Forum Discussion
NimbostratusNeed help on some issues in route domains
Hi,
Below is the detailed description of the issue.
We are creating multiple partitions on the F5, and each partition is going to have its separate default route. For achieving this I am using route domains.
Now, currently I have three partitions on the F5 namely common, ilm-int-citrix and ilm-int-acc.
The partition common and ilm-int-citrix are in RD0, and I have configured a default route in ilm-int-citrix as below:
net route Default_Route { description Default_Route_ilm-int-citrix gw 172.23.248.1 network default partition ilm-int-citrix }
Then I have created a separate route domain RD1 and have a default route for this as well for partition ilm-int-acc as below:
net route-domain RD_1_ilm-int-acc { description "Route domain for ilm-int-acc" id 1 partition ilm-int-acc vlans { v2873_10.255.131.224_m29 vlan2644_ilm-int-acc } }
net route Default_Route_ilm-int-acc { description "Default Route for ilm-int-acc" gw 10.255.131.225 network default partition ilm-int-acc }
I have vlan2644 on the partition ilm-int-acc, and have configured the self IP's for this vlan as below:
net vlan vlan2644_ilm-int-acc { description "v2644_10.129.50.32_m27 and v2644_10.129.50.128_m26" if-index 1056 interfaces { Trunk_to_FIHGA_OPPIPOD_VPC35 { tagged } } partition ilm-int-acc tag 2644 }
net self v2644_self_ip { address 10.129.50.34/27 partition ilm-int-acc traffic-group /Common/traffic-group-local-only vlan vlan2644_ilm-int-acc }
net self v2644_float_ip { address 10.129.50.33/27 floating enabled partition ilm-int-acc traffic-group /Common/traffic-group-1 unit 1 vlan vlan2644_ilm-int-acc }
Vlan 2644 in a completely L2 vlan in our network, and the L3 (self IP's) has been created on the F5, so once the VLAN is passed on switch trunks connected to F5 the F5 acts as a router for hosts in subnet 10.129.50.32/27.
The issue is when the vlan 2644 is passed on the switch trunks connecting to F5, we are not able to ping the hosts in 10.129.50.32/27 subnet from an external jump point, although the same hosts are pingable from the F5. So how the routing is working in F5?
Also, please not that we were able to ssh to the servers in subnet 10.129.50.32/27 from the same jump point, but ping was not working.
The route to this subnet is via the vlan 2873.
Routing Table: V10730-ILM-LBINT-TST Routing entry for 10.129.50.32/27 Known via "static", distance 1, metric 0 Redistributing via bgp 64552 Advertised by bgp 64552 Routing Descriptor Blocks: * 10.255.131.228 Route metric is 0, traffic share count is 1
10.255.131.228 is the float IP of vlan 2873 on same partition ilm-int-acc
And when we remove the vlan from switch trunk connecting to F5, and activate the vlan towards the existing ACE load balancer the hosts are pingable from the same jump point.
So is this any setting that I need to change in the route domain?
Currently I have configured the RD1 as partition default for ilm-int-acc, strict isolation is enabled and parent name is set to none.
1 Reply
tatmotivCirrostratus
The routes of the big IP itself are only feasible for "from the big IP" traffic (health checks, reaching, non-directly connected pool members, etc), not for "through the big IP" traffic. That's probably the reason why ping from the big IP is working, but SSH from outside the big IP is not.
In order to have your big IP forward traffic between VLANs, you need to add some forwarding virtuals. E.g. when you want to forward traffic to subnet 10.129.50.32/27, you'll need to deploy a network forwarding virtual destined for 10.129.50.32/27 and enable that one on your "external" VLAN (make sure it is bound to the right route domain).
See https://support.f5.com/kb/en-us/solutions/public/7000/500/sol7595.html for hints on how to configure forwarding virtuals.
