Here, I am going to clarify some Important Tips about Traffic Handling Options, when you are configuring F5 𝐁𝐈𝐆-𝐈𝐏 𝐋𝐓𝐌 𝐌𝐨𝐝𝐮𝐥𝐞 as the most popular 𝐀𝐃𝐂 (𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐃𝐞𝐥𝐢𝐯𝐞𝐫𝐲 𝐂𝐨𝐧𝐭𝐫𝐨𝐥𝐥𝐞𝐫).
⊛ There are 𝐅𝐨𝐮𝐫 𝐌𝐚𝐢𝐧 𝐎𝐛𝐣𝐞𝐜𝐭𝐬 to Check/Match the Incoming Traffic to 𝐓𝐌𝐌 𝐈𝐧𝐬𝐭𝐚𝐧𝐜𝐞𝐬, including: "𝐕𝐢𝐫𝐭𝐮𝐚𝐥 𝐈𝐏/𝐀𝐝𝐝𝐫𝐞𝐬𝐬", "𝐍𝐀𝐓-𝐎𝐛𝐣𝐞𝐜𝐭/𝐑𝐮𝐥𝐞", "𝐒𝐍𝐀𝐓-𝐎𝐛𝐣𝐞𝐜𝐭/𝐑𝐮𝐥𝐞", and "𝐒𝐞𝐥𝐟-𝐈𝐏"
⊛ The "𝐯𝐈𝐏:𝐯𝐏𝐨𝐫𝐭 (𝐏𝐫𝐨𝐭𝐨𝐜𝐨𝐥)" - which is handled by "𝐕𝐢𝐫𝐭𝐮𝐚𝐥 𝐒𝐞𝐫𝐯𝐞𝐫" - can Match the Traffic as both "𝐒𝐨𝐮𝐫𝐜𝐞-𝐛𝐚𝐬𝐞𝐝" and/or "𝐃𝐞𝐬𝐭𝐢𝐧𝐚𝐭𝐢𝐨𝐧-𝐛𝐚𝐬𝐞𝐝"
⊛ The "𝐃𝐞𝐬𝐭𝐢𝐧𝐚𝐭𝐢𝐨𝐧-𝐛𝐚𝐬𝐞𝐝" is considered as "𝟏:𝟏 𝐒𝐭𝐚𝐭𝐢𝐜 𝐌𝐚𝐩𝐩𝐢𝐧𝐠" technique and can Match the Traffic as either "𝐒𝐨𝐮𝐫𝐜𝐞-𝐛𝐚𝐬𝐞𝐝" or "𝐃𝐞𝐬𝐭𝐢𝐧𝐚𝐭𝐢𝐨𝐧-𝐛𝐚𝐬𝐞𝐝" (NAT / ORIGIN Address)
⊛ The "𝐒𝐍𝐀𝐓-𝐎𝐛𝐣𝐞𝐜𝐭/𝐑𝐮𝐥𝐞" is considered as "𝐌:𝐍 𝐃𝐲𝐧𝐚𝐦𝐢𝐜 𝐌𝐚𝐩𝐩𝐢𝐧𝐠" technique and can Match JUST as "𝐒𝐨𝐮𝐫𝐜𝐞-𝐛𝐚𝐬𝐞𝐝" technique
⊛ The "𝐒𝐞𝐥𝐟-𝐈𝐏" is considered as a 𝐓𝐫𝐚𝐟𝐟𝐢𝐜 𝐓𝐞𝐫𝐦𝐢𝐧𝐚𝐭𝐨𝐫 by focusing on Management/Control Planes and can Match JUST as "𝐃𝐞𝐬𝐭𝐢𝐧𝐚𝐭𝐢𝐨𝐧-𝐛𝐚𝐬𝐞𝐝" Handler
⊛ Once the "𝐒𝐍𝐀𝐓" Feature is leveraged to handle both the Outgoing and Return Traffic From/To F5 Device, it is also called "𝐯𝐈𝐏 𝐁𝐨𝐮𝐧𝐜𝐞-𝐛𝐚𝐜𝐤"
⊛ The "𝐀𝐮𝐭𝐨-𝐦𝐚𝐩" option on SNAT Feature, can make decision to choose the best Source IP Address for 𝐎𝐯𝐞𝐫𝐥𝐨𝐚𝐝𝐢𝐧𝐠 (𝐏𝐀𝐓), based on the below Algorithm:
1- Float-IP on Egress VLAN
2- Float-IP on Different (Other) VLAN
3- Non-Float-IP on Egress VLAN
4- Non-Float-IP on Different (Other) VLAN
No comments:
Post a Comment