Forum Discussion

Sayali's avatar
Sayali
Icon for Altocumulus rankAltocumulus
Aug 23, 2020

Virtual servers and traffic groups - Functional query

Hi,   I am quite a beginner with F5 so apologies if this question comes out very naive.   I am trying to understand how traffic groups work and how to go about configuring those for below sce...
application delivery
BIG-IP
LTM
Simon_Blakely's avatar
Simon_Blakely
Icon for Employee rankEmployee

You need one floating self-IP per traffic group (so two floating self-IPs per vlan).

 

You don't need to break down the vlan, but it may be administratively convenient to split the floating self IPs and virtual IPs into different CIDR ranges (10.64.24.1 and following for one traffic group, 10.64.24.129 and following for the other). Don't actually split the subnets, though.

Sayali's avatar
Sayali
Icon for Altocumulus rankAltocumulus
Aug 24, 2020

Thanks :) Can give this a try!

 

However, if both the virtual server pools have same physical nodes (hence, the same floating IP as a gateway).. is there a way to manage return traffic via correct BIGIP for each virtual server?

 

Update: Cannot use SNAT, we need to retain actual source IPs without using X-Forwarded headers.

  • Simon_Blakely's avatar
    Simon_Blakely
    Icon for Employee rankEmployee
    Aug 24, 2020

    You can't. In that situation, one LTM will always have to handle the return traffic (the one with the gateway IP).

     

    You have to use stateless Performance (Layer 4) virtuals - i.e. a FastL4 profile that enables Loose Initiation and Loose Close on the incoming Virtual. This means it will just pass packets from the source to the pool member, without needing to maintain state.

     

    You also need an egress virtual on each LTM that is also a stateless Performance (Layer 4) virtual - it accepts return packets from the pool members to the client. This will handle the unmatched packets that originally passed through the other LTM.

     

    But it's a very odd way to set things up.