Forum Discussion

iremhinmhen_bri's avatar
iremhinmhen_bri
Icon for Nimbostratus rankNimbostratus
Apr 30, 2016
Solved

1.Please a quick one. I want to configure BIG-IP 2000s devices in active/standby HA mode, how do I do it without making the floating IP the default g

  1. Please who have answer to this: I want to configure BIG-IP 2000s devices in active/standby HA mode, how do I do it without making the floating IP the default gateway in each back-end server. it is urgent.
application delivery
BIG-IP
LTM
  • Hannes_Rapp_162's avatar
    Hannes_Rapp_162
    Apr 30, 2016

    1. You can have two or more default kernel routes in each server, one per interface. For that, you will have to create a new Eth interface (or sub-interface) and create a dedicated default route for that new interface where F5 is the default gateway. All of this is easy to automate with Python Fabric, Ansible or w/e you prefer. Arguably the best solution there is for your scenario.

       

    2. As an easier solution, you can use SNAT (automap/pool) in BigIP which applies address translation to customer source IP address. This will make sure the response packets from end-servers are routed to BigIP, not to their default gateway. Absolutely disgusting solution since you will not see who the real clients are in end-servers. You can make it a bit less disgusting with X-Forwarded-For HTTP header, but that doesn't justify taking the easy way out.

       

    Hope this helps :)

     

4 Replies

Sort By
  • Hannes_Rapp_162's avatar
    Hannes_Rapp_162
    Icon for Nacreous rankNacreous
    Apr 30, 2016

    1. You can have two or more default kernel routes in each server, one per interface. For that, you will have to create a new Eth interface (or sub-interface) and create a dedicated default route for that new interface where F5 is the default gateway. All of this is easy to automate with Python Fabric, Ansible or w/e you prefer. Arguably the best solution there is for your scenario.

       

    2. As an easier solution, you can use SNAT (automap/pool) in BigIP which applies address translation to customer source IP address. This will make sure the response packets from end-servers are routed to BigIP, not to their default gateway. Absolutely disgusting solution since you will not see who the real clients are in end-servers. You can make it a bit less disgusting with X-Forwarded-For HTTP header, but that doesn't justify taking the easy way out.

       

    Hope this helps :)

     

    • iremhinmhen_bri's avatar
      iremhinmhen_bri
      Icon for Nimbostratus rankNimbostratus
      Apr 30, 2016
      @Hannes Rapp: thanks, i will try option one but for now i have used the checked the automap and left the source address and port translation in the default state.
  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Apr 30, 2016

    1. You can have two or more default kernel routes in each server, one per interface. For that, you will have to create a new Eth interface (or sub-interface) and create a dedicated default route for that new interface where F5 is the default gateway. All of this is easy to automate with Python Fabric, Ansible or w/e you prefer. Arguably the best solution there is for your scenario.

       

    2. As an easier solution, you can use SNAT (automap/pool) in BigIP which applies address translation to customer source IP address. This will make sure the response packets from end-servers are routed to BigIP, not to their default gateway. Absolutely disgusting solution since you will not see who the real clients are in end-servers. You can make it a bit less disgusting with X-Forwarded-For HTTP header, but that doesn't justify taking the easy way out.

       

    Hope this helps :)

     

    • iremhinmhen_bri's avatar
      iremhinmhen_bri
      Icon for Nimbostratus rankNimbostratus
      Apr 30, 2016
      @Hannes Rapp: thanks, i will try option one but for now i have used the checked the automap and left the source address and port translation in the default state.