Forum Discussion

Altocumulus

Feb 20, 2017

LTM source based routing, different default gateway for each Vlan

Hi all, I would like to get my routing assumptions confirmed by somebody who already has the experience with source based routing on LTM. Or in case the assumption is not correct, I would be happy ...

MVP

Feb 20, 2017

The F5 will not need any additional routing. The BIG-IP is a full proxy. This results in two TCP connections: clientside and serverside. So for your example these will be:

client:123.1.1.1 -> F5 VIP 10.0.1.15 (clientside)
F5 SNAT 10.0.1.25 -> SRV 10.0.1.60 (serverside)

There will be no drops on the firewall due to spoofing, because the firewall will only see the legitimate clientside connection. The serverside connection will not pass the firewall because it's a connection within the same vlan.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

LTM source based routing, different default gateway for each Vlan

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

Setting default route using VLANs

Copper SFP Differences

Different ways Financial Services Institutions can deploy NGINX in Azure

relocation cpu core on vcmp host the guest configuration back to default configuration

How to find route domain OID

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS