Manual Chapter : Configuring a One-IP Network Topology

Applies To:

Show Versions Show Versions

BIG-IP DNS

  • 14.1.0, 14.0.1, 14.0.0

BIG-IP AFM

  • 14.1.0, 14.0.1, 14.0.0

BIG-IP Analytics

  • 14.1.0, 14.0.1, 14.0.0

BIG-IP PEM

  • 14.1.0, 14.0.1, 14.0.0

BIG-IP ASM

  • 14.1.0, 14.0.1, 14.0.0

BIG-IP AAM

  • 14.1.0, 14.0.1, 14.0.0

BIG-IP APM

  • 14.1.0, 14.0.1, 14.0.0

BIG-IP LTM

  • 14.1.0, 14.0.1, 14.0.0
Manual Chapter

Configuring a One-IP Network Topology

Overview: Configuring a one-IP network topology

One configuration option you can use with the BIG-IP system is a one-IP network topology. This differs from the typical two-network configuration in two ways:
  • Because there is only one physical network, this configuration does not require more than one interface on the BIG-IP system.
  • Clients need to be assigned SNATs to allow them to make connections to servers on the network in a load balancing pool.
Part of this configuration requires you to configure the BIG-IP system to handle connections originating from the client. You must define a SNAT in order to change the source address on the packet to the SNAT external address, which is located on the BIG-IP system. Otherwise, if the source address of the returning packet is the IP address of the content server, the client does not recognize the packet because the client sent its packets to the IP address of the virtual server, not the content server.
If you do not define a SNAT, the server returns the packets directly to the client without giving the BIG-IP system the opportunity to translate the source address from the server address back to the virtual server. If this happens, the client might reject the packet as unrecognizable.
The single interface configuration is shown in the following illustration.

Illustration of a one-IP network topology for the BIG-IP system

one-IP network topology for the BIG-IP system

Creating a pool for processing HTTP connections with SNATs enabled

Verify that all content servers for the pool are in the network of VLAN
external
.
For a basic configuration, you need to create a pool to manage HTTP connections. This pool enables SNATs for any connections destined for a member of the pool.
  1. On the Main tab, click
    Local Traffic
    Pools
    .
    The Pool List screen opens.
  2. Click
    Create
    .
    The New Pool screen opens.
  3. In the
    Name
    field, type a unique name for the pool.
  4. For the
    Health Monitors
    setting, from the
    Available
    list, select the
    http
    monitor and move the monitor to the
    Active
    list.
  5. For the
    Allow SNAT
    setting, verify that the value is
    Yes
    .
  6. In the Resources area of the screen, use the default values for the
    Load Balancing Method
    and
    Priority Group Activation
    settings.
  7. Using the
    New Members
    setting, add each resource that you want to include in the pool:
    1. Type an IP address in the
      Address
      field.
    2. Type
      80
      in the
      Service Port
      field, or select
      HTTP
      from the list.
    3. (Optional) Type a priority number in the
      Priority
      field.
    4. Click
      Add
      .
  8. Click
    Finished
    .
The new pool appears in the Pools list.

Creating a virtual server for HTTP traffic

This task creates a destination IP address for application traffic. As part of this task, you must assign the relevant pool to the virtual server.
  1. On the Main tab, click
    Local Traffic
    Virtual Servers
    .
    The Virtual Server List screen opens.
  2. Click the
    Create
    button.
    The New Virtual Server screen opens.
  3. In the
    Name
    field, type a unique name for the virtual server.
  4. In the
    Destination Address/Mask
    field, type the IP address in CIDR format.
    The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is
    10.0.0.1
    or
    10.0.0.0/24
    , and an IPv6 address/prefix is
    ffe1::0020/64
    or
    2001:ed8:77b5:2:10:10:100:42/64
    . When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a
    /32
    prefix.
    The IP address you type must be available and not in the loopback network.
  5. In the
    Service Port
    field, type
    80
    , or select
    HTTP
    from the list.
  6. From the
    HTTP Profile
    list, select
    http
    .
  7. In the Resources area of the screen, from the
    Default Pool
    list, select the relevant pool name.
  8. Click
    Finished
    .
You now have a virtual server to use as a destination address for application traffic.

Defining a default route

Another task that you must perform to implement one-IP network load balancing is to define a default route for the VLAN external.
  1. On the Main tab, click
    Network
    Routes
    .
  2. Click
    Add
    .
    The New Route screen opens.
  3. In the
    Name
    field, type
    Default Gateway Route
    .
  4. In the
    Destination
    field, type the IP address
    0.0.0.0
    .
    An IP address of
    0.0.0.0
    in this field indicates that the destination is a default route.
  5. From the
    Resource
    list, select
    Use VLAN/Tunnel
    .
    A VLAN represents the VLAN through which the packets flow to reach the specified destination.
  6. Select
    external
    from the
    VLAN/Tunnel
    list.
  7. Click
    Finished
    .
The default route for VLAN
external
is defined.

Configuring a client SNAT

To configure the BIG-IP system to handle connections originating from the client, you can define a SNAT to change the source address on the packet to the SNAT external address located on the BIG-IP system.
  1. On the Main tab, click
    Local Traffic
    Address Translation
    .
    The
    SNAT List
    screen displays a list of existing SNATs.
  2. Click
    Create
    .
  3. Name the new SNAT.
  4. In the
    Translation
    field, type the IP address that you want to use as a translation IP address.
  5. From the
    Origin
    list, select
    Address List
    .
  6. For each client to which you want to assign a translation address, do the following:
    1. In the
      Address
      field., type a client IP address.
    2. Click
      Add
      .
  7. From the
    VLAN/Tunnel Traffic
    list, select
    Enabled on
    .
  8. For the
    VLAN List
    setting, in the
    Available
    field, select
    external
    , and using the
    Move
    button, move the VLAN name to the
    Selected
    field.
  9. Click the
    Finished
    button.
The BIG-IP system is configured to handle connections originating from the client

Configuring optional ephemeral port exhaustion

You must configure a client SNAT before you can configure ephemeral port exhaustion functionality for that SNAT.
You can configure the BIG-IP system to accumulate real-time ephemeral-port statistics, and when usage exceeds a specified threshold level, to log an error and provide a Simple Network Management Protocol (SNMP) alert notification. Thus you can assess an approaching exhaustion of ephemeral ports, and respond accordingly.
  1. Log on to the command line of the system using the
    root
    account.
  2. Type
    tmsh
    to access the Traffic Management Shell.
  3. Type the following command to enable ephemeral port-exhaustion threshold warning functionality. The default value is
    enabled
    .
    modify ltm global-settings traffic-control port-find-threshold-warning [enabled_or_disabled]
  4. Type the following command to specify the number of random attempts to find an unused outbound port for a connection. Values can range from
    1
    through
    12
    . The default value is
    8
    .
    modify ltm global-settings traffic-control port-find-threshold-trigger [threshold_level]
  5. Type the following command to specify the timeout period, in seconds, from one threshold trigger until a subsequent threshold trigger, which if exceeded, resets and causes the threshold warning to expire. Values can range from
    0
    through
    300
    seconds. The default value is
    30
    .
    modify ltm global-settings traffic-control port-find-threshold-timeout [timeout_period]
The BIG-IP system is configured to accumulate real-time ephemeral-port statistics, and to provide a trigger when usage exceeds a specified threshold level.
You need to configure logging functionality, for example, high-speed remote logging, to log any error messages. Additionally, you will want to manage any alert notifications by using SNMP.