Forum Discussion
Heya mate,
when we installed our first BiG-IP's years ago we went the "one-arm" path (essentially using SNAT for everything). The majority of the services that live on our units are web services, which we use the X-FORWARDED-FOR header inserted via the http profile to present the client's real IP address.
A couple of services were however, not web services and had a requirement of having the client's IP visible to the servers. We spun up a new VLAN for the servers to live in defined it on our datacenter core switch (no SVI, just layer 2 VLAN), added it to the port-channel to the BiG-IP etc etc, defined the VLAN on the BiG-IP, nailed in a static route to the BiG-IP (we're cheap :p ), made a couple of forwarding virtual servers, made some self IP's etc, set the servers's default gateway to be the newly created floating IP, created a pool, monitors etc. and created the virtual server with SNAT disabled. And things work!
This is how we initially got things working. VLAN groups, as mentioned above have been introduced and should simplify part of this. I haven't tested them out yet.....
Hopefully, something i've rambled on about can help you.....it's clock off time for me now :)