Forum Discussion

Michael_125305's avatar
Michael_125305
Icon for Nimbostratus rankNimbostratus
Dec 02, 2013

How to pass other types of server traffic, non load balanced, with LTM

I'm trying to duplicate a setup I have on another LTM instance, where I need to pass server/node traffic (AD, DNS etc) back out the LTM to remote systems.

 

I have a virtual server enabled on the outside interface that matches traffic destined for the member server/node. Forwarding(IP) source any dest the node subnet, all ports all protocols.

 

I have a virtual server enabled on the node subnet, matching any to any, all ports, all protocols, forwarding (IP).

 

There is a default route pointing upstream, which the F5 can ping. The ARP entries appear in the CLI, I can ping the nodes.

 

I have the same setup on a separate LTM VE, but on this one it does not work.

 

Is there a magical hidden button or command line voodoo I need to do to get LTM to pass the traffic/act as a router?

 

Thanks.

 

application delivery
deployment
design
LTM
routing
virtual server

3 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Dec 02, 2013

    I have a virtual server enabled on the node subnet, matching any to any, all ports, all protocols, forwarding (IP).

     

    virtual server subnet is 0.0.0.0, isn't it?

     

    translate address and service under virtual server setting are disabled, aren't they?

     

    have you tried snat automap under virtual server setting?

     

  • Michael_125305's avatar
    Michael_125305
    Icon for Nimbostratus rankNimbostratus
    Dec 02, 2013

    The outbound subnet/path for general server traffic is a different vlan to where the normal client facing virtual servers operate. SNAT makes no difference. I'm trying to duplicate an existing VE, and an existing physical HA pair, into a HA pair of VE, both of which have this working.

     

    I'm seeing no packet counts on either vlan, all counters are zero. HA which uses a diff vlan, but the same interface (tagged interface) is fine. I see L2, I see the mac-addresses across the switching network, I see arp entries (although the server can only ping the self IP(s), not the floating IP???, but on the other HA physcical 4200v pair I can? Clue?), so I have basic network going I thnk.

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Dec 02, 2013

    although the server can only ping the self IP(s), not the floating IP???, but on the other HA physcical 4200v pair I can? Clue?

    this is my floating selfip setting. is yours similar?

    root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list net self 200.200.200.14/24
net self 200.200.200.14/24 {
    address 200.200.200.14/24
    allow-service {
        default
    }
    floating enabled
    traffic-group traffic-group-1
    unit 1
    vlan internal
}