F5 As a Router

Employee

Jun 28, 2016

It sounds like you either have a duplicate IP problem, or a firewall that only allows return traffic once it has seen traffic in the other direction.

As far as routing goes, it's fundamentally not a router. What happens when you send a packet to the LTM is that it tries to match it to a listener. This could be a SNAT, or a virtual server. A virtual server can be set up to listen to either a host (/32) or network address, and to listen on all vlans, or specific vlans, so even if the destination matches, it won't necessarily match the virtual if that virtual isn't listening on the incoming vlan.

If ip-forward is enabled on the virtual (in the GUI, this is virtual server type ip forwarding), or in fact, even if you have a standard virtual with no pool members, and a directly connected destination.... the LTM will proxy the packet out the other side. Optionally, the LTM can change the source address so that the destination sees the source as local, and sends the reply back to the LTM.

All traffic through the LTM is proxied at layer 3/4. It doesn't route anything as a router would do, though you create a close simulation by creating a virtual server that is configured not to change the source address or port.

Forum Discussion

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

python f5 SDK 401 Unexpected Error: F5 Authorization Required

F5 LTM traffic flow

Increasing ASM log capacity in F5

Revoke and Reuse the F5 license

F5 VS Netscaler