Forum Discussion

Brerr's avatar
Brerr
Icon for Nimbostratus rankNimbostratus
Apr 14, 2020

Newbie LTM lab setup question

I'm setting up a lab to do v simple LTM Load balancing, I have a small/medium knowledge of f5 and have got quite a way in but am struggling at what I think is the final hurdle I have 2 VMS (192.168....
application delivery
BIG-IP
LTM
Mayur_Sutare's avatar
Mayur_Sutare
Icon for MVP rankMVP
Apr 15, 2020

I am happy to know that my earlier response helped you to get understanding about SNAT.

 

Moving ahead,

1. can you please provide configuration done on VS and also routes present on F5.

2. On your point which is related to having DNS query coming from subnet 192.168.33.0/24, this is one approach but one question here, is DNS servers knows F5 subnet (10.0.0.x). What are the routes on servers/VM?

Also as its Linux VM , can you please check IP tables on it if any?

 

Mayur

 

 

 

  • Brerr's avatar
    Brerr
    Icon for Nimbostratus rankNimbostratus
    Apr 15, 2020

     

    1. Virtual server config pasted below:

    show running-config ltm virtual

    ltm virtual VS1-10.0.0.10-TCP {

      description VS1-TCP

      destination 10.0.0.10:domain

      ip-protocol tcp

      mask 255.255.255.255

      pool Pool1

      profiles {

        tcp { }

      }

      source 0.0.0.0/0

      source-address-translation {

        type automap

      }

      translate-address enabled

      translate-port enabled

      vs-index 4

    }

    ltm virtual VS1-10.0.0.10-UDP {

      description VS1-UDP

      destination 10.0.0.10:domain

      ip-protocol udp

      mask 255.255.255.255

      pool Pool1

      profiles {

        udp { }

      }

      source 0.0.0.0/0

      source-address-translation {

        type automap

      }

      translate-address enabled

      translate-port enabled

      vs-index 3

    }

     

    Below is routing table on the f5 using netstat -nr

     

     netstat -nr

    Kernel IP routing table

    Destination  Gateway    Genmask    Flags MSS Window irtt Iface

    127.1.1.0   0.0.0.0    255.255.255.0 U    0 0     0 tmm

    10.0.0.0    0.0.0.0    255.255.255.0 U    0 0     0 internal

    192.168.1.0  0.0.0.0    255.255.255.0 U    0 0     0 eth0

    192.168.33.0  0.0.0.0    255.255.255.0 U    0 0     0 external

    192.168.59.0  0.0.0.0    255.255.255.0 U    0 0     0 HA

    127.7.0.0   127.1.1.253  255.255.0.0  UG    0 0     0 tmm

    127.20.0.0   0.0.0.0    255.255.0.0  U    0 0     0 tmm_bp

    0.0.0.0    192.168.1.254 0.0.0.0    UG    0 0     0 eth0

     

    The DNS Servers have two interfaces (one shown below as an example)

     

    eth0: 192.168.1.20/24 gw 192.168.1.254 This is a bridged network on the laptop, connected also to the management interface of the f5 (192.168.1.110)

    eth1: 192.168.33.20/24 no gw. This is a host only network on the laptop also connected to the f5 (192.168.33.10)

    There is no iptables running on the linux VMs

     

    Below is routing table on vm using netstat -nr

     

    Destination  Gateway    Genmask    Flags MSS Window irtt Iface

    0.0.0.0    192.168.1.254 0.0.0.0    UG    0 0     0 eth0

    169.254.0.0  0.0.0.0    255.255.0.0  U    0 0     0 eth1

    192.168.1.0  0.0.0.0    255.255.255.0 U    0 0     0 eth0

    192.168.33.0  0.0.0.0    255.255.255.0 U    0 0     0 eth1

     

    So as you can see the linux VMs do not know about 10.x

     

    My aim is to get this working as simply as possible (its just a lab) but also in a way that would typically be done in production.

     

    Thanks again for your help I really appreciate it.

     

    Brett