cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Not Directly Connected Via an Interface.

gdoyle
Cirrostratus
Cirrostratus

Good morning, y'all.

I'm reconfiguring a network that has been patched together over the years and needed a refresh. Upon doing so we seem to have lost connectivity to Big IP VIPs and I think there is some asymmetric routing happening. Currently they are leaving the firewall into a transit network in the correct VRF, then they go to the Big IP. Upon leaving the Big IP they are going directly to the firewall as that is where their gateway is configured. (This Big IP is setup using a different default route for each of the three route domains configured).

 

My solution to this was to set up some new transit networks between the switch and the Big IP so that all connections would be routed through them, hit the SVI, then go through the Switch to firewall transit network I have previously setup, then out to our firewall. Thus creating symmetric routing and a happy network guy.

 

So the transit networks have been configured on the network side, I created the VLANs on the Big IP, assigned a new Self IP in each of the new transit subnets, and now am trying to change the default route for the route domains to the gateway for the respective transit subnets. However, I am receiving the following error when trying to do so:

 

01070330:3: Static route gateway <ip_address>%1 is not directly connected via an interface.

 

Although the "%1" changes depending on which route domain gateway I am trying to change. What am I doing wrong, or not doing right?

 

Also, I tried to add the new VLANs to each of the route domains, but I think because I added a Self IP in those subnets that they are not available to add. However, whether I have a configured Self IP or whether I do not have that an add the VLAN to the Route Domain, I receive the same error message above. Does this require a physical link into the switch with a configured IP address on it? I'm a bit lost at this point.

 

Thanks.

 

---------------------------------------

 

As a quick edit, I do see an ARP for the Big IP interfaces for which I have configured the VLANs. So I think I'm even more confused at this point.

2 REPLIES 2

I think, you are attempting to define a static route that points to a gateway, and the system does not have a self IP address in the same subnet as the gateway.

 

Quick question here,

 

Do you have any self IP configured on F5 which is having gateway/SVI on the switch where the gateway/SVI of other subnet exists for which you are trying to put route?

 

Mayur

Yes, I created the Self IPs in those subnets because I thought this might be the issue too. Unfortunately I receive the same error after doing so.