Forum Discussion
NimbostratusVIP vlan and Server vlan on single trunk between F5 and L3 Switch
Ok; this may be an elementary question, but I have not been able to figure it out. I have some LTM's in an Internet DMZ that connect to a L3 cisco switch over a single L2 trunk, which carries both the VIP vlan and the web server vlan. The web servers also all connect to the same L3 Cisco device using a L2 switchport connection. L3 IP's on the F5's and Cisco switch for both vlans.
Client connects to Virtual Server IP, then SNAT's to web server using the VS vlan address. I can see traffic into the pool associated with the VS, but I see no traffic out. When I switch the VS config to Automap everything works ok. Why is using a SNAT pool with a VIP address breaking connectivity? I'm guessing it is breaking a vlan symmetry requirement but I'm missing the basics of this somehow. I'd rather not share the single interface IP for Automap across all of my VS's because of the number connections required across the box.
JanaAltostratus
Is there any reason to have vlan 10 configured on the bigip?
In this case, serverside traffic exits on vlan10 and response from server arrives on vlan20, as the VIP address is the source-ip of server-side traffic.
Since, the server's default gateway is the L3 device and server is connected to it, you can use just vlan20 between the L3 device and bigip and remove vlan10 on bigip. To connect to the server in vlan 10, the bigip will send the traffic to it's default gateway. This way serverside request and response will exit and arrive on the same vlan.
You can also use an irule like this to use the vip address as the snat ip for serverside connections.
when CLIENT_ACCEPTED { snat [IP::local_addr] }