Forum Discussion

IRONMAN's avatar
IRONMAN
Icon for Cirrostratus rankCirrostratus
Jun 05, 2019
Solved

LTM VIP IP range out of self IP range, but still working

I am facing some challenges, when we upgraded to new setup

We have single vlan test 1 for VIP's. we configured the self IP 10.40.0.16/255.255.252.0 , which has host range 10.40.0.1 - 10.40.3.254,

But i see if i create i VIP with IP 10.40.8.15 and 10.40.9.11 and 10.40.11.6, it is all working fine!

 

I am confused here, any clear idea how this working?

  • Ironman,

    ​Virtual Addresses /VIPs dont have to be in the self-IP address space of the VLAN but you would need to have an explicit route to the VIP address from upstream devices to the bigip

     

    Note, the LTM will not send Gratuitous ARPs for such Virtual IPs after going Active - this may cause traffic issues when failover occurs.

    So, it's recommended to have the VIP in the same address space but not mandatory.

    Hope this helps,

    N​

3 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    Ironman,

    ​Virtual Addresses /VIPs dont have to be in the self-IP address space of the VLAN but you would need to have an explicit route to the VIP address from upstream devices to the bigip

     

    Note, the LTM will not send Gratuitous ARPs for such Virtual IPs after going Active - this may cause traffic issues when failover occurs.

    So, it's recommended to have the VIP in the same address space but not mandatory.

    Hope this helps,

    N​

    • IRONMAN's avatar
      IRONMAN
      Icon for Cirrostratus rankCirrostratus

      Thanks, Any reasons we can use like it, VIP not in self ip space?

      Do we need route from F5 to upstream devices?

       

      If i use VIP not in self ip space, How it start works after standby f5 become active, without GARP?

       

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    It would be a route required from upstream devices to F5. Without GARP then a protocol like HSRP would need to be in place, or a way of the upstream devices know that failure had occurred. Actually MAC Masquerade on the F5 would help too - take a look into this - this is when the MAC address is the same.

     

    Hope this helps,

     

    N