For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Shahrzad_84598's avatar
Shahrzad_84598
Icon for Nimbostratus rankNimbostratus
Nov 01, 2015

Using an iRule to specify multiple allowed ports for a virtual server

Hi there!   I use version 11.4.0 LTM. One of the key concerns for doing the mentioned job in my subject is when our ports in irule are not the same as pool members ports we should specify "all Por...
application delivery
design
devops
iRules
LTM
Vernon_97235's avatar
Vernon_97235
Historic F5 Account
Nov 03, 2015

Good point. "Gateway" is a bit ambiguous :). Typical next hops would be firewall appliances or IP routers. If it's routers, it allows static next hop redundancy but with health detection. So consider if you have two routers and you want to round-robin traffic between then. You could create a wildcard VS with two pool members; namely, the two router next hop addresses. Naturally, you would also apply a health monitor, so if a router goes down, the LTM would stop forwarding traffic. This can be done with OSPF equal cost, for example, but that is substantially more complex to setup and manage.

 

Alternatively, with the firewall case, the next hop is a firewall. Since BIG-IP sends all traffic in a flow to the same selected destination, this works well for even firewall clusters. Again, a health monitor would ensure LTM would stop forwarding traffic to a firewall that becomes unavailable.

 

Shahrzad_84598's avatar
Shahrzad_84598
Icon for Nimbostratus rankNimbostratus
Nov 04, 2015
Thanks for your reply, I was just thinking about web servers, that`s why I was confused :)