F5 ingress and egress traffic using the same interface

Question

I have a setup where the members of the pool are not in an network attached to the F5 (they are reachable through routing). The interface used for reaching the members of the pool and the clients it is the same. I have created a virtual server with snat automap enabled. Is this a valid setup or I have to use different interfaces for ingress and egress?

lee_sutcliffe · Answer

This is perfectly valid, there is nothing technically wrong with having egress and ingress traffic using the same interface. 
There are arguments from a security point of view that you may want to force traffic in a typical North/South deployment but your configuration would certainly work. &nbsp;
Just be aware of bandwidth utilisation as you would be 'hair pinning' connections through an interface. F5 is a TCP proxy so for each connection coming in to the F5, you would have another going out to your pool members.
For example, if you have 1000 connections coming into the F5, (without OneConnect) you'll spawn 1000 additional connections to your pool members. &nbsp;

Forum Discussion

F5 ingress and egress traffic using the same interface

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Distributed caching of authentication requests with NGINX Ingress Controller

ExternalName Service and Authentication Subrequests with NGINX Ingress Controller

NGINX ingress proxy for Consul Service Mesh

Application Programming Interface (API) Authentication types simplified

Simplifying Kubernetes Ingress using F5 Technologies