IP Source Routing

Question

I have two autonomous BigIP boxes on two different subnets. Each is deployed in a one-armed configuration where the pool members exist on the same subnet as the BigIP… the servers use the BigIP as their default gateway and pool members for each virtual server can exist on both subnets so to ensure traffic is routed back through the BigIP that received the connection I am SNATting the incoming source address. The problem is with streaming video… I can’t stream unsolicited UDP traffic to a SNAT address so is there a way through iRules that I can inject source routing into the IP packet to make sure it comes back through the BigIP that started the connection? If this is possible I can then maintain the client IP but the return traffic will not, necessarily, go to the servers default gateway. Any help is greatly appreciated.

jrahm · Answer

I'm still shaky as to how the tmm and the linux kernel interact where routing is concerned, but you can try the iproute package native to the linux kernel:&nbsp;&nbsp;ip route add / dev  src &nbsp;
&nbsp;make sure you have a route configured in the bigip.conf file.  Note that this will not be supported by F5.  I'm doing this for radius system authentication traffic that for some reason is being sourced by an interface other than the one traffic is leaving on.

brian_gupta_115 · Answer

Question, why do you need the traffic to return through the BigIP?&nbsp;
&nbsp;I ask because BigIP supports a feature that allows you to preserve the client source address, and allows the return UDP traffic to flow straight to the requesting client.&nbsp;
&nbsp;(This requires setting the VIP IP on the loopback interface of the server in question).&nbsp;
&nbsp;Cheers,
&nbsp;Brian

Forum Discussion

IP Source Routing

2 Replies

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

BIG-IP BGP Routing Protocol Configuration And Use Cases

SNI Routing with BIG-IP

F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options

Block destination IP by source IP

What is BIG-IP Next?