Forum Discussion

Darren_104406's avatar
Darren_104406
Icon for Nimbostratus rankNimbostratus
Aug 08, 2014

multiple defualt routes based on virtual server IP

I have multiple subnets for virtual servers. I would like to make sure inbound (client) traffic destined to one is returned via the same in bound interface upstream. Due to a Cisco Nexus bug I cannot use Auto Last Hop. There is a bridged firewall between the router and F5 and this will not allow inbound traffic in one bridge group to exit via another bridge group (negating my single default route). Can I configure the F5 to chose a route based on the source IP address?

        I
        /\
       /  \ 
      /    \

10.109.237.x want traffic to this Virtual server

to route back out 10.109.237.1 without Auto Last Hop | LTM |

| |

10.200.16.11 10.200.16.12

Conversley I /\ / \ / \

10.109.238.x want traffic to this Virtual server

to route back out 10.109.238.1 without Auto Last Hop | LTM |

| |

10.200.18.11 10.200.18.12
application delivery
design
LTM

3 Replies

Sort By
  • ReganAnderson's avatar
    ReganAnderson
    Icon for Employee rankEmployee
    Aug 08, 2014

    Hi Darren, based on the information you have provided, it sounds like Route Domains may be what you're looking for:

     

    http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-ip-routing-administration-11-4-1/2.html

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Aug 10, 2014

    is stateful virtual server required?

     

    if not, can we create one virtual server for inbound and another one for outbound (return) traffic? in the inbound virtual server, we record which gateway traffic is coming in (e.g. using table irule). and then in the outbound virtual server, we send traffic back to the gateway.

     

  • Darren_104406's avatar
    Darren_104406
    Icon for Nimbostratus rankNimbostratus
    Aug 11, 2014

    Thank you both. I have been looking at route domains but have had some issues setting them up. I was actually thinking of an iRule to evaluate the inbound traffic and have the return sent out the same gateway. None of this is an issue if Cisco fixes their Nexus 6k bug so whatever I put in will hopefully be temporary