer

Thanks for the reply, this is exactly how my previous setup was before my attempt at network failover.&nbsp;

hheredia_36237 · Answer

if you're running all you f5 deployment in the same VLAN then only need one VLAN configured (say Internal) and using a SNAT automap on the VS may help you bouncing the traffic. 
&nbsp;  
&nbsp; This changes all source address IP address with one Self-IP of the controller thus allowing to route packets through the BIG-IP back to destination without breaking the TCP session. 
&nbsp;  
&nbsp; Working in the same IP network but  configuring two VLANs on the BIG-IP, internal and external, it's an other way to deploy LTM. The thing you do here is to create a VLAN GROUP where you associate both internal and external VLANs. The thing that LTM uses in this case instead of changing source IP, is the change of the source MAC. For this deployment you have to connect servers directly on VLAN internal (for example) and users on vlan External. This way, even when servers and users are on the same subnet, LTM separates them at layer 2 level. I have tried this configuration with a LTM standalone and works great. However, once the LTM is configured this way, HA network failover would work. 
&nbsp;  
&nbsp; Look at ask F5 dor v9.x document named BIG-IP Implementation and you'll find interesting information. 
&nbsp;  
&nbsp; Good Luck! 
&nbsp;  
&nbsp; HHeredia 
&nbsp;  
&nbsp;  &nbsp;

Forum Discussion

LTM in one subnet

3 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Same LTM Monitor applied to different Pools with Common Nodes

irule execution error

F5 AWAF/ASM learning only from Trusted traffic?

OWA File Upload URIs for WAF Bypass

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Related Content

Using Client Subnet in DNS Requests

Implementing Client Subnet DNS Requests

The State Of HTTP/2 With F5 LTM

Implementing Client Subnet in DNS Requests

LTM Policy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS