Question regarding multiple default gateways

Question

Hello folks,&nbsp;
&nbsp;I am working on an inherited F5 configuration.  We need to add a VLAN and have all the traffic from the virtual hosts on that VLAN use a different default gateway than the one all of the hosts currently on the device use (basically hoping have two different sites both being serviced by the same F5s, but with their networks as separate as possible).&nbsp;
&nbsp;The F5s currently have a default route configured under Network &gt;&gt; Routes.  They also have a virtual forwarding server configured, but it appears to be incomplete because there was never a gateway pool configured, so there is nothing listed under "Resources" tab of that forwarding server's properties.  I take this to mean that all traffic is currently just using the default route configured under Network &gt;&gt; Routes.&nbsp;
&nbsp;Now, I need to add a VLAN to the F5s and have these new virtual hosts use a different default gateway (new circuit being brought in for a new site, being paid for by different department, they want separation of the services).  I've configured the VLANs, and created a new pool that contains only this new default gateway, and created a virtual forwarding server using the new pool (0.0.0.0:*, Performance(Layer4), AllProtocols, and enabled only for the new VLAN).&nbsp;
&nbsp;Now, since I've done this for the new VLAN, do I need to do the same thing for the stuff that was already existing (meaning if I do it for the new VLAN, then do all other VLANs need the same type of virtual forwarding server setup)?  Or should the existing ones just continue to route their traffic based solely on the static default route configured in Network &gt;&gt; Routes?  I've been making the changes on the standby unit, but I'm hoping that I can toggle it to active and have the existing site continue to churn along happily, so I want to cover my bases as much as I can.&nbsp;
&nbsp;Yeah, that may be a pretty confusing post, sorry about that.  I can supply more details if necessary...&nbsp;
&nbsp;Regards,
&nbsp;Mark&nbsp;

hooleylist · Answer

Hi Mark,&nbsp;
&nbsp;There is an advanced configuration section which would be a good place for questions like this (Click here).&nbsp;
&nbsp;You should be fine if there is already a wildcard forwarding VIP (defined on 0.0.0.0) enabled on all VLANs handling all traffic not matched by other virtual servers.  By definition the forwarding VIP doesn't use a pool.  Instead it uses the routing table to forward the packets.&nbsp;
&nbsp;When you add the new VIP, it won't affect traffic coming into the BIG-IP over VLANs it is not enabled on.&nbsp;
&nbsp;Aaron

deb_allen_18 · Answer

(moved post to Adv Design &amp; Config discussion forum)

Forum Discussion

Question regarding multiple default gateways

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Related Content

Question & Answer: Regarding CVE-2020-5902

Health monitor question

F5 Connection Mirroring question

Multiple Kubernetes Clusters and Path-Based Routing with F5 Distributed Cloud

Novice Question - irules