I have a customer that wants to deploy one-arm mode due to high demand in management traffic of the nodes. the nodes would have static routes to management networks and a default route to the F5 BIG-IP.
the nodes would still receive load balanced traffic from the internet. which would go through the BIG-IP. return traffic to the internet would also go through the BIG-IP because the nodes have a DG going to the BIG-IP self IP.
I guess a good way to describe this is a "hybrid" topology
one-arm mode because the virtual server is on same vlan as NODES.
routed mode because the nodes use the BIG-IP as the default gateway.
I have somewhat attempted this configuration but I see traffic is not forwarded from virtual server to the pool. is snat required one using one VLAN for all traffic?
the client IPs are not source NATted before they reach the VS. The VS will only have to send the traffic to the default gateway.
I don't SYNs being forwarded to the pool which is kind of confusing. seems to be configured correctly. I ran it through ihealth and it looks ok. none of the app requests are local they are from remote networks.
tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host x.x.x.x or host y.y.y.y
x.x.x.x is virtual server ip
y.y.y.y is pool member ip