Forum Discussion
multiple default route base on physical interfaces
Hi,
Is it possible to configure multiple default routes base on incoming traffic interface. For example we are using four interfaces of F5. Ext1, Ext2, Int1 & Int2.
Each interface having different subnet.
For Staging Server
Ext1 - 10.10.1.0/24 - Vlan ID 10 - Interface 1.1 -- Virtual server is using this subnet IP address for staging servers VIP Int1 - 20.20.1.0/24 - Vlan ID 20 - Interface 1.2 --- Staging servers are using this subnet & their gateway is F5 interface 1.2 self IP address.
For Production Server
Ext2 - 30.30.2.0/24 - Vlan ID 30 - Interface 1.3 -- Virtual server is using this subnet IP address for Production servers VIP Int2 - 40.40.2.0/24 - Vlan ID 40 - Interface 1.4 ---Production servers are using this subnet & their gateway is F5 interface 1.4 self IP address.
We want if traffic is coming from Ext1 interface to access staging servers should use same interface for return traffic (Traffic is coming from interface so we can not configure static routes) or if it's coming from Ext2 use Ext2 for return traffic.
Please advise how we can achieve above.
19 Replies
- Cory_50405
Noctilucent
Enabling auto last hop on your virtual server should accomplish exactly what you want.
http://support.f5.com/kb/en-us/solutions/public/13000/800/sol13876.html
- Tabish_Mirza_12
Nimbostratus
what about route-domain ? is it do the same thing which i am looking or different ? - Cory_50405
Noctilucent
You can also accomplish this using route domains. My first suggestion was auto last hop because it's easy to enable and it meets your requirement of routing traffic back out the same interface it came to BIG-IP on. - Tabish_Mirza_12
Nimbostratus
What about the default route which I have on f5 pointing to upstream device Firewall 1 (10.10.10.254) ? Do I have keep that or shall I remove & configure auto last hop on all virtual servers.
- Tabish_Mirza_12
Nimbostratus
- nitass
Employee
for incoming traffic, you do not need route (e.g. default route) to send return traffic because bigip uses auto lasthop to send return traffic to incoming mac address.
sol13876: Overview of the Auto Last Hop setting (11.x)
for outgoing traffic (e.g. pool server initiates traffic to internet), generally, route is required. anyway, you can use performance l4 virtual server with gateway pool instead of forwarding ip virtual server with route.
LTM: Per-VLAN Default Gateways by Deb Allen
- Tabish_Mirza_12
Nimbostratus
suppose if I want to completely segregate production & staging environment (separate physical interfaces, vlan, Ip addresses, GUI access, SSH access, Virtual Servers etc). In this case do I need to use route domain ? if yes. Is it possible to use existing default route domain for production & create new for staging environment.
- nitass_89166
Noctilucent
for incoming traffic, you do not need route (e.g. default route) to send return traffic because bigip uses auto lasthop to send return traffic to incoming mac address.
sol13876: Overview of the Auto Last Hop setting (11.x)
for outgoing traffic (e.g. pool server initiates traffic to internet), generally, route is required. anyway, you can use performance l4 virtual server with gateway pool instead of forwarding ip virtual server with route.
LTM: Per-VLAN Default Gateways by Deb Allen
- Tabish_Mirza_12
Nimbostratus
suppose if I want to completely segregate production & staging environment (separate physical interfaces, vlan, Ip addresses, GUI access, SSH access, Virtual Servers etc). In this case do I need to use route domain ? if yes. Is it possible to use existing default route domain for production & create new for staging environment.
- nitass
Employee
suppose if I want to completely segregate production & staging environment (separate physical interfaces, vlan, Ip addresses, GUI access, SSH access, Virtual Servers etc). In this case do I need to use route domain ?
route domain is to separate routing (not resource). there is still one gui. you may check about vcmp if it meets what you want.
Is it possible to use existing default route domain for production & create new for staging environment.
yes, you can do that.
- Tabish_Mirza_12
Nimbostratus
Hi,
I am following this link (http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-ip-routing-administration-11-3-0/2.html) to create route domain & as per this I suppose to see Partition Default Route Domain list option while creating route domain route but it didn't.
They mentioned that (This setting does not appear if the current administrative partition is partition Common). What it does mean ? what do I need to do to get this option.
From the Partition Default Route Domain list, select either Another route domain (0) is the Partition Default Route Domain or Make this route domain the Partition Default Route Domain. This setting does not appear if the current administrative partition is partition Common. When you configure this setting, either route domain 0 or this route domain becomes the default route domain for the current administrative partition.
You create routes in Common partition by default. If you want to create a route in another routing domain you should add '%' to the end of route.
- Tabish_Mirza_12
Nimbostratus
My requirement is to have two route domain (one for production & one for staging). I want to keep existing one means default one for production & new route domain for staging. Currently I have one default route for default route domain but I want to create one more for staging. How to achieve this? - First you should create a route domain and assign some vlans to it. Then you create a default route, for example: Destination - 0.0.0.0% Netmask - 0.0.0.0 GW - 1.1.1.1%
- Tabish_Mirza_12
Nimbostratus
what about the partition ? do I need to create new partition or keep it default partition means common for both route domain's (default route domain & new route domain). Appliance's are in production. What is the best way to have multiple route domain to segregate Production & Staging environment. Please advise.
- Tabish_Mirza_12
Nimbostratus
Getting below error while trying to configure the Selp IP on VLAN associated to route domain 1 which I created for staging.
(The Vlan (/Common/F5-DMZ-Prod-EXT) for the specified self IP (192.168.214.249) must be one of the vlans in the associated route domain(/Common0).
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com