Forum Discussion

Luca_55898's avatar
Luca_55898
Icon for Nimbostratus rankNimbostratus
Sep 30, 2011

Pool members on same subnet as VIP

Are there any issues with putting the pool members on the same subnet as the VIP?

 

 

The pool members will be ISA serves with two NICs. Traffic will enter one NIC, which will be the NIC on the same subnet as the VS, then exit another NIC on a different subnet.

 

 

 

Is there anything different (other than the standard VS config) that will need to be done on the F5 to make this work?

 

 

 

thanks

 

4 Replies

  • Hi Luca,

    The only issue I see is if the clients are on the same subnet as the pool members. In that case, to ensure symmetric routing, you need to use source address translation (SNAT) so the server will reply back to the client via LTM.

    I assume the connection flow would be something like this:

    
       client 
          |
    -----------------------
      |           |
     LTM       ISA
                  |
    -----------------------
               |
              servers
    

    If so, you shouldn't need to do anything special for the LTM virtual server config. If the ISA server's default gateway isn't the LTM self IP, you'd need to enable SNAT on the virtual server.

    Aaron
  • The clients will be on an internal network. The ISA servers will be in our DMZ - so the servers and clients will be on different subnets.
  • i agree with Aaron. enabling snat on virtual server could be enough.
  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    If the clients are on a different subnet, just ensure that the return path from server to client is via the same F5 interface as the one that forwards the traffic TO the server (Poolmember).

     

     

    No SNAT required.

     

     

    H