Applies To:Show Versions
- 15.1.0, 15.0.1, 15.0.0, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0
Overview: Configuring the BIG-IP system as a
Layer 2 device with wildcard VLANs
- An interface accepts packets in promiscuous mode, which means there is no packet modification.
- The system bridges both tagged and untagged data.
- Source MAC address learning is disabled.
- Forwarding decisions are based on the ingress interface.
- Neither VLANs nor MAC addresses change.
About memory consumption
- Configure one or more matching virtual servers to handle all traffic.
- If you are unaware of all traffic patterns, configure a wildcard virtual server instead, of type Forwarding (IP) or Performance (Layer 4). This enables the device to perform a connection close operation much more quickly and therefore mitigate high memory consumption.
- Configure a lower threshold for the BigDB variabletm.l2forwardidletimeout.
objects for Layer 2 transparency
- Create trunks for accepting all VLAN traffic, with Link Aggregation Protocol (LACP) enabled.
- Set the trunk members (interfaces) to virtual wire mode.
- Create two VLANs with tag 4096 that allow all Layer 2 ingress traffic.
- Create a VLAN group to logically connect the VLANs.
- On the Main tab, click.This object appears on certain BIG-IP platforms only.The Virtual Wire screen opens.
- In theNamefield, type a name for the virtual wire object.
- On the right side of the screen, click the double-arrow symbol to expand the Shared Objects panel.
- Click within the Trunks heading area.This displays a list of existing trunks, and displays the+symbol for creating a trunk.
- Click the+symbol.
- In theNamefield, type a name for the trunk, such astrunk_externalortrunk_internal.
- In theInterfaceslist, select the check boxes for the interfaces that you want to include in the trunk.
- From theLACPlist, selectEnabled.This enables the Link Aggregation Control Protocol (LACP) to monitor link availability within the trunk.
- ClickCommit.If you do not see theCommitbutton, try using a different browser.This creates the trunk that you can specify as an interface when you complete the creation of the virtual wire object.
- Repeat steps 6 through 10 to create a second trunk.
- In the Member 1 column, from theInterfaces/Trunkslist, select a trunk name, such astrunk_external.
- In the Member 2 column, from theInterfaces/Trunkslist, select another trunk name, such astrunk_internal.
- In the VLAN Traffic Management Configuration column, for theDefine VLANslist, use the default value ofNo.
- ClickDone Editing.
- ClickCommit Changes to System.
Naming conventions for virtual wire-related
Same name as the virtual wire object
Create a listener
for bi-directional traffic
- Log in to the BIG-IP Configuration utility using the system's management IP address.
- On the Main tab, click.If your BIG-IP system user account restricts you to using TMSH (TMOS Shell) only, skip this step.
- In theNamefield, type a name, such asmy_virtual_wire_vs.
- From theTypelist, selectForwarding (Layer 2).
- In theDestination Addressfield, type the IP address in CIDR format. The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is10.0.0.1or10.0.0.0/24, and an IPv6 address/prefix isffe1::0020/64or2001:ed8:77b5:2:10:10:100:42/64. When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a /32 prefix.
- In theService Portfield, type a port number or select a service name from theService Portlist.
- From theVLAN and Tunnel Trafficlist, select the name of the virtual wire you previously created.
- Two trunks that represent Member 1 and Member 2 interfaces of the virtual wire. Each interface of a trunk has its forwarding mode set toVirtual Wire.
- A tagged VLAN for the Member 1 trunk with a tag of 4096, assigning the Member 1 trunk to the VLAN.
- A tagged VLAN for the Member 2 trunk with a tag of 4096, assigning the Member 2 trunk to the VLAN.
- A VLAN group with the transparency mode set toVirtual Wire, where the VLAN group name matches the name of the virtual wire object.
- A virtual server that listens for both client-side and server-side traffic. The virtual server forwards the client-side traffic to the Member 2 trunk and forwards the server-side traffic to the Member 1 trunk.