Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

LTM and internal vlans and external routing

GajAnna
Nimbostratus
Nimbostratus

Hi,

I have a situation where there are two internal vlans in an LTM. The vlan names are Internal and Servers with relevant self IPs. The LTM routes traffic via the external vlan to an upstream router. An IP forward VS has been setup having server vlan as source to any destination. This is to make nodes in the server vlan to talk to outside network for some backend activity. This is working fine when nodes from the server vlan talks to any outside network. The issue we are having is when nodes in Server vlan talk to nodes in Internal vlan and because both internal vlans are directly connected F5 tend to route internally.  The requirement is to have the nodes in server vlan to egress via the external upstream gateway.

Is it possible to achieve this by, using the same IP forward VS to do a source-network based forwarding (server vlan network) and set the next hop as external gateway or any other options available?

Any help would be much appreciated.

Thanks & Regards

3 REPLIES 3

Have you considered using route domains? If you put the server vlan and internal vlan in different route domains, the F5 BIG-IP will not route traffic between both VLANs internally when using the default route domain settings.

 

 

Thanks Niels for pointing this out.

I did consider using a seperate RD for the server vlan however was not sure if LTM can route traffic via the external vlan which is part of the default RD 0 anyway. Example, can LTM route the RD 1 traffic via the RD 0 external vlan (defualt external gateway) or any specific config required on the RD1 to achieve this?

 

Also the nodes in the server VLAN has a virtual server VIP for incoming traffic for an application. Moving server vlan to another RD will have an impact on this too?

 

Regards,

It's probably best to have each route domain connected to the upstream router/gateway directly. I think in this setup using parent route domains will not work, because then the F5 will again route the traffic internally. These are things that are best to tested in a test environment before making changes on the production environment. Then you also get an idea what the impact will be on the current setup.