Forum Discussion

Miguel_111028's avatar
Miguel_111028
Icon for Nimbostratus rankNimbostratus
Jul 04, 2008

LTM Last Hop Feature

Hello,

 

 

As you can see in the attached drawing, I have two 6400 Big-ip LTM ( v 9.4.5) in active-pasive configuration. The big-ip have Firewall A as his default gateway and have 2 virtual server.

 

 

Traffic destined for Virtual Server 1 pass through FW A, so the inbound and outbound traffic pass through the same FW.

 

 

The problem is: the traffic destined to Virtual Sever 2 enter through FW B and egress through FW A ( Default gateway for big ip), this is a problem because firewalls can’t synchronize sessions.

 

 

It could the Auto last hop feature of f5 solve this problem or I’ll must create a last hop pool and assign to a Virtual server? Any suggestion ?

 

 

Thanks you in advance.

 

config
design

4 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jul 04, 2008
    Auto lasthop dictates that LTM will route the response back out the same interface to the same MAC address that the request came from. You shouldn't need to use a lasthop pool for this to work in your scenario. Have you been able to give it a try?

     

     

    Aaron
  • Miguel_111028's avatar
    Miguel_111028
    Icon for Nimbostratus rankNimbostratus
    Jul 04, 2008
    Hello Aaron,

     

     

    This is just a design of a future implementation so I can’t try it currently. In any case, this means that the Last Hop feature ignore the default gateway or static routes you have configure in the big ip?

     

     

    Thanks you.