Forum Discussion
srinidhi12
Cirrostratus
CirrostratusUnable to add virtual server to F5
Hello All,
We have added F5 Image in EVE-NG and attached Virtual PC to Interface 1.1. We have configured F5 for LTM. We are able to access Internet from F5 and also ping Interface IP(1.1).
Interface status is coming as UP. Virtual PC which is connected directly to F5 interface(1.1) is not getting internet.
Please find the attached screenshot for the interface status.
Could you please let us know the Configuration to be changed to get internet access in Virtual PC which is directly connected to Interface?
Thanks!
Hi srinidhi12 ,
You can achieve it easily by using IP forwarding virtual server across F5.
For more details about IP forwarding virtual server , read this Article :
KB : https://support.f5.com/csp/article/K7595 .
Forwarding ip virtual server makes F5 to act as a router.
Hope it helps you.
Regards
mihaicMVP
here is an article on routing tables:
https://support.f5.com/csp/article/K13284management interface is using one routing subtable and the other interfaces are using other routing subtable.
it would be better not to use management for accessing internet. I think it is still possible to use it, check in the
article.Share you managment interface settings .
I still believe that the issue is somewhere else. Your firewall/router that you use to access the internet need to have a route to the subnet where the Virtual PC is in . And also to be able to NAT it .
Hi mihaic ,
You're right , he should another interface not management one.
But I think if he add an IP forwarding virtual server to listen to the internet traffic that initiated from PC machine , F5 will take this traffic and choose the management port to server internet traffic.
F5 will go across management subnet as a last resort specially for this access.
Regards
srinidhi12Thanks for the article. we went through it and tried the below commands to check the connection.
We checked the configuration and noticed that IP address assigned to Interface 1.1 is showing Connected in Origin
Interface 1.1> Self-IP > 192.168.11.140
Virtual PC directly connected to Interface > Self-IP> 192.168.11.120
Default Gateway for Virtual PC is set Interface 1.1 IP (Please find the image below)
Also As of now, We only have F5 and Virtual PC in our Environment. we have not configured any other firewall and router.
We have added one route as test in Network>Routes.
Could you please let us know which settings to change to get Internet connectivity in Virtual PC (192.168.11.120)
srinidhi12 ,
Have you configure an IP Forwarding Virtual server as I send in my first reply ?
F5 Will not Pass your Traffic Without " Listner " I mean a Virtual server matches with these packets , if this For Lab only , Create a new IP forwarding Virtual server ( Destination address 0.0.0.0/0 ) , also add a specific route to send traffic to the next hop which directs you to internet.
Also I need you to Test internet Connectivity from F5 itself.
Also Issue this command on bash #ip route get 8.8.8.8 " just for Example "
see first if F5 can reach internet or not then test your PC Machine.
Regards- mihaic
So I made it work.
Interf 1.1 is in vlan 100 and 1.3 is in vlan 200.
Net is the management network.
I've added something similar called Net2, but attached to interface 1.3 in my case.
Created the vlan (vlan200 in my case), self-IP. Then I created a forwarding IP VIP with 0.0.0.0/0 for source and destination, no SNAT, and selected the source VLAN from where I am expecting the traffic to originate from. VLAN100 in my case.
Also I've had to add a static route on my firewall(not in the picture) to subnet in vlan100 where the Desktop is and point it to F5 ip in vlan200.
and that's it
- srinidhi12
Hello,
Thanks for your response. It was rellay helpful in understanding the setup. We just have one question regarding the Virtual Server creation.
As you suggested, we have re-created the lab as per yours. Please find the image below.
Also Assigned VLAN_2 to Interface 1.3 and created Self-IP. Interface status is showing as UP. Image below
We created Virtual server and kept type as forward IP with 0.0.0.0/0 for Source and Destination IP. Assigned VLAN associated with Interface 1.1 which is directly connected with Virtual PC. Image below
The status of the virtual server is showing as enabled(unknown)
Also attaching the image below for Self IP's created
We are just missing one step in getting the Internet connection to Virtual PC. Could you please help us with that?
Your assist will be of great help to us.
Thanks
- mihaic
you also need a default route in vlan2.
- srinidhi12
Hello,
Apologies for asking multiple questions.
Could you please let me know if Default route should be created in F5 or Firewall. Because we are not using any firewall in our lab environment. Only F5 and Virtual PC images are being used currently.
Also do we have to add any route in Network> Routes. If so, do we have to add our virtual PC IP address there?
Image below -
- mihaic
Hi!
So you want the F5 to act like a router for traffic coming from Virtual PC, right?
If the F5 can access the internet, what interface is it using for that access?
Virtual PC should have the gateway set to the ip of interface 1.1
I think you might have a routing issue. I am guessing you have firewall/router with access to internet.
That device needs to know where the subnet of the virtual PC is. So you need to tell it to go to the F5 device for the subnet that virtual PC is in.
subnet1(interfacex.x)<->F5<->subnet2(interface 1.1)
- srinidhi12
Thanks for the quick response.
Our goal is to add the virtual server to the F5 LTM.
- We are trying to observe the traffic from Virtual PC to Internet through F5 and also assign policies from F5 to VPC.
- Interface used to connect to Internet is MGMT
- We have set the IP of Interface 1.1 (192.168.11.140) as gateway for Virtual PC but still no internet access
Could you please let us know if we have to add Ip in Network>Routes?
- mihaic
I would use other interface than Mgmt for internet access.
Then you add a default route in tmsh and that's it. You have a dual-arm F5 device doing routing.
- srinidhi12
Hi,
We tried using other interface for internet access in F5, but still I did not get internet in my virtual PC.
we have connected F5 with one interface and trying to connect virtual PC with F5 using other interface, and there is a route to the subnet where the Virtual PC is in.
Sill not sure what we are missing out.
Thanks!
- mihaic
I've tested in my lab and even with a ip forwarding vip it does not work.
That's because the default route is in management routing table and the interface 1.1 is using TMM routing table.
- mihaic
yes , Network> Routes
But your internet comes from somewhere. even if it is not in your Eve-ng lab. you internet gateway/firewall/router needs to send the traffic that comes from the internet back to Virtual PC. So it needs a route pointing to the F5.
- srinidhi12
yes, I have added the route as you mentioned to the virtual PC from the F5,
still I am unable to access the internet from the Virtual PC.
- mihaic
you need a default route if you want to have internet on that Virtual PC, that means 0.0.0.0/0 and it needs to be on the link/vlan to outside (not management), in your case is vlan2, right?
Here is my example:
- srinidhi12
Thanks.
Can you please let us know what what IP should be given for Resource( in your case 192.168.188.1)
