Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Creating F5 VIP with on IP range not part of interface Subnet


Hi Team,


I'm working on scenario where we need application require automatic failover between datacenters. We have F5 LTM in each DC if F5 or application fails we need traffic to automatically failover to secondary Data Centre. GTM is not an option here due to various issues. I'm thinking of using BGP route injection to advertise VIP from each DC and to prefer primary DC. so my question is can we create a VIP using a separate IP pool other than F5 interface IP network? reason is F5 VIP created on both DCs will have same IP addresses. Anyone can see an issue with this approach?


F5 Employee
F5 Employee

I can answer part of your question:


> so my question is can we create a VIP using a separate IP pool other than F5 interface IP network?


You can, and they will be advertised using a routing protocol (if the Virtual IP is configured with Route Advertisement). Note that these VIPs do not broadcast GARPs on failover, because they do not share address space with a self-IP on a vlan.


But as for your design, I'm not sure I quite understand it.

Where is the pool going to be for the VIP (DC1 or DC2 or both)?


 App Pools will be on both DC associated to the VIP at each DC. We have single F5 at each DC, so I believe no broadcast GARPs on failover doesn't apply here I'm not mistaken.

OK - so it's not really an HA environment, it's just a standalone LTM in each DC.


Generally the recommendation is for having an HA pair in each DC, and using GTM/DNS to manage the DC to DC failover.


But as long as you can monitor the status of each DC to change the routes, it should work. But a conversation with your F5 Account Team probably would be useful.