cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Self IP for SNAT VLAN, OK. How about for VIP and HA?

delange
Nimbostratus
Nimbostratus

I've got an Active/Passive cluster and have configured static self IPs on both devices along with a floating IP in the internal SNAT VLAN. I'm not using the F5 to act as a Gateway for the nodes and instead return to our firewall/router for Gateway instead. Are self IPs necessary in VLANs configured for HA and Virtual Servers? If so, are static IPs sufficient or is a floating IP required/recommended?

1 REPLY 1

Chause1
Cirrus
Cirrus

Hi

 

Not sure if I understand the configuration correct but lets give it a go.

 

Your self's are needed as they are used to monitor the application. (Lets say via a icmp/tcp/http monitor)

 

Your float is important on the HA side of things as well as the flow of the traffic. This IP will move between the devices in the HA pair when failover occurs.

 

Normally your traffic is expected to flow back via the F5 for the response.

In most cases SNAT/Auto map will be used, which is configured on the VIP. (If it is auto map it will prefer to use your floating IP for that vlan)

This will avoid that the traffic is sent to the GW and rather returns via the F5

 

Hope this helps