re: Problem in making F5 self IP as a gateway

After changing the gateway of servers to F5 self IP, the servers were not reachable from client but reachable from F5.it works with external client (one which is not in same subnet as the bigip/server), doesn't it?

 

 

As per client, need to enable proxy arp in F5 to relay mac-addresses of servers to core router. why does the core router need to see the server mac address?

Hi Ferdz, why not use the HTTP profile option of X-Forwarded-For to insert the original SRC IP into it, so the Server admin can view it? That way you can still use SNAT, and preserve the SRC IP.

 

i guess it is not http traffic.

Can you provide the network diagram ... I am sure this is not a very difficult situation you just need to play with routes or VS to make all of this work.

 

 

Regards,

I can't see the diagram. However I'm not convinced proxy-arp is your solution.

 

 

I usually place the BigIP as the actual router for the pool member VLANs where SNAT is not wanted. No other connection into that VLAN from your core routers (i.e. remove the SVI and add a static route to the pool member VLAN via the BigIP 'external' interface. The BigIP 'internal' interface then is the router address for the load-balanced vlan.

 

 

Proxy arp would tend to indicate to me that you're trying to do this in a flat network. So I suspect that perhaps your clients and servers are on the same subnet? In which case the gateway won't be used to talk back to the clients. And traffic just goes back direct. (Without SNAT clients can't be on the same subnet as the servers, UNLESS you can do something at the poolmember/server to force traffic via the BigIP. e.g. policy routing with iptables on Linux).

 

 

H

¿did you correctly configure the forwarding virtual server? I have this implemented in several boxes and works fine.

 

I recommend you reading "sol7595: Overview of IP forwarding virtual servers", very interesting for emulating stateless IP routing.