Manual Chapter : Configuring a One-IP Network Topology

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 13.0.1, 13.0.0

BIG-IP APM

  • 13.0.1, 13.0.0

BIG-IP Link Controller

  • 13.0.1, 13.0.0

BIG-IP Analytics

  • 13.0.1, 13.0.0

BIG-IP LTM

  • 13.0.1, 13.0.0

BIG-IP AFM

  • 13.0.1, 13.0.0

BIG-IP PEM

  • 13.0.1, 13.0.0

BIG-IP DNS

  • 13.0.1, 13.0.0

BIG-IP ASM

  • 13.0.1, 13.0.0
Manual Chapter

Overview: Configuring a one-IP network topology

One configuration option you can use with the BIG-IP® system is a one-IP network topology. This differs from the typical two-network configuration in two ways:

  • Because there is only one physical network, this configuration does not require more than one interface on the BIG-IP system.
  • Clients need to be assigned SNATs to allow them to make connections to servers on the network in a load balancing pool.

Part of this configuration requires you to configure the BIG-IP system to handle connections originating from the client. You must define a SNAT in order to change the source address on the packet to the SNAT external address, which is located on the BIG-IP system. Otherwise, if the source address of the returning packet is the IP address of the content server, the client does not recognize the packet because the client sent its packets to the IP address of the virtual server, not the content server.

If you do not define a SNAT, the server returns the packets directly to the client without giving the BIG-IP system the opportunity to translate the source address from the server address back to the virtual server. If this happens, the client might reject the packet as unrecognizable.

The single interface configuration is shown in the following illustration.

Illustration of a one-IP network topology for the BIG-IP system

one-IP network topology for the BIG-IP system

One-IP network topology for the BIG-IP system

Task summary for a one-IP network topology for the BIG-IP system

You can perform these tasks to configure a one-IP network topology.

Task list

Creating a pool for processing HTTP connections with SNATs enabled

Verify that all content servers for the pool are in the network of VLAN external.
For a basic configuration, you need to create a pool to manage HTTP connections. This pool enables SNATs for any connections destined for a member of the pool.
  1. On the Main tab, click Local Traffic > Pools .
    The Pool List screen opens.
  2. Click Create.
    The New Pool screen opens.
  3. In the Name field, type a unique name for the pool.
  4. For the Health Monitors setting, from the Available list, select the http monitor and move the monitor to the Active list.
  5. For the Allow SNAT setting, verify that the value is Yes.
  6. In the Resources area of the screen, use the default values for the Load Balancing Method and Priority Group Activation settings.
  7. Using the New Members setting, add each resource that you want to include in the pool:
    1. Type an IP address in the Address field.
    2. Type 80 in the Service Port field, or select HTTP from the list.
    3. (Optional) Type a priority number in the Priority field.
    4. Click Add.
  8. Click Finished.
The new pool appears in the Pools list.

Creating a virtual server for HTTP traffic

This task creates a destination IP address for application traffic. As part of this task, you must assign the relevant pool to the virtual server.
  1. On the Main tab, click Local Traffic > Virtual Servers .
    The Virtual Server List screen opens.
  2. Click the Create button.
    The New Virtual Server screen opens.
  3. In the Name field, type a unique name for the virtual server.
  4. In the Destination Address field, type the IP address in CIDR format.
    The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is 10.0.0.1 or 10.0.0.0/24, and an IPv6 address/prefix is ffe1::0020/64 or 2001:ed8:77b5:2:10:10:100:42/64. When you use an IPv4 address without specifying a prefix, the BIG-IP® system automatically uses a /32 prefix.
    Note: The IP address you type must be available and not in the loopback network.
  5. In the Service Port field, type 80, or select HTTP from the list.
  6. From the HTTP Profile list, select http.
  7. In the Resources area of the screen, from the Default Pool list, select the relevant pool name.
  8. Click Finished.
You now have a virtual server to use as a destination address for application traffic.

Defining a default route

Another task that you must perform to implement one-IP network load balancing is to define a default route for the VLAN external.
  1. On the Main tab, click Network > Routes .
  2. Click Add.
    The New Route screen opens.
  3. In the Name field, type Default Gateway Route.
  4. In the Destination field, type the IP address 0.0.0.0.
    An IP address of 0.0.0.0 in this field indicates that the destination is a default route.
  5. From the Resource list, select Use VLAN/Tunnel.
    A VLAN represents the VLAN through which the packets flow to reach the specified destination.
  6. Select external from the VLAN/Tunnel list.
  7. Click Finished.
The default route for VLAN external is defined.

Configuring a client SNAT

To configure the BIG-IP® system to handle connections originating from the client, you can define a SNAT to change the source address on the packet to the SNAT external address located on the BIG-IP system.
  1. On the Main tab, click Local Traffic > Address Translation .
    The SNAT List screen displays a list of existing SNATs.
  2. Click Create.
  3. Name the new SNAT.
  4. In the Translation field, type the IP address that you want to use as a translation IP address.
  5. From the Origin list, select Address List.
  6. For each client to which you want to assign a translation address, do the following:
    1. In the Address field., type a client IP address.
    2. Click Add.
  7. From the VLAN/Tunnel Traffic list, select Enabled on.
  8. For the VLAN List setting, in the Available field, select external, and using the Move button, move the VLAN name to the Selected field.
  9. Click the Finished button.
The BIG-IP system is configured to handle connections originating from the client

Configuring optional ephemeral port exhaustion

You must configure a client SNAT before you can configure ephemeral port exhaustion functionality for that SNAT.
You can configure the BIG-IP® system to accumulate real-time ephemeral-port statistics, and when usage exceeds a specified threshold level, to log an error and provide a Simple Network Management Protocol (SNMP) alert notification. Thus you can assess an approaching exhaustion of ephemeral ports, and respond accordingly.
  1. Log on to the command line of the system using the root account.
  2. Type tmsh to access the Traffic Management Shell.
  3. Type the following command to enable ephemeral port-exhaustion threshold warning functionality. The default value is enabled.
    modify ltm global-settings traffic-control port-find-threshold-warning [enabled_or_disabled]
  4. Type the following command to specify the number of random attempts to find an unused outbound port for a connection. Values can range from 1 through 12. The default value is 8.
    modify ltm global-settings traffic-control port-find-threshold-trigger [threshold_level]
  5. Type the following command to specify the timeout period, in seconds, from one threshold trigger until a subsequent threshold trigger, which if exceeded, resets and causes the threshold warning to expire. Values can range from 0 through 300 seconds. The default value is 30.
    modify ltm global-settings traffic-control port-find-threshold-timeout [timeout_period]
The BIG-IP system is configured to accumulate real-time ephemeral-port statistics, and to provide a trigger when usage exceeds a specified threshold level.
You need to configure logging functionality, for example, high-speed remote logging, to log any error messages. Additionally, you will want to manage any alert notifications by using SNMP.