One arm deployment with multiple vlan server segement

Question

Hi All&nbsp;
Good day to you! 
I would like to ask regarding one arm f5 deployment. the requirement is as below we have trunk port from F5 to core switch and cater of a few of vlan server segment, let say vlanA (serverA), vlanB (ServerB) and vlanC  (Server C) because we want to load balance different application on different segment but don't want to change the existing network so the VS and the server IP has the same subnet and from my understanding we need to use SNAT in order the pool member to route back the traffic to F5 as per F5 requirement in full proxy architecture. but seems we have 3 different segment and the users may can from different vlan, so what is the default route i should configure on the F5 to route back the traffic to the client.&nbsp;
from some posting seems like we don't need to configure default route because the F5 will use auto last hop for the return traffic back to the client. from my understanding we can configure routing domain for each segment but We don`t want to use route-domains due to the complexity.&nbsp;
Kindly advice what is the design best practise for this kind of deployment&nbsp;
Thanks&nbsp;
El&nbsp;

max_q_factor · Answer

I think you have hit upon the answer. As long as auto last hop is enabled and all of the back end servers are on one of the three VLANs then you may not need any routes (for the production traffic) as auto last hop should take care of all of the incoming connections.  &nbsp;
You may need specific routes if you are referencing things like a syslog, ntp, or AD/LDAP server that is not on one of those three VLANs.&nbsp;

el · Answer

btw is it possible to create another vlan, let say vlantransit and I create the default gateway point to this vlantransit. so if the auto lash hop not working then if will look for the routing table.

if let say client access VS serverA then the core switch will forward the traffic to vlan ServerA then the return traffic to the client will use vlantransit if auto last hop not working

Thanks

max_q_factor · Answer

That should work as well. Auto last hop should work as long as the initiating mac address is still valid.

torti · Answer

hi,  
what is with healthcheck requests? auto last hop doesn't work for that, because the system itself is the client. If there isn't a configured route, the systeme takes management interface and management IP for the requests.

boneyard · Answer

are you asking a question or stating a fact? if it is a question please rephrase as i don't understand it.

Forum Discussion

One arm deployment with multiple vlan server segement

5 Replies

Jürgen - February 2026 Featured Member

ICYMI - Steve Wozniak at AppWorld 2026

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

AWS F5_OWASP Managed Rule Blocking requests

Add all rule labels to events in F5 Rules for AWS WAF - Web exploits OWASP Rules

F5 Local traffic Pool -> How does it track the availability of the members of the pool?

Resetting to Factory Default

F5 BIGIP & XC certbot plugin

Related Content

Where are F5's archived deployment guides?

BIG-IP Next for Kubernetes CNFs deployment walkthrough

F5 BIG-IP deployment with OpenShift - per-application 2-tier deployments

Automating F5 Application Delivery and Security Platform Deployments

BIG-IP Next for Kubernetes Nvidia DPU deployment walkthrough

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS