Manual Chapter : Configuring Multiple IP Addresses and Service Ports for a Virtual Server

Applies To:

Show Versions Show Versions
Manual Chapter

Configuring Multiple IP Addresses and Service Ports for a Virtual Server

Overview: Configuring a virtual server for multi-source or multi-destination traffic

When you configure the BIG-IP system, you typically create a separate virtual server for each unique source or destination IP address/port combination specified within the header of ingress packets. You also assign a unique set of profiles and policies that you want the virtual server to apply to the matching traffic.

In some cases, however, disparate traffic flows destined for various IP addresses and ports all need the same set of profiles and policies applied to them. Rather than creating many separate virtual servers to accomplish this, you can create a single virtual server that specifies multiple source or destination IP address/port combinations, while applying the same set of profiles and policies to all of the traffic.

Configuration summary

This illustration shows the sequence of tasks for configuring the BIG-IP system so that a virtual server can listen for traffic flows destined for various IP addresses and service ports instead of for just a single IP address and port.

This illustration shows the configuration process.

Note: In addition to using IP address and service port lists to define multiple destination addresses on a virtual server, you can also use address and port lists to define multiple source addresses and ports.

Create an IP address list for a virtual server

Before you create an IP address list, see the list of constraints included in this document.

You can specify a list of IP addresses as the destination or source IP address in a virtual server. An address list can contain single, non-contiguous IP addresses, a range of contiguous IP addresses, or both.

To specify an address list in a virtual server, you must first create the list using the Shared Objects area of the BIG-IP Configuration utility. A virtual server can then listen for all traffic from, or destined for, any of the addresses in the list and apply the same set of profiles and policies to that traffic.

  1. On the Main tab, click Shared Objects > Address List .
  2. Click Create.
  3. Type a Name for the address list.
  4. In the Addresses field, type an IP address and click Add.
    The address appears in the box above the Addresses field.
  5. Repeat the previous step for each address or address range that you want to add to the list.
  6. Click Update.
After you complete this task, you have a list of IP addresses on the BIG-IP system that a virtual server can use when listening for traffic.

Create a service port list for a virtual server

Before you create a service port list, see the list of constraints included in this document.

If you want to specify multiple service ports as the source or destination port on a virtual server, you must first create a port list, using the Shared Objects area of the BIG-IP Configuration utility. A port list contains a list of ports that a virtual server can listen for and then apply a set of profiles and policies to.

  1. On the Main tab, click Shared Objects > Port List .
  2. Click Create.
  3. Type a Name for the port list.
  4. In the Ports field, type a service port and click Add.
    The port appears in the box above the Service Port field.
  5. Repeat the previous step for each service port that you want to add to the list.
  6. Click Update.
After you complete this task, you have a list of service ports on the BIG-IP system that a virtual server can use when listening for traffic.

Create a virtual server that specifies multiple IP addresses and ports

You can create a virtual server that specifies a list of IP addresses and a list of service ports. Specifying a list of addresses and ports is helpful when you have ingress traffic from, or destined for, disparate IP addresses, and all of the traffic requires the same set of traffic profiles and policies to be applied to it. Depending on your use case, specifying lists of addresses and ports in a single virtual server can reduce the number of virtual servers that you need to create for a network configuration.

  1. On the Main tab, click Local Traffic > Virtual Servers > Virtual Server List .
  2. Click Create.
    The New Virtual Server screen opens.
  3. Type a Name for the virtual server.
    An example of a name is http_vs.
  4. For the Destination Address/Mask setting, click Address List.
    The address list you created earlier as a shared object appears in the box.
  5. For the Service Port setting, click Port List.
    The port list you created earlier as a shared object appears in the box.
  6. Configure all other virtual server settings as needed.
  7. Click Finished.
After you complete this task, the virtual server listens for any IP addresses and ports within the range of addresses and ports specified, and applies the configured profiles and policies.

Constraints for using IP address and port lists

When you use IP address lists and port lists to configure the source or destination address in a virtual server, make sure you keep these constraints in mind to ensure successful configuration:

  • You cannot remove an address list from the BIG-IP system if the list contains a virtual address in use by another virtual server.
  • No two virtual servers can contain the same IP address in their respective address lists.
  • The address ranges specified on a virtual server cannot overlap. For example, two or more ranges specified on a virtual server cannot contain the IP address 10.20.10.5.
  • All addresses in an address list must be of the same type (either IPv4 or IPv6).
  • In a range of addresses or ports, the beginning value of the range must be lower than the ending value. For example, you cannot specify a range of 10.10.20.30 - 10.10.20.10.
  • All addresses in an address list must belong to the same route domain.
  • Another virtual server cannot specify an overlapping end point as defined by: the same source or destination address and mask, the same service port, the same route domain ID, and enabled on the same VLAN.