Dig deeper into Ansible and F5 integration

Basics of Ansible and F5 integration were covered in a joint webinar held earlier in March 2017. To learn more about the integration and current F5 module support along with some use cases view the w...
Published Apr 05, 2017
Version 1.0
Ansible
application delivery
BIG-IP
devops
iControl
LTM
playbook
Payal_S's avatar
Payal_S
Ret. Employee
Jun 13, 2018

Hi,

You do not need to have a default gateway if you have L2 connectivity to your external (Client traffic) and your internal (server traffic), but if your servers are on a different subnet and you need to tell BIG-IP how to route to that subnet then yes you do need specify static routes. Though it is good practice to specify a default route.

Example of adding a static route:

- name: Add route(s)
    bigip_static_route:
      server: "{{bigip_ip}}"
      user: "{{ bigip_username }}"
      password: "{{ bigip_password }}"
      name: "{{item.name}}"
      gateway_address: "{{item.gw_address}}"
      netmask: "{{item.netmask}}"
      destination: "{{item.destination}}" 
      validate_certs: "no"
    with_items: "{{static_route}}"
    
 Associated variable file:
 static_route:
- name: "default"
  gw_address: "10.168.68.1"
  destination: "0.0.0.0"
  netmask: "0.0.0.0"

Yes if your backend servers are not on the same subnet you have two options: 1) Set SNAT to 'Automap' on the Virtual server, this will change the source IP address to the internal Self-IP address of the BIG-IP, so the return traffic will be forced to go back through the BIG-IP 2) If you donot want to use Automap , point all your backend servers default route to the internal Self-IP address of the BIG-IP

Thanks