Forum Discussion

Jason_Keating's avatar
Jason_Keating
Icon for Altostratus rankAltostratus
Dec 17, 2007

Virtual IP's and Floating IP's

Hi,

 

 

Apologies in advance, this is not an advanced question, however I'm not sure what other forum to use for general LTM type questions.

 

 

My question is this:

 

In a typical 2 arm external/internal web farm scenario are there any benefits to be gained from making my virtual server ip's (external VLAN) floating ip's other than the ability to use SNAT Pools?

 

 

I do not need SNAT Pools particularly so my intention is to not use floating ip's in the external VLAN but I would like to be sure I am not missing some obvious advantages.

 

 

BTW I have had a good hunt around for an answer to this prior to posting a message, to no avail, perhaps there is something buried in askf5 but I was unable to find a best practice that commented on this from an external perspective, only an internal one....which I understand.

 

 

Thanks in advance.

 

 

J
config
design

2 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Dec 18, 2007
    Hello,

     

     

    While it might be technically possible to configure a virtual server using the same IP address as a self IP, it's not advised. The self IP's should be used only for sourcing load balanced traffic or receiving admin traffic.

     

     

    Typically, you would configure a floating self IP on a VLAN if you want to always have client traffic which is sent out that VLAN sent from the same IP address, regardless of which unit is active. If hosts behind the BIG-IP communicate through the BIG-IP to the external VLAN using a SNAT object, you could configure a floating self IP on that VLAN to ensure that SNAT'd traffic always has the same source IP regardless of which unit is active.

     

     

    In earlier versions (9.0.x), I remember seeeing cases where TMM would use the floating self IP from the internal VLAN as a source address if a floating self IP wasn't defined on the external VLAN. I think that was considered a bug and fixed though.

     

     

    Aaron
  • Jason_Keating's avatar
    Jason_Keating
    Icon for Altostratus rankAltostratus
    Dec 21, 2007
    Hi Aaron,

     

     

    Thanks for the response, that helps me understand. I wonder though if you or someone else could also explain some behavior I am observing in some testing I have underway.

     

     

    As stated in my first message I am configuring a simple external/internal VLAN web farm scenario using an active/standby pair with a floating IP on my Internal VLAN

     

     

    Virtual Server: 202.1.2.3 on VLAN External

     

    Node: 192.168.1.2 on VLAN Internal

     

    Floating IP: 192.168.100 on VLAN Internal

     

    SNAT: Origin 'All Addresses' -> 202.1.2.3 on VLAN External

     

     

    Its working well, I can load balance traffic to multiple nodes using the config above (although in the example I only indicate one node), however what confuses me is the result of a snoop below on the Node: (192.168.1.2) ... see below:

     

     

    202.1.2.3 -> 192.168.1.2 TCP D=10000 S=38742 Ack=858808687 Seq=82764286 Len=0 Win=4380

     

    202.1.2.3 -> 192.168.1.2 TCP D=10000 S=38742 Push Ack=858808687 Seq=82764286 Len=563 Win=4380

     

    192.168.1.2 -> 202.1.2.3 TCP D=38742 S=10000 Ack=82764849 Seq=858808687 Len=0 Win=49077

     

    192.168.1.2 -> 202.1.2.3 TCP D=38742 S=10000 Push Ack=82764849 Seq=858808687 Len=231 Win=49077

     

    192.168.1.2 -> 202.1.2.3 TCP D=38742 S=10000 Fin Ack=82764849 Seq=858808918 Len=0 Win=49077

     

     

    I thought I would not see the address of my Virtual Server, I thought the address would be SNAT'ed to the Floating IP.

     

     

    If this config were to fail, how would my node direct traffic to the floating IP?

     

     

    Any advice appreciated.

     

     

    J