Forum Discussion
HarrisHome_3538
Nimbostratus
NimbostratusTMM routes and Management Routes Question
Hi,
I am newbie to F5 Big-IP. I have some questions on TMM routes, mgmt routes & kernel routes. I had configured a management IP address (10.10.1.173/24) on eth0 and configured a management default route to the gateway (10.10.1.1). I had configured a NAT mapping for a nodes behind F5 to access the outside and created a TMM default route to route all traffics from the node to outside. Here is my configuration, the IP is not real.
mgmt 10.10.1.173 {
netmask 255.255.255.0
}
mgmt route default inet {
gateway
gateway 10.10.1.1
mtu 0
}
nat 192.168.9.42 to 10.10.2.42 {
enable
arp enable
unit 1
vlans none disable
}
route default inet {
gateway
vlan none
gateway 10.10.2.1
pool none
mtu 0
static
}
self 10.10.2.172 {
netmask 255.255.255.0
vlan WAN_VLAN
allow default
}
self 192.168.9.172 {
netmask 255.255.255.0
vlan LAN_VLAN
allow default
}
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
127.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tmm0
127.2.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.1
10.10.2.0 0.0.0.0 255.255.255.0 U 0 0 0 WAN_VLAN
192.168.9.0 0.0.0.0 255.255.255.0 U 0 0 0 LAN_VLAN
127.0.0.0 - 255.0.0.0 ! - - - -
0.0.0.0 10.10.2.1 0.0.0.0 UG 0 0 0 WAN_VLAN
0.0.0.0 10.10.1.1 0.0.0.0 UG 0 0 0 eth0
After I added the TMM default route, I am unable to access the F5 by using the Management IP from outside network. It seems that the default route in Kernel IP routing table had been overwrite by the TMM routes. My question is can I access the F5 by using Management IP if the TMM default is exist?
Thanks a lot!
3 Replies
- dennypayne
Employee
Yes, you should still be able to access the management IP as long as that outside network is not routing you to a TMM address first. TMM won't forward management traffic.
I would make sure that you can still access the mgmt IP locally (from the 10.10.1.0 network), if not, then something got overwritten somehow and that probably warrants a support case. If local access still works then I would double-check your routing elsewhere to make sure that you are accessing 10.10.1.0 directly instead of trying to route it through TMM.
Denny 
HarrisHome_3538Hi Denny,
Thanks for your reply. I cannot ping the management IP address locally. If I deleted the TMM default routes, the management IP address is pingable from local / outside world but the node which behind F5 cannot reach the outside world. All nodes behind F5 are using F5 as default gateway.
What is the problem? Any mis-configuration? Please advise. Thanks a lot!
Ian_Johnson_382If you want the nodes behind the LTM to access the outside world you will need either create forwarding virtual server, or the better option would to create a SNAT to allow any internal host access the outside world.
Ian
