Forum Discussion

Oreoluwa's avatar
Oreoluwa
Icon for Altocumulus rankAltocumulus
Aug 29, 2019

Static Route

Hi,

I created a Static route on my F5 BIG IP appliance to be able to reach a particular network through a gateway ip address. I cannot ping the remote network and when I do a traceroute, I do not see the gateway I set as a hop. The gateway address and one of my BIG IP interfaces are on the same network range.

Please I need answers. What is wrong?

  • Please clarify this. Is it your topology?

    if you can ping your next-hop but not the device behind it, this could be for some reasons.

    First of all, capture traffic using tcpdump for being sure that your packets are being sent.

    #tcpdump -nnei 0.0 'host <destination_ip>'

    Do you see traffic when you ping your destination ip?

    Please, share also your routing table

    # ip route
    # tmsh show net route 

    KR,

    Dario.

  • Hello Oreoluwa.

    Take into account that in F5 there are two types of static routes:

    If you check your routing table in F5, you could see that TMM route has less metric (so it's preferred).

    # ip route show table main 
    ...
    default via 10.130.40.99 dev internal
    default via 192.168.102.1 dev eth0  metric 9

    You should also check your self-ip port lockdown configuration to be sure that you are not dropping the returned packets

    REF - https://support.f5.com/csp/article/K17333

    KR,

    Dario.

    • Oreoluwa's avatar
      Oreoluwa
      Icon for Altocumulus rankAltocumulus

      I have read the documentation but i maybe i should clarify my question. In this environment i am working on, they got private addresses from a telecoms operator, 10.114.114.x/30. These private addresses are only routable to an internal network 172.20.238.x/24 such that from wherever the owners of the telecoms ip addresses are, they can make a request to any host on the network 172.20.238.x/24. This network 172.20.238.x host is then nated by a firewall to the internal servers. This was their existing architecture. Now, the firewall is being replaced by F5 as a hop to the internal servers to which requests will be made. Because i have set a vlan self IP of 172.20.238.5 on the F5 and a virtual server ip of 172.20.238.8 on the F5, and mapped it to the pool where the internal servers, the telecoms private address hosts can reach the F5 through the VIP and the interface. But the F5 cannot reach the telecoms private address. I set a static route so it knows how to reach it but F5 still doesnt go that route. So even though from F5 i can ping the next hop Router interface above the F5 on 172.20.238.9, i cannot Ping 10.114.114.170 which router above F5 points to.

      • Please clarify this. Is it your topology?

        if you can ping your next-hop but not the device behind it, this could be for some reasons.

        First of all, capture traffic using tcpdump for being sure that your packets are being sent.

        #tcpdump -nnei 0.0 'host <destination_ip>'

        Do you see traffic when you ping your destination ip?

        Please, share also your routing table

        # ip route
        # tmsh show net route 

        KR,

        Dario.