Forum Discussion

carl_townshend_'s avatar
carl_townshend_
Icon for Nimbostratus rankNimbostratus
Nov 14, 2018

IP Forwarding virtual server

Hi all We want to preserve the original IP address of the clients coming in on one of our virtual servers, this is for FTP connections. I believe this is done by an IP Forwarding virtual server and turning off Automap on the vs for the FTP, there are 2 FTP member servers behind the F5. I know I have to set the gateway of the servers as the F5, How do I then tell the F5 how to get back to the original client, it will need to be a default route as the client request could be any IP. I see when you create an F5 IP forwarding vs, it has source address and dest address/mask, what would I put in? cheers

 

application delivery
LTM

2 Replies

Sort By
  • Philip_Jonsson's avatar
    Philip_Jonsson
    Icon for MVP rankMVP
    Nov 14, 2018

    Hey Carl

     

    This all depends on how the networking (VLANs, Routes and Self-IP addresses is configured). When using a Forwarding IP VS, the BIG-IP will simply forward the traffic to the IP address configured in the Destination IP Address field of the virtual server. However, it will be stateful.

     

    To give you an example using an external and internal VLAN, you would configure it the following way:

     

    External VLAN

     

    • Self-IP Address: 10.10.1.31

    Internal VLAN

     

    • Self-IP Address: 172.16.1.31

    Virtual-Server

     

    • Destination IP Address: 172.16.1.100 (Same as FTP Server)
    • Destination Port: 21
    • VLANs and Tunnels: DO NOT Listen on Internal
    • SNAT Automap: Off

    It is important you configure so that the VS does not "listen" on VLAN internal. This is because the BIG-IP will ARP for 172.16.1.100 if it does that on the internal VLAN you will end up with an IP conflict. So it is important you only listen on VLANS where you expect traffic will originate from

     

    FTP Server

     

    • IP Address: 172.16.1.100
    • Port: 21
    • Default Gateway: 172.16.1.31

    On the External Network Routing you add the following routing entry:

     

    External Routing

     

    destination 172.16.1.100 255.255.255.255 10.10.1.31

     

    The traffic will flow the following way:

     

    1. Traffic originating from external with the destination of 172.16.1.100 will be routed to 10.10.1.31 (Self-IP of the BIG-IP)
    2. Since we have a virtual server (listener) on the BIG-IP for 172.16.1.100 it will pick up the traffic.
    3. The configuration on the virtual server state that it will not translate the client IP address (no SNAT), not translate the destination IP address or destination Port (standard for Forwarding IP type VS)
    4. The BIG-IP will review its routing table, traffic for 172.16.1.100 will be routed through VLAN internal since it is directly connected.
    5. Traffic arrives at the FTP server and since it uses the BIG-IP's self-IP address as default gateway, the return traffic will pass through the BIG-IP again.
    6. The BIG-IP will match the return traffic because it matches the session and send it back out on the external VLAN.

    To read more about Forwarding IP VS's please check this article:

     

    K7595: Overview of IP forwarding virtual servers

     

    But that is one way of solving it. It all depends on how the environment is designed and configured.

     

    I hope this helps!

     

    Let me know if you have any further questions :).