Forum Discussion

Warren_A__97345's avatar
Warren_A__97345
Icon for Nimbostratus rankNimbostratus
Nov 24, 2009

Traffic Routing with out a Snat ?

Greetings everyone.

 

 

I am setting up a pair of HA F5s for my datacenter and I have a problem with IP preservation and I was hoping someone could shed some light on this topic for me.

 

 

My Network Layout Approximately. All IPs are public so I can easily route from elsewhere.

 

 

Vip network :

 

Public IPs

 

77.77.77.1 Routerhsrp

 

77.77.77.2 router1

 

77.77.77.3 router2

 

77.77.77.4 F5-BigIP-LB1

 

77.77.77.5 F5-BigIP-LB2

 

77.77.77.6 F5-BigIP-FloatingIP

 

77.77.77.7 mywww.vip.company.com (on LBs)

 

 

ServerNetwork (also public IPs)

 

88.88.88.1 Routerhsrp

 

88.88.88.2 Router1

 

88.88.88.3 Router2

 

88.88.88.4 F5-BigIP-LB1

 

88.88.88.5 F5-BigIP-LB2

 

88.88.88.6 F5-BigIP-LB-FloatingIP

 

88.88.88.7 www1

 

88.88.88.8 www2

 

88.88.88.9 www3

 

 

I was assuming since I am running all Public IP numbers I could rely on the F5 forwarding the to the proper server while only changing the from source layer2 information so the traffic would return back through the load balancer with out stripping the true source IP from the L3 data, Since I have the F5s on the 88.x.x.x network with the right vlan, unfortunately I can not seem to get any traffic to flow that way.

 

 

The moment I turn on automap snat or set up a snatpool in the 88.x.x.x network traffic flows fine, but everything is natted from the IP of the load balancer. I would like to preserve my source IP, but I would also like to not run n-Path/DSR style routing where I place a Loopback on the webservers with the VIP IP on them.

 

 

Any suggestion?

 

 

I am running 9.2.5, the vlan for the vips and the vlan for the server network is seperate and running untagged into access ports on my switches via individual interfaces on the LB (1.1vip and 1.2servers)

11 Replies