Allowing source IPs to be visible behind a BIG-IP
We have a big-IP version BIG-IP 14.1.0.3 Build 0.0.6 Point Release 3 with a few services running on it. One of the services takes in telemetry data from 100 client devices, passes through the BIG-IP to a pool of 3 identical listening devices, all on a custom port. The listening devices have a simple web console mainly used for internal status checking and troubleshooting. We previously had these devices behind a Barracuda Load Balancer. On the three listening devices, the client connections would be displayed showing their outside, originating IP, which helped in identifying what client site it was. Now that we've moved these devices behind the BIG-IP, everything seems to be working properly, except the devices are all displaying the floating self-IP of the BIG-IP. We have 100 connections, all showing the same IP. Is there a way to have them display their actual, originating IP address? I was working with a support engineer who suggested disabling Address Translation and then setting the WAF's floating Self-IP as the default gateway on the three listening devices, but that results in the outside devices being unable to connect at all. Any other suggestions? I'd be happy to try and provide any addition information, if needed. This is a standard virtual server passing traffic via TCP.
Is floating self-ip necessary under one-arm HA deployment?
Hi all, Under in-line ( two-armed ) HA deployment, the floating self-ip is necessary to process traffic, like to be pool member's default gw. But , under the one-armed HA deployment, I use SNAT AutoMap to ensure the return traffic. And the HTTP(s) application session can be reset / re-establish on another F5 device when failover occur. That is to say I don't need to enable connection mirror on virtual server and I don't need the same self-ip / mac for SANT AutoMap selection. In this case, is floating self-ip still needed?
multiple floating self IPs for the same vlan and within the same traffic group
Hi, Is that a valid config to give more than 1 floating self IPs for the same vlan in F5 LTM? Also with the same traffic group setting. I saw on F5 LTM cluster configured this way and looks like still working. for example: both floating self IPs are 10.17.16.20 and 10.17.16.21, they have the same MAC address. Back end servers 10.17.16.200 and 10.17.16.201 have 2 NICs, they are not using 10.17.16.20 or 10.17.16.21 as default gateway. The other NIC IPs are 10.20.20.200 and 10.20.20.201, the servers are using 10.20.20.1 as default gateway. The traffic can reach to server 10.17.16.200 and 10.17.16.201 via both floating self IPs 10.17.16.20 and 10.17.16.21, but 10.17.16.20 and 10.17.16.21 have the same MAC address. I am not sure how the F5 LTM Layer2 forwarding table works. Anyone has this type of setup in F5 LTM? Regards kevin