Manual Chapter :
Configuring Multiple IP Addresses and Service Ports for a Virtual Server
Applies To:
Show Versions
BIG-IP LTM
- 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
Configuring Multiple IP Addresses and Service Ports for a Virtual Server
Overview: Configuring a virtual server for multi-source or
multi-destination traffic
When you configure the BIG-IP system, you typically create a separate virtual
server for each unique source or destination IP address/port combination specified
within the header of ingress packets. You also assign a unique set of profiles and
policies that you want the virtual server to apply to the matching traffic.
In some cases, however, disparate traffic flows destined for various IP
addresses and ports all need the same set of profiles and policies applied to them. Rather
than creating many separate virtual servers to accomplish this, you can create a single
virtual server that specifies multiple source or destination IP address/port
combinations, while applying the same set of profiles and policies to all of the
traffic.
Configuration summary
This illustration shows the sequence of tasks for configuring the
BIG-IP system so that a virtual server can listen for traffic flows destined for various
IP addresses and service ports instead of for just a single IP address and port.
This illustration shows the configuration process.
In addition to using IP address and service port lists to
define multiple destination addresses on a virtual server, you can also use address and
port lists to define multiple source addresses and ports.
Create an IP address list for a virtual server
Before you create an IP address list, see the list of constraints included in this document.
You can specify a list of IP addresses as the destination or source IP address in a virtual server. An
address list
can contain single, non-contiguous IP addresses, a range of contiguous IP addresses, or both. To specify an address list in a virtual server, you must first create the list using the
Shared Objects
area of the BIG-IP Configuration utility. A virtual server can then listen for all traffic from, or destined for, any of the addresses in the list and apply the same set of profiles and policies to that traffic.- On the Main tab, click .
- ClickCreate.
- Type aNamefor the address list.
- In theAddressesfield, type an IP address and clickAdd.The address appears in the box above theAddressesfield.
- Repeat the previous step for each address or address range that you want to add to the list.
- ClickUpdate.
After you complete this task, you have a list of IP addresses on the BIG-IP system that a virtual server can use when listening for traffic.
Create a service port list for a virtual server
Before you create a service port list, see the list of constraints included in this document.
If you want to specify multiple service ports as the source or destination port on a virtual server, you must first create a port list, using the
Shared Objects
area of the BIG-IP Configuration utility. A port list
contains a list of ports that a virtual server can listen for and then apply a set of profiles and policies to. - On the Main tab, click .
- ClickCreate.
- Type aNamefor the port list.
- In thePortsfield, type a service port and clickAdd.The port appears in the box above theService Portfield.
- Repeat the previous step for each service port that you want to add to the list.
- ClickUpdate.
After you complete this task, you have a list of service ports on the BIG-IP system that a virtual server can use when listening for traffic.
Create a virtual server that specifies multiple IP addresses and
ports
You can create a virtual server that specifies a list of IP addresses and a
list of service ports. Specifying a list of addresses and ports is helpful when you
have ingress traffic from, or destined for, disparate IP addresses, and all of the
traffic requires the same set of traffic profiles and policies to be applied to it.
Depending on your use case, specifying lists of addresses and ports in a single
virtual server can reduce the number of virtual servers that you need to create for
a network configuration.
- On the Main tab, click .
- ClickCreate.The New Virtual Server screen opens.
- Type aNamefor the virtual server.An example of a name ishttp_vs.
- For theDestination Address/Masksetting, clickAddress List.The address list you created earlier as a shared object appears in the box.
- For theService Portsetting, clickPort List.The port list you created earlier as a shared object appears in the box.
- Configure all other virtual server settings as needed.
- ClickFinished.
After you complete this task, the virtual server
listens for any IP addresses and ports within the range of addresses and ports specified,
and applies the configured profiles and policies.
Constraints for using IP address and port lists
When you use IP address lists and port lists to configure the source or
destination address in a virtual server, make sure you keep these constraints in mind to
ensure successful configuration:
- You cannot remove an address list from the BIG-IP system if the list contains a virtual address in use by another virtual server.
- No two virtual servers can contain the same IP address in their respective address lists.
- The address ranges specified on a virtual server cannot overlap. For example, two or more ranges specified on a virtual server cannot contain the IP address10.20.10.5.
- All addresses in an address list must be of the same type (either IPv4 or IPv6).
- In a range of addresses or ports, the beginning value of the range must be lower than the ending value. For example, you cannot specify a range of10.10.20.30-10.10.20.10.
- All addresses in an address list must belong to the same route domain.
- Another virtual server cannot specify an overlapping end point as defined by: the same source or destination address and mask, the same service port, the same route domain ID, and enabled on the same VLAN.
