Manual Chapter : BIG-IP Administrator guide v3.3: One IP Network Topologies

Applies To:

Show Versions Show Versions

BIG-IP versions 1.x - 4.x

  • 3.3.1 PTF-06, 3.3.1 PTF-05, 3.3.1 PTF-04, 3.3.1 PTF-03, 3.3.1 PTF-02, 3.3.1 PTF-01, 3.3.1, 3.3.0
Manual Chapter


7

One IP Network Topologies



One IP network topology with one interface

Another configuration option you can use with the BIG-IP Controller is a single interface configuration when there is only one network in the topology. This configuration uses client SNAT which prevents servers from knowing the client IP address.

Figure 7.1 An example of a single interface topology

Configuring the interface in the single interface topology

A single IP network topology with a single interface requires special interface configuration. You need to configure the single interface on the redundant BIG-IP Controller system (1a and 1b, in Figure 7.1) to process source and destination addresses. In a basic controller configuration, one interface is configured as an internal interface (source processing), and the other interface is configured as an external interface (destination processing).

Use the following commands to turn source and destination processing on for the interface; in this example, the interface name is exp0:

bigpipe interface exp0 source enable

bigpipe interface exp0 dest enable

Defining a pool for the servers

First, define the pool server_pool for the nodes that handle the requests to virtual server 192.168.13.1:80:

bigpipe pool server_pool { lb_mode rr member <server1>:80 member
<server2>:80 }

Replace <server1> and <server2> with IP address of the respective server. Also note that this example uses the global round robin load balancing method.

Virtual server configuration

Next, configure controllers 1a and 1b to load balance connections to the servers. Create a virtual server that sends traffic to the pool you created for the servers (server_pool). Use the following commands to create a virtual server for connecting to the servers:

bipipe vip 192.168.13.1:80 use pool server_pool

Client SNAT configuration

Finally, configure controllers 1a and 1b to handle connections originating from the client. A SNAT must be defined in order to change the source address on the packet to the SNAT external address, which is located on the BIG-IP Controller. If a SNAT were not defined, the server would return the packets directly to the client without giving the BIG-IP Controller the opportunity to translate the source address from the server address back to the virtual server. The client would not recognize the packet if the source address of the returning packet is the IP address of the real server because the client sent its packets to the IP address of the virtual server.

bipipe snat map client1 to 192.168.13.99

Replace client1 with the actual name of the client in your configuration.

One IP network topology with two interfaces

The one IP network with two interfaces configuration is similar to the one IP network with one interface configuration, except that it uses two interfaces to optimize throughput.

Figure 7.2 An example of a single IP network with two interfaces topology

Configuring the interfaces in the single IP network with two interfaces topology

A single IP network with two interfaces topology requires special interface configuration. You must configure both interfaces on the redundant BIG-IP Controller system (1a and 1b, in Figure 7.2) to process source and destination addresses. Note that in a basic controller configuration, one interface is configured as an internal interface (source processing), and the other interface is configured as an external interface (destination processing).

In order for this configuration to work, you must turn destination processing on for the internal interface, and source processing on for the external interface. Use the following command to turn destination processing on for the internal interface, in this example, the interface name is exp1:

bigpipe interface exp1 dest enable

Use the following command to turn source processing on for the external interface, in this example, the interface name is exp0:

bigpipe interface exp0 source enable

Routing issues

By setting up the IP addresses and interfaces properly, you can configure the BIG-IP Controller to receive all traffic through one interface and to send all traffic out the other interface. The key to optimizing the throughput in this configuration is routing.

In this example, the administrative IP addresses for the BIG-IP Controller are placed on exp1. This is setup when you first configure the BIG-IP Controller, or it can be changed anytime by editing the /etc/netstart file. Once the administrative address is configured, the BIG-IP Controller sets up a route to the IP network going through exp1. The exp0 interface should not be configured with an IP address on the same IP network, because that creates a routing conflict and the BIG-IP Controller would not know which interface the IP network is accessible through. Once the route is set up properly, all traffic sent from the BIG-IP Controller to that IP network goes through exp1.

In order to receive traffic through exp0, the virtual server and SNAT external address in this example are explicilty declared to reside on exp0. This causes the BIG-IP Controller to respond to ARP requests for those addresses from the exp0 interface. Virtual servers and SNAT addresses will not create a routing conflict for the IP network they are declared with. Only administrative or shared IP addresses create routes to the corresponding IP network through the interface that they are configured on. In other words, in this example, the BIG-IP Controller determines that the 192.168.13 network is on interface exp1 and it sends all traffic to those addresses through that interface.

Defining a pool for the servers

First, define the pool server_pool for the nodes that handle the requests to virtual server 192.168.13.1:80:

bigpipe pool server_pool { lb_mode rr member <server1>:80 member
<server2>:80 }

Replace <server1> and <server2> with IP address of the respective server. Also note that this example uses the global round robin load balancing method.

Virtual server configuration

Next, configure controllers 1a and 1b to load balance connections to the servers. Create a virtual server that sends traffic to the pool you created for the servers (server_pool). Use the following commands to create a virtual server for connecting to the servers:

bipipe vip 192.168.13.1:80 exp0 use pool server_pool

Client SNAT configuration

Finally, configure controllers 1a and 1b to handle connections originating from the client. A SNAT must be defined in order to change the source address on the packet to the SNAT external address, which is located on the BIG-IP Controller. If a SNAT is not defined, the server returns the packets directly to the client without giving the BIG-IP Controller the opportunity to translate the source address from the server address back to the virtual server. The client would not recognize the packet if the source address of the returning packet is the IP address of the real server because the client sent its packets to the IP address of the virtual server.

bipipe snat map client1 to 192.168.13.99 exp0

Replace client1with the actual name of the client in your configuration.