Is static self-IP necessary for WAN connection in a cluster setup ?

Question

Hi all,&nbsp;
I have a new single link ISP connection into my F5 (active, passive) as shown in below diagram.&nbsp;
&nbsp;
The connection between the ISP router and my F5 unit is a /30 network (.211 use by ISP router and .222 to be use by F5).&nbsp;
q1) In this case, can I just create a floating self-ip (.222) so that in the event that node1 go down, the self-ip can still failover / float to node2 ?&nbsp;
q2) what would be the need of a static self-ip for such setup above ?&nbsp;
Hope some gurus here can point me in the right direction.&nbsp;
Thank you.&nbsp;

hannes_rapp_162 · Answer

Why not use one internal subnet for point to point connection from your ISP router to your BigIPs? I.e. Network 192.168.0.0/24 can operate in place of 118.201.75.220/30 and you will not miss out on anything, unless you have a valid reason to maintain full BGP routing table in that BigIP cluster. Basically your ISP is wasting 3 usable public IP addresses to allocate you one useful address. You could potentially cut your ISP costs if you asked for a single routed IP solution instead of current proposal.&nbsp;
If you want to go with what is on the network diagram - you do need a local-only SelfIP on each unit. It's a pre-requisite to configure Floating SelfIP. BUT there's no significance for device operation if you populate these local-only SelfIPs with IP addresses that your ISP will not route in the Internet for you. So you can populate your BigIP 01 local-only SelfIP with 118.201.75.217/29 and BigIP 02 local-only SelfIP with 118.201.75.218/29. Confirm this wish with your ISP.&nbsp;

hannes_rapp · Answer

Why not use one internal subnet for point to point connection from your ISP router to your BigIPs? I.e. Network 192.168.0.0/24 can operate in place of 118.201.75.220/30 and you will not miss out on anything, unless you have a valid reason to maintain full BGP routing table in that BigIP cluster. Basically your ISP is wasting 3 usable public IP addresses to allocate you one useful address. You could potentially cut your ISP costs if you asked for a single routed IP solution instead of current proposal.&nbsp;
If you want to go with what is on the network diagram - you do need a local-only SelfIP on each unit. It's a pre-requisite to configure Floating SelfIP. BUT there's no significance for device operation if you populate these local-only SelfIPs with IP addresses that your ISP will not route in the Internet for you. So you can populate your BigIP 01 local-only SelfIP with 118.201.75.217/29 and BigIP 02 local-only SelfIP with 118.201.75.218/29. Confirm this wish with your ISP.&nbsp;

sjksjkak88_3405 · Answer

Hi Hannes,&nbsp;
Thanks for your reply.&nbsp;
The segment right now between the ISP and F5 is a /30 network namely 118.201.75.221 and 118.201.75.222&nbsp;
I understand I will need to create a static self-ip before creating a floating one.&nbsp;
Can I somehow "trick" F5 by creating a static self-ip .e.g 118.201.75.220/29 but in actual fact this IP/29 was not assigned by the ISP to us. (we are only allocated a /30)&nbsp;
Since the ISP is routing to us using the .222/30 IP as its next hop, and i have configured .222 as a floating IP, communication from and to device will use .222/30 IP which is valid. &nbsp;
Will there be any implication then since the "fake" static self-ip (118.201.75.220/29 in this case) is never actually in use ?&nbsp;
Regards,&nbsp;
Noob&nbsp;

sjksjkak88_3405 · Answer

Hi Hannes,&nbsp;
Thanks for your reply.&nbsp;
The segment right now between the ISP and F5 is a /30 network namely 118.201.75.221 and 118.201.75.222&nbsp;
I understand I will need to create a static self-ip before creating a floating one.&nbsp;
Can I somehow "trick" F5 by creating a static self-ip .e.g 118.201.75.220/29 but in actual fact this IP/29 was not assigned by the ISP to us. (we are only allocated a /30)&nbsp;
Since the ISP is routing to us using the .222/30 IP as its next hop, and i have configured .222 as a floating IP, communication from and to device will use .222/30 IP which is valid. &nbsp;
Will there be any implication then since the "fake" static self-ip (118.201.75.220/29 in this case) is never actually in use ?&nbsp;
Regards,&nbsp;
Noob&nbsp;

hannes_rapp_162 · Answer

Since you didn't confirm the need for full BGP table, my first recommendation is still to scrap that /30 network and build something that is nice to look at.&nbsp;
I'm not entirely sure on the implications of using network address .220/30 or broadcast address .223/30 as host addresses without seeing full interface configuration in that ISP router (or router cluster?). In some cases it is possible to violate network sub-netting standards and get away with it. Nowadays even /31 point to point links are used in production with a bit of trickery. However, there are a strict set of criteria for this to work. Inform your ISP about your addressing plans, and then test this. 10 Minute maintenance or downtime window should suffice here.&nbsp;

Forum Discussion

Is static self-IP necessary for WAN connection in a cluster setup ?

6 Replies

Recent Discussions

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Related Content

Copy over self IPs from several partitions

New Virtual Server Pool, Self IP and routing configuration

Using Public IPs as a self, external and VS IPs

F5 self IP TLS/SSL hand shake fail with tcp port node member

Ps Self Ip Port Lockdown