We've LTM (220.127.116.11) running for years, serving VLAN with addresses 192.168.8.0/24.
Recently the same VLAN 'expanded' with another address range (192.168.31.0/23).
We tried to define virtual server in this address/netmask range but failed (invalid destination/mask setting).
Possible to serve this new IP address range on the same LTM ?
Thanks a lot.
Thanks for your help.
I tried to define a VS using the new subnet address before I did anything, with destination/mask setting to. say. 192.168.31.250/23 or 192.168.31.250/255.255.254.0. But LTM complaints the value is invalid. I can only provide a mask of 255.255.255.255 or simply no mask at all.
Possible to specify the correct netmask (/23) in virtual server destination ?
Hi @ST_Wong the virtual server listens on a host or range of hosts as a CIDR block. So if you are trying to establish a /23 network for the virtual server to listen on, then it needs to be a valid network address to do so. If you are only wanting to listen to the 192.168.31.250 host, then you do not need to specify the mask on the destination at all.
The virtual server is not an L3 routing table. Routes assure that traffic gets to/from the BIG-IP, the virtual server is how traffic flows through the BIG-IP.
Thanks for all your help.
Inbound traffic now works, however, the default gateway on original subnet 192.168.8.0/24 seems won't help routing traffic for 192.168.31.0/23. All outbound traffic to non-local network got timeout.
Can we forward outbound traffic for the new IP range 192.168.31.0/23 to corresponding gateway 192.168.31.254 ?
Thanks and Best Rgds
a diagram of what's local and what's remote and where you're wanting traffic to route would be helpful.
Just note a couple things:
Here comes a simple diagram:
VLAN 123 ________________|_______________ | | 192.168.8.0/24 192.168.30.0/23 (gw 192.168.8.67) (gw 192.168.31.254) | LTM (self IP on 192.168.8.0/24) | VS (192.168.31.250/23)
Some test results when ping from host (192.168.31.250)
* To 192.168.8.0/24: OK, except the gateway 192.168.8.67
* To all other networks: no response
Inbound traffic from anywhere to the VS is okay.
Since the outbound packet goes through gw 192.168.8.67, i wonder if the gw will route any reply to 192.168.30.0/23, where the packets will be discarded to prevevnt IP spoofing. Just wild guess...
Can I configure LTM to send outbound packets for 192.168.30.0/23 through gw 192.168.31.254 instead of using default gateway of LTM 192.168.8.67 ? Sorry for the newbie question.
Thanks and Best Rgds
first, the VS should be /32, usually if it is only one.
Second I would split that /23 in 2 /24 for example. And use one for the VS if you plan to have many VS's.
Then you could use some static routing for example on F5 and the router .
If you let auto-lasthop enabled on F5 , you won't need a route on the F5.