Re: [load balancing] F5 configuration help is needed

From: Kenneth Salchow <k.salchow [izzat] f5.com>
Date: Mon Sep 21 2009 - 12:12:30 EDT

Tony--

Thanks for pointing out the default route option--it's one many people
forget about--just because the BIG-IP is not *really* the outbound router
doesn't mean it can't forward packets. Even if the servers in question may
handle other services that don't go through the BIG-IP on the inbound, if
you add a wildcard VS on the BIG-IP, it will still allow those services to
work on the outbound--you just get an extra hop.

Anyway--good call Tony! :-)

KJ (Ken) Salchow, Jr. | Manager, Technical Marketing
D 651.423.1133
M 612.868.1258
P 206.272.5555
F 206.272.5555
www.f5.com

-----Original Message-----
From: lb-l-bounces@vegan.net [mailto:lb-l-bounces@vegan.net] On Behalf Of
Tony Bourke
Sent: Friday, September 18, 2009 6:20 PM
To: Load Balancing Mailing List
Subject: Re: [load balancing] F5 configuration help is needed

Hello Sezen,

Basically, we need to accomplish two things with this. We need to
ensure traffic hits the F5 on the way in, and traffic hits the F5 on the
way out.

As mentioned, there's the option of doing a SNAT, basically making all
inbound web requests appear to the web servers to be coming from the F5
itself. Since the servers respond to the F5 directly, we ensure
traffic hits the F5 on the way in and on the way out.

Also, you can make the F5 the default gateway for your servers. That
way, traffic hits the F5's VIP, gets forwarded to the server, the
servers respond to the client, but use the F5 as the default gateway.
This ensures traffic goes through the F5 on the way out. The F5 uses
its default gateway (your upstream router or firewall) and forwards the
traffic onto the client. The true source IP address of the client is
preserved in this scenario (it is not in the SNAT scenario).

Tony

sezen eren wrote:
> Hi all,
>
> I have an F5 installed in our system and I need to configure it.
>
> the servers behind F5 will be in same address range with the all
> servers in the network, there will be no privite VLAN behind F5,
> therefore I cannot implement NAT for the pool members, so I cannot
> forward traffic to these hosts?
>
> Since there will be no private internal vlan, I guessI need to use
> only external vlan and all traffic from outworld to F5 and from pool
> members to F5 shall go to external vlan.
>
> one more thing F5 doesn't let me set a management IP in the range of
> self IPs? I need to configure the management IP in same range becase I
> have been given /25 IP range to use for everything traffic, management
> bla bla :), how could I set this management IP within the self IPs range?
>
> I would appreciate if any of you can share configuration files of such
> an structure?
>
> br
> //sezen
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> lb-l mailing list
> lb-l@vegan.net
> http://vegan.net/mailman/listinfo/lb-l
> Searchable Archive: http://vegan.net/lb/archive
> http://lbdigest.com Load Balancing Digest
> http://lbwiki.com Load Balancing Wiki
>

_______________________________________________
lb-l mailing list
lb-l@vegan.net
http://vegan.net/mailman/listinfo/lb-l
Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest
http://lbwiki.com Load Balancing Wiki

_______________________________________________
lb-l mailing list
lb-l@vegan.net
http://vegan.net/mailman/listinfo/lb-l
Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest
http://lbwiki.com Load Balancing Wiki

Received on Mon Sep 21 12:13:00 2009

This archive was generated by hypermail 2.1.8 : Mon Sep 21 2009 - 12:13:01 EDT