Applies To:Show Versions
Configuring a One-IP Network Topology
Overview: Configuring a one-IP network topology
- Because there is only one physical network, this configuration does not require more than one interface on the BIG-IP system.
- Clients need to be assigned SNATs to allow them to make connections to servers on the network in a load balancing pool.
Illustration of a one-IP network topology for the BIG-IP system
Creating a pool for processing HTTP connections with SNATs enabled
- On the Main tab, click.The Pool List screen opens.
- ClickCreate.The New Pool screen opens.
- In theNamefield, type a unique name for the pool.
- For theHealth Monitorssetting, from theAvailablelist, select thehttpmonitor and move the monitor to theActivelist.
- For theAllow SNATsetting, verify that the value isYes.
- In the Resources area of the screen, use the default values for theLoad Balancing MethodandPriority Group Activationsettings.
- Using theNew Memberssetting, add each resource that you want to include in the pool:
- Type an IP address in theAddressfield.
- Type80in theService Portfield, or selectHTTPfrom the list.
- (Optional) Type a priority number in thePriorityfield.
Creating a virtual server for HTTP traffic
- On the Main tab, click.The Virtual Server List screen opens.
- ClickCreate.The New Virtual Server screen opens.
- In theNamefield, type a unique name for the virtual server.
- For theDestination Address/Masksetting, confirm that theHostbutton is selected, and type the IP address in CIDR format.The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is10.0.0.1or10.0.0.0/24, and an IPv6 address/prefix isffe1::0020/64or2001:ed8:77b5:2:10:10:100:42/64. When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a/32prefix.The IP address you type must be available and not in the loopback network.
- In theService Portfield, type80, or selectHTTPfrom the list.
- From theHTTP Profilelist, selecthttp.
- In the Resources area of the screen, from theDefault Poollist, select the relevant pool name.
Defining a default route
- On the Main tab, click.
- ClickAdd.The New Route screen opens.
- In theNamefield, typeDefault Gateway Route.
- In theDestinationfield, type the IP address0.0.0.0.An IP address of0.0.0.0in this field indicates that the destination is a default route.
- From theResourcelist, selectUse VLAN/Tunnel.A VLAN represents the VLAN through which the packets flow to reach the specified destination.
- Selectexternalfrom theVLAN/Tunnellist.
- On the Main tab, click.TheSNAT Listscreen displays a list of existing SNATs.
- Name the new SNAT.
- In theTranslationfield, type the IP address that you want to use as a translation IP address.
- From theOriginlist, selectAddress List.
- For each client to which you want to assign a translation address, do the following:
- In theAddressfield., type a client IP address.
- From theVLAN/Tunnel Trafficlist, selectEnabled on.
- For theVLAN Listsetting, in theAvailablefield, selectexternal, and using theMovebutton, move the VLAN name to theSelectedfield.
- Click theFinishedbutton.
optional ephemeral port exhaustion
- Log on to the command line of the system using therootaccount.
- Typetmshto access the Traffic Management Shell.
- Type the following command to enable ephemeral port-exhaustion threshold warning functionality. The default value isenabled.modify ltm global-settings traffic-control port-find-threshold-warning [enabled_or_disabled]
- Type the following command to specify the number of random attempts to find an unused outbound port for a connection. Values can range from1through12. The default value is8.modify ltm global-settings traffic-control port-find-threshold-trigger [threshold_level]
- Type the following command to specify the timeout period, in seconds, from one threshold trigger until a subsequent threshold trigger, which if exceeded, resets and causes the threshold warning to expire. Values can range from0through300seconds. The default value is30.modify ltm global-settings traffic-control port-find-threshold-timeout [timeout_period]