Forum Discussion
Nimbostratusstatic route versus IP forwarding VS
Nimbostratus0.0.0.0/0 VS (PerfL4-type) actually is the best solution to establish internet connectivity for the back-end servers via F5 in your case. Static routes only define the next hop to reach a destination, but they do not effectively cause a routing to take place. They are useful as supplementary exceptions to default route.
I'll post the config I use in 99% of cases.
- It consists of a custom FastL4 profile to make F5 a non-intrusive middleman (behave like a router)
- A pool which has either one or more default gateways to reach Internet,
- And a very broad 0.0.0.0/0 Virtual Server which listens on internal (server-side) VLANs that should have Internet connectivity via F5. This VS will only get a connection if there's no closer match available.
conf:
ltm profile fastl4 pr_fastl4_stateless {
app-service none
defaults-from fastL4
loose-close enabled
loose-initialization enabled
reset-on-timeout disabled
}
ltm pool pool_default_gw {
members {
172.16.0.1:any {
address 172.16.0.1
session monitor-enabled
}
}
monitor gateway_icmp
}
ltm virtual vs_0.0.0.0_any {
destination 0.0.0.0:any
mask any
pool pool_default_gw
profiles {
pr_fastl4_stateless { }
}
source 0.0.0.0/0
translate-port disabled
vlans {
vlan_server_side_2010
}
vlans-enabled
vs-index 4
}
It would be possible due to a second Virtual Server, a better candidate to handle your connection to ''. To throw out some stupid speculation, maybe you have another 0.0.0.0/0 VS for a specific protocol which has a different server-side configuration, or maybe you have a 87.252.198.0/24 VS (matches public address pool).
See order of precedence for Virtual Server matching: https://support.f5.com/csp/article/K14800
