Forum Discussion
Multiple inbound gateways connecting to all vlans.
In front of the F5 I have multiple gateways sending traffic in different IP blocks. I would like traffic from both of these gateways to access the servers behind the F5 and route out appropriately. I have it working with one external vlan talking to all internal vlans when I add a second external vlan I cannot route traffic through it to all internal vlans and back out. I have enabled a snat from internal to external for every single VIP but I can't get the route from the F5 to the second vlan to work correctly. I also have self groups set up for each vlan.
note that I am using v11.1 HF2
________
vlan a ----> || -----> vlan 1
|F5| -----> vlan 2
|| -----> vlan 3
|| -----> vlan 4
vlan b ---->|_______| -----> vlan 5
- John_Pribula_10NimbostratusAnd my nice diagram got messed up
- HamishCirrocumulusMmm... Absent a good diagram, the description sounds fine. Not sure why you're bothering with SNAT... auto last-hop would take care of ensuring the return traffic passes via the correct external VLAN without SNAT'ing.
- John_Pribula_10NimbostratusIt seems to attempt to route out of the vlan a with or without snat, I should note that a default route is in place using vlan a's gateway with destination 0.0.0.0 netmask 0.0.0.0 if that is cause of the problem I will feel especially dumb.
- John_Pribula_10NimbostratusRemvoing the snats did nothing
Removing the default route seems to break all routing.
- John_Pribula_10NimbostratusI'm attaching a better diagram, note that the external vlans use our publicly routable address space, not 192.168
and to summarize, currently vlan a is the active external vlan, a default route is in place with destination and netmask of 0.0.0.0 using vlan a's gateway,
all internal vlans are routed through the f5's and all servers are using the f5's self ip's as their gateway address.
snats are in place to force any outbound traffic from internal servers through the correct vip.
when adding vlan b to the mix I cannot get traffic to route in and out of addresses with the vlan b address space.
if i remove the default route and rely on auto last hop all traffic flow seems broken.
I cannot segregate the internal vlan's using a route domain as we have a mish mash of them and may need to route out of either of the external address spaces depending on use case.
- HamishCirrocumulusBig vlans...
- John_Pribula_10NimbostratusI'm still having issues with this config so i went back to the basics. When i only have vlan a external i can traceroute from the lrm itselfout to anything including addresses in the vlan b space when i add self ip's in the vlan b space the ltm can no longer traceroute to anything in that space.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com