01-Feb-2023 02:31
Hi all,
I have a BIG ip to loadbalance to internet traffic through to ISPs, the first one gave public IP that i configure on the interface, but the second only forward to me the traffic on a private IP /32 segment .
when a device performs a health check it uses a self IP which is not routed over the internet and the ruslt that i can only monitor the front facing router but not internet ressources as 4.2.2.2 public DNS.
is there a way make the monitors traffic be translated or any other workaround which can help me(i sure i am not the first facing this case)
thanks a lot
01-Feb-2023 06:08
@Azzeddine_S Is the second connection that provides the private IP setup with a router between your F5 and the ISP or is the connection into the F5 a direct connection from the ISP because typically ISPs do not provide private IP space because of the issue you are referring to. As far as health monitors are concerned I would pick 1 destination to check on ISP 1 and a different destination to check on ISP 2. Once you have those different destinations picked you can configure a static route for each that points them to your gateway for the respective ISP. As an example you would have the following as long as the ISP will NAT your IP for ISP 2 if they really do provide you a private IP.
net route ISP_1_Monitor {
description "ISP 1 destination for health monitor"
gw <ISP_1_gateway_IP>
network 4.2.2.2/32
}
net route ISP_2_Monitor {
description "ISP 2 destination for health monitor"
gw <ISP_2_gateway_IP>
network 4.2.2.2/32
}
Once you have these routes configured you should be able to implement ECMP using the following guide.
01-Feb-2023 06:54 - edited 01-Feb-2023 07:14
HI Paulius,
This is what i am already configuring but:
for information user traffic is translated using pools.
it have to be a way to make the monitoring to use a non physical IP.
01-Feb-2023 12:09
@Azzeddine_S On ISP what device translates your privat IP to a public IP in that case? The F5 shouldn't care about private or public as long as you specify a gateway on the same subnet and further down the line that device translates you from your private IP to a public IP. What troubleshooting have you performed to know that the traffic is indeed being dropped?
23-Feb-2023 06:02
Hi all,
our topology is similar to the folowing
The outging triffic is loadbalanced on two links :
for ISP-01 both the egress internet and monitoring traffic use the physical interface and every thing is ok since it has a public IP
for ISP-02 the outgoing interface has a private IP , the egress internet traffic is translated to a pool of IP and routed back from the ISP-02, but the monitoring traffic is generated with the physical IP as a source. whene it reaches the ISP router it is droped and the monitoring fails.
is there a way to force the monitoring to use a pool of IPs ?
thanks a lot