Configuring virtual servers

By default a virtual server is enabled on ALL VLANS. It accepts incoming (ingress) traffic and either sends that traffic to a pool, node, or other route. You might, among other things, set the active VLANs for a virtual server if you wanted to limit networks that could reach that virtual server.

Thank you Kevin.

Kevin,

 

 

When you say "ALL VLANS" do you mean all external vlans only? If that's the case then pool members will not be able to initiate traffic to a virtual server that is enable on all vlans..right?

When you say "ALL VLANS" do you mean all external vlans only?all means every vlan which is created in the system.

Then this means Virtual servers can process traffic initiated from both external clients as well as pool members right?

Then this means Virtual servers can process traffic initiated from both external clients as well as pool members right?yes if connection matches listener object (e.g. virtual server).

What you're saying makes sense to me. I was at a F5 LTM training course the whole of last week and the instructor said that Virtual server and SNATs process traffic in one direction only where as NAT can process traffic in both direction. This conflicts with what you and I are saying doesn't it?

the instructor said that Virtual server and SNATs process traffic in one direction only where as NAT can process traffic in both direction.i understand what he means is virtual server and snat create one listener oject (i.e. virtual server creates destination listener object. snat creates source listener object) but nat creates both destination and source listener objects.

 

 

The BIG-IP system creates a source and destination listener for local traffic objects such as NATs that listen for requests matching a destination host IP address, or requests originating from a host IP address defined on the BIG-IP system.sol9038: The order of precedence for local traffic object listeners

 

http://support.f5.com/kb/en-us/solutions/public/9000/000/sol9038.html

 

 

for example, when creating nat address 1.1.1.1 for origin address 2.2.2.2 (i.e. nat 2.2.2.2 to 1.1.1.1), external client can initiate connection to 2.2.2.2 through 1.1.1.1. also, 2.2.2.2 can initiate connection to external resource and external resource will see it is coming from 1.1.1.1.

 

 

anyway, if you create virtual server 1.1.1.1 with pool member 2.2.2.2, external client can initiate connection to 2.2.2.2 through 1.1.1.1 but 2.2.2.2 cannot initate connection to external resource unless you configure another wildcard virtual server to handle outbound traffic from pool member.

wow that makes way more sense. Thank you so much!

Nitass,

 

 

Just one more thing...

 

 

"anyway, if you create virtual server 1.1.1.1 with pool member 2.2.2.2, external client can initiate connection to 2.2.2.2 through 1.1.1.1 but 2.2.2.2 cannot initate connection to external resource unless you configure another wildcard virtual server to handle outbound traffic from pool member. "

 

 

What if for some weird reason 2.2.2.2 initiates a connection to virtual server 1.1.1.1. Will the virtual server just drop the packet, or will it forward the packet back to 2.2.2.2 since it is the pool that the virtual server is configured to load balance to?