For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

D_VCUHS_116063's avatar
D_VCUHS_116063
Icon for Nimbostratus rankNimbostratus
Apr 17, 2015
Solved

VIP to VIP communications on the same BigIP LTM

Is it possible to have two members of a pool, communicate with members of a different pool using their VIPs? Both pools are configured on the same BigIP LTM, doing an Air Watch implementation which has 3 sets of load balanced servers and requires the servers to communicate with each other using their VIP.

 

application delivery
BIG-IP Access Policy Manager (APM)
design
LTM
security

27 Replies

Show More
  • kunjan_118660's avatar
    kunjan_118660
    Icon for Cumulonimbus rankCumulonimbus
    Apr 20, 2015

    DS1 or DS2 will initiate the connection to VS(SG)443 and SG1 or SG2 will initiate the connection to VS(DS)443

     

    Does this mean DS1 and DS2 are clients that initiate a connection to a URL that hit VS(SG)? Similarly SG1 and SG2 are clients that initiate connection to hit VS(DS)?

     

    If so, there is no VS to VS communication as both are independent. Just confirming there is no loop as such.

     

    • D_VCUHS_116063's avatar
      D_VCUHS_116063
      Icon for Nimbostratus rankNimbostratus
      Apr 21, 2015
      Yes, DS1 or DS2 will initiate a connection to a URL to VS(SG); SG2 or SG1 will also initiate a connection to a URL to VS(SG). It was explained to me that each will us its VS as a SNAT for outbound connections.
  • D_VCUHS_116063's avatar
    D_VCUHS_116063
    Icon for Nimbostratus rankNimbostratus
    Apr 20, 2015

    In a way DS1 and DS2 are clients, although the only way it can communicate outbound is through the BigIP LTM. I think it uses the VS(DS) as a SNAT for outbound traffic. Similarly SG1 and SG2 uses VS(SG) as a outbound SNAT.