default route and multiple "external" subnets

What's the real need to drop the default route here? It's not clear what the requirement or benefit is here. When you implement project2, how will you differentiate traffic and SNAT differently?

Is it possible to drop the default route and replace it with source based SNATs along the lines of the following?i understand you are talking about outbound traffic from pool. yes, i think it is possible and your configuration looks okay to me except mask "none". shouldn't it be "any"?

 

 

LTM: Per-VLAN Default Gateways by Deb

 

https://devcentral.f5.com/tech-tips/articles/ltm-per-vlan-default-gateways

Hi Nitass,

 

 

Thanks for sending on that link. It's very helpful.

 

 

To answer your questions - yes, I am talking about outbound traffic from (server) pool members which require a SNAT. So, in this scenario an IP address that has been assigned to an existing VIP will act as that SNAT IP like so:

 

snatpool public-1-snatpool {

 

members LTM-public-SNAT-IP-1_ip_addrss

 

}

 

 

Looking at another one of Deb's documents, it seems that "mask none" is the preferred configuration option:

 

 

https://devcentral.f5.com/tech-tips/articles/ltm-configuring-ip-forwarding

 

 

virtual forward_vs {

 

ip forward

 

destination any:any

 

mask none

 

}

 

 

I guess I'll have to test it.

 

 

To answer WLB's question about the default route. it was put in place when a single project was assigned to the LTM pair before it went into production. We did not want to use a routing protocol, so we went with a default route. However, the introduction of separate router and server VLANs meant that the default route would only be relevant to it's broadcast domain and not the new ones if that makes sense.

Looking at another one of Deb's documents, it seems that "mask none" is the preferred configuration option:

https://devcentral.f5.com/tech-tips/articles/ltm-configuring-ip-forwarding

virtual forward_vs {

ip forward

destination any:any

mask none

} this is mine.

[root@ve10:Active] config  b version|grep -iA 1 version
BIG-IP Version 10.2.4 655.0
Hotfix HF4 Edition

[root@ve10:Active] config  b virtual fwd list
virtual fwd {
   ip forward
   destination any:any
   mask 0.0.0.0
}

and this is 11.3.0.

[root@ve11a:Active:Changes Pending] config  tmsh show sys version|head

Sys::Version
Main Package
  Product  BIG-IP
  Version  11.3.0
  Build    3022.0
  Edition  Hotfix HF3
  Date     Fri Feb 22 00:00:34 PST 2013

[root@ve11a:Active:Changes Pending] config  tmsh list ltm virtual fwd
ltm virtual fwd {
    destination any:0
    ip-forward
    mask any
    profiles {
        fastL4 { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address disabled
    translate-port disabled
    vlans-disabled
}

Cool. Thanks Nitass. I'll have a play with it on my kit so.