How to route packets from a route domain to default

Question

My understanding on route domains is that one could configure a route domain to peek into a parent for routes, hence allowing packets to move across route domains. 
&nbsp;  
&nbsp; However I've setup my device as follows: 
&nbsp;  
&nbsp; - VLAN 1 (external) 
&nbsp; - VLAN 110 (internal) 
&nbsp; - Route domain 0 (default) with VLAN external 
&nbsp; - Route domain 110 (internal) with VLAN internal, parent is route domain 0. 
&nbsp; - Self IP 10.7.1.254 / 255.255.0.0 on VLAN external 
&nbsp; - Self IP 192.168.0.254%110 on VLAN internal 
&nbsp; - SNAT automap for all addresses on VLAN internal 
&nbsp;  
&nbsp; In this configuration, I can't route packets from a host on VLAN internal out hosts on the external VLAN. 
&nbsp;  
&nbsp; If I remove the route domains, then it works fine.  That's with the following: 
&nbsp;  
&nbsp; - VLAN 1 (external) 
&nbsp; - VLAN 110 (internal) 
&nbsp; - Route domain 0 (default) with all VLANs 
&nbsp; - Self IP 10.7.1.254 / 255.255.0.0 on VLAN external 
&nbsp; - Self IP 192.168.0.254 on VLAN internal 
&nbsp; - SNAT automap for all addresses on VLAN internal 
&nbsp;  
&nbsp; Any thoughts?

jrahm · Answer

Solution 9933 (Click here) details a nat issue between route domains, but I'm not sure if this includes snats.  Might want to open a case with support to verify.

chris_15807 · Answer

I can't imagine SNATs wouldn't work and it would still pass test.  They're pretty essential if you're going to have multiple VLANs with the same IP subnets - which is one of the discussed advantages of using route domains. 
&nbsp;  
&nbsp; I guess I'll raise a support request. 
&nbsp;  
&nbsp; cheers, 
&nbsp; chris

jrahm · Answer

OK, so after some bang-head-against-wall moments this morning, I was able to get this working with some help from Mr. L4L7 himself.  On my v10HF2 system, I can get RD1 to forward traffic to RD0 with snat automap enabled, but not with a default snat.  I had to create a virtual forwarder (0.0.0.0%1) with snat automap enabled, then do a restart on tmm.

chris_15807 · Answer

I can't reproduce this work-around. 
&nbsp;  
&nbsp; Do you mean a virtual server, configured as: 
&nbsp; - destination type: host 
&nbsp; - destination address: "0.0.0.0%110" 
&nbsp; - service port: "* All Ports" 
&nbsp; - type: "forwarding (layer 2)" 
&nbsp; - protocol: "* All protocols" 
&nbsp; - enabled on vlan "internal" 
&nbsp; - SNAT Pool: "automap" 
&nbsp;  
&nbsp; ? 
&nbsp;  
&nbsp; I restarted tmm by "bigpipe restart tmm" (also did a box reboot).  No joy. &nbsp;

jrahm · Answer

yes, but as network (0.0.0.0/0.0.0.0), not host.

Forum Discussion

How to route packets from a route domain to default

6 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

Related Content

Enriching AFM with public domain Threat Intelligence

Automating Packet Captures on BIG-IP

F5 packet buffer

F5 BigIP External Authentication and NTP servers in non default route domain.

domain blocking