Manual Chapter :
Configuring a One-IP Network Topology
Applies To:
Show VersionsBIG-IP APM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0
BIG-IP Link Controller
- 17.1.2, 17.1.1, 17.1.0, 17.0.0
BIG-IP Analytics
- 17.1.2, 17.1.1, 17.1.0, 17.0.0
BIG-IP LTM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0
BIG-IP AFM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0
BIG-IP PEM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0
BIG-IP DNS
- 17.1.2, 17.1.1, 17.1.0, 17.0.0
BIG-IP ASM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0
Configuring a One-IP Network Topology
Overview: Configuring a one-IP network topology
One configuration option you can use with the BIG-IP system is a one-IP
network topology. This differs from the typical two-network configuration in two ways:
- Because there is only one physical network, this configuration does not require more than one interface on the BIG-IP system.
- Clients need to be assigned SNATs to allow them to make connections to servers on the network in a load balancing pool.
Part of this configuration requires you to configure the BIG-IP system to handle connections originating from
the client. You must define a SNAT in order to change the source address on
the packet to the SNAT external address, which is located on the BIG-IP
system. Otherwise, if the source address of the returning packet is the IP
address of the content server, the client does not recognize the packet
because the client sent its packets to the IP address of the virtual server, not
the content server.
If you do not define a SNAT, the server returns the packets directly to the
client without giving the BIG-IP system the opportunity to translate the
source address from the server address back to the virtual server. If this
happens, the client might reject the packet as unrecognizable.
The single interface configuration is shown in the following illustration.
Illustration of a one-IP network topology for the BIG-IP system
Creating a pool for processing HTTP connections with SNATs enabled
Verify that all content servers for the pool are in the network of
VLAN
external
. For a basic configuration, you need to create a pool to manage HTTP connections. This pool enables SNATs for any connections destined for a member of the pool.
- On the Main tab, click.The Pool List screen opens.
- ClickCreate.The New Pool screen opens.
- In theNamefield, type a unique name for the pool.
- For theHealth Monitorssetting, from theAvailablelist, select thehttpmonitor and move the monitor to theActivelist.
- For theAllow SNATsetting, verify that the value isYes.
- In the Resources area of the screen, use the default values for theLoad Balancing MethodandPriority Group Activationsettings.
- Using theNew Memberssetting, add each resource that you want to include in the pool:
- Type an IP address in theAddressfield.
- Type80in theService Portfield, or selectHTTPfrom the list.
- (Optional) Type a priority number in thePriorityfield.
- ClickAdd.
- ClickFinished.
The new pool appears in the Pools list.
Creating a virtual server for HTTP traffic
This task creates a destination IP address for application traffic. As part of this task, you must assign the relevant pool to the virtual server.
- On the Main tab, click.The Virtual Server List screen opens.
- ClickCreate.The New Virtual Server screen opens.
- In theNamefield, type a unique name for the virtual server.
- For theDestination Address/Masksetting, confirm that theHostbutton is selected, and type the IP address in CIDR format.The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is10.0.0.1or10.0.0.0/24, and an IPv6 address/prefix isffe1::0020/64or2001:ed8:77b5:2:10:10:100:42/64. When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a/32prefix.The IP address you type must be available and not in the loopback network.
- In theService Portfield, type80, or selectHTTPfrom the list.
- From theHTTP Profilelist, selecthttp.
- In the Resources area of the screen, from theDefault Poollist, select the relevant pool name.
- ClickFinished.
You now have a virtual server to use as a destination address for application traffic.
Defining a default route
Another task that you must perform to implement one-IP network load balancing is
to define a default route for the VLAN external.
- On the Main tab, click.
- ClickAdd.The New Route screen opens.
- In theNamefield, typeDefault Gateway Route.
- In theDestinationfield, type the IP address0.0.0.0.An IP address of0.0.0.0in this field indicates that the destination is a default route.
- From theResourcelist, selectUse VLAN/Tunnel.A VLAN represents the VLAN through which the packets flow to reach the specified destination.
- Selectexternalfrom theVLAN/Tunnellist.
- ClickFinished.
The default route for VLAN
external
is defined.Configuring a
client SNAT
To configure the BIG-IP system to handle
connections originating from the client, you can define a SNAT to change the source
address on the packet to the SNAT external address located on the BIG-IP system.
- On the Main tab, click.TheSNAT Listscreen displays a list of existing SNATs.
- ClickCreate.
- Name the new SNAT.
- In theTranslationfield, type the IP address that you want to use as a translation IP address.
- From theOriginlist, selectAddress List.
- For each client to which you want to assign a translation address, do the following:
- In theAddressfield., type a client IP address.
- ClickAdd.
- From theVLAN/Tunnel Trafficlist, selectEnabled on.
- For theVLAN Listsetting, in theAvailablefield, selectexternal, and using theMovebutton, move the VLAN name to theSelectedfield.
- Click theFinishedbutton.
The BIG-IP system is configured to handle connections originating from the client
Configuring
optional ephemeral port exhaustion
You must configure a client SNAT before you can configure ephemeral port exhaustion
functionality for that SNAT.
You can configure the BIG-IP system to accumulate
real-time ephemeral-port statistics, and when usage exceeds a specified threshold level,
to log an error and provide a Simple Network Management Protocol (SNMP) alert
notification. Thus you can assess an approaching exhaustion of ephemeral ports, and
respond accordingly.
- Log on to the command line of the system using therootaccount.
- Typetmshto access the Traffic Management Shell.
- Type the following command to enable ephemeral port-exhaustion threshold warning functionality. The default value isenabled.modify ltm global-settings traffic-control port-find-threshold-warning [enabled_or_disabled]
- Type the following command to specify the number of random attempts to find an unused outbound port for a connection. Values can range from1through12. The default value is8.modify ltm global-settings traffic-control port-find-threshold-trigger [threshold_level]
- Type the following command to specify the timeout period, in seconds, from one threshold trigger until a subsequent threshold trigger, which if exceeded, resets and causes the threshold warning to expire. Values can range from0through300seconds. The default value is30.modify ltm global-settings traffic-control port-find-threshold-timeout [timeout_period]
The BIG-IP system is configured to accumulate real-time ephemeral-port statistics,
and
to provide a trigger when usage exceeds a specified threshold
level.
You need to configure logging functionality, for
example, high-speed remote logging, to log any error messages. Additionally, you will
want to manage any alert notifications by using SNMP.