HI all - i have deployed a Sigle Nic F5 in GCP
it has a primary internal IP - 10.10.10.x - and a External IP - 22.214.171.124 - that has a DNS record
Question - how do i create a Second Vip for a second DNS record .
example - i get a dns abc.com - IP = 126.96.36.199 -
How would i create a second Virtual server - as i cannot allocate a second IP to the F5 . Please Help
Self IPs are actual IP addresses that are assigned to TMM and the Linux control plane.
Virtual IPs (and their associated Virtual Addresses) are TMM configuration objects that tell TMM how to handle ARP requests and new incoming network flows. This post talks about this in more detail:
Thanks - yep - that i can do - i can add an Alias Range - of 10.10.10.20/32 as Alias ip - and create a port 443 VIP - the second part is connecting externally -
as the Device has 1 External IP - 188.8.131.52 - if My second DNS name resolves to - 184.108.40.206 - how would i get that traffic to the F5
Good point, If no external firewall is found in front of the F5, You can use instead of the Alias IP - a forwarding rule.
The forwarding rule will listen for the second public IP and point the traffic to the F5 Compute engine (VM). On the F5 Device you should create a second virtual server with the destnation ip of the GCP public IP address.
Let me know if it works for you.
btw if the traffic is http/s, you can serve multiple hostnames using LTM virtual server.
you can use traffic policy/irules to read Host request header and route to to specific pools.
it's usually called virtual host method in webservers.
So to me this is a question of network ranges.
So you have a external IP 220.127.116.11 and you want to have a second IP so say 18.104.22.168, now if these are just /32 address these will need to be on different interfaces on your external firewall..
Or these will need to be in same wider subnet so /24 or /27 or something like that. So one physical interface can have 2 IP's with the same gateway,
Now with that in mind, on the f5 the same will need to our if your first VIP is say 10.10.10.11, it should be in the same subnet of at least a self-ip and its gateway so should be in a /29 or higher network, which would give you a second IP say 10.10.10.12 so this address will actually be 10.10.10.12/29 to use for your second VIP make the network address wider on your external edge and you can have more VIP's / IP!. If you add a cluster you'll need an additional Self IP for each NIG-IP in that cluster.
Once you have the suitable network ranges for this to work, you then just need to map your NAT rules from external to internal and you should be ready to rock!
If you can only have one internal IP, you could always have to exteranl IP's say on port 443.
And use the external firewall to NAT them to different ports.
So something like
ExtIP01:443 => IntIP01:3001
ExtIP02:443 => IntIP01:3002
Which dependant on your constraints in your system may give you a little more flexiablity.