Can you point me One-ARM mode deployment with iAPP guide or link

there isn't a recent one i think. you can google and find some older ones and info from blogs.

but in principle it is really simple, just configure one vlan and remember to enable SNAT AutoMap on your virtual servers. that is it.

Hi Prakash,

the concept of one-armed mode is quite easy to understand if you have a picture...visio or sth. like this. I'll try it in text though. Let's say you have clients in subnet 1.1.1.0, the BigIP (one-armed) in subnet 2.2.2.0 and your servers in subnet 3.3.3.0. So, what happens if a clients wants to use an application on the server.

• the client send a packet to the BigIP virtual server
• the BigIP uses SNAT, to change the source IP from 1.1.1.x to 2.2.2.x
• the BigIP send the packet to a server, using the configured loadbalancing method
• the server handles the request and sends the answer to 2.2.2.x, because that was the source of the request
• the BigIP has a look in its NAT-table to check, what the real (1.1.1.x) IP behind the NAT-IP (2.2.2.x) is
• the BigIP send the packt to the real client-address

The server has to have a route to the BigIP, e.g. using its default gateway.

So thats a rough overview. I hope that was what you expected.

Kind Regards,

Thorsten

All you need to know about one armed deployments is the server and client are on the same network which is the only network attached to the BIG-IP. For the traffic flow to work you need to implement SNAT so return traffic goes back through the BIG-IP and not directly to the client.

It is that simple. iApp for a one arm deployment is as simple as using the f5.http iApp template and specifying a Virtual server and pool members in the same network. Make sure you say the servers do not have a route back to the BIG-IP and it will implement SNAT for you.