How virtual servers use routes

 How virtual servers using the routes.

The BIG-IP system contains two sets of routing tables:

1. The Linux routing tables, for routing administrative traffic through the management interface
2. A special TMM routing table, for routing application and administrative traffic through the TMM interfaces

 As a BIG-IP administrator, you can configure the system so that the BIG-IP system can use these routing tables to route both management and application traffic successfully.

Additional Information

When BIG-IP system using the routes it will select the most specific route to forward the traffic towards the destination.
About BIG-IP management routes and TMM routes:
 
Management routes
Management routes are routes that the BIG-IP system uses to forward traffic through the special management interface. The BIG-IP system stores management routes in the Linux (that is, kernel) routing table.
 
TMM routes
TMM routes are routes that the BIG-IP system uses to forward traffic through the Traffic Management Microkernel (TMM) interfaces instead of through the management interface. The BIG-IP system stores TMM routes in both the TMM and kernel routing tables.
 
 As described, the BIG-IP routing table consists of a combination of routing subtables. A subtable for management routes, and a  subtable for TMM routes. Routes in the TMM subtable are defined with a lower metric than routes in the management subtable. As a result, if an equally specific route exists as both a TMM route and a management route, the system will prefer the TMM route. This also applies if the only defined management route is a default gateway, the system will prefer the TMM default gateway.
 
TMM switch routes are routes that the BIG-IP system uses to forward traffic through the TMM switch interfaces instead of through the management interface. Traffic sourced from a TMM (self IP) address will always use the most specific matching TMM route. Traffic sourced from a TMM address will never use a management route. When TMM is not running, the TMM addresses are not available, and all TMM routes are removed. As a result, when TMM is not running, all outbound administrative traffic uses the most specific matching management route.
 
Starting in BIG-IP 11.3.0, you can configure source addresses from which virtual servers accept traffic. The BIG-IP system uses the destination address, source address, and service port configuration to determine the order of precedence applied to new inbound connections. When a connection matches multiple virtual servers, the BIG-IP system uses an algorithm that places virtual server precedence in the following order:

• Destination address
• Source address
• Service port

Note:

NTP,SNMP,Syslog,Sflow ,remote authentication will always use the management default route unless a TMM interface has a layer2 connectivity to the IP's of those services,or you have a more specific route defined in TMM.

When BIG-IP system using the routes it will select the most specific route to forward the traffic towards the destination.
 
Example 1 - If the traffic is from the IP address 192.168.0.100 we have the below specific route defined.
 
net route /Common/192.168.0.100 {
    description none
    gw 192.168.0.2
    mtu 0
    network 192.168.0.100/32
    partition Common
}
 
So the traffic will be use the gateway IP 192.168.0.2 to direct the traffic.
 
 
Example 2 - If the traffic is from the one of the IP addresses in the network 192.168.0.0. For example let's take IP 192.168.0.102. In this situation the route below will be used.
 
net route /Common/192.168.0.0 {
    description none
    gw 192.168.0.1
    mtu 0
    network 192.168.0.0/16
    partition Common
}
 
So the traffic will be use the gateway IP 192.168.0.1 to direct the traffic.
 
 

Example 3 - If the traffic does not match any of the specific routes (neither 192.168.0.100 nor 192.168.0.0) above the BIG-IP system will forward the traffic to the default gateways like the ones you configured below.

default via 172.16.0.1 dev mgmt  metric 4096  <-------management route
default via 10.0.0.1 dev TEST-NET-1                      <-------TMM route

 
The traffic will be directed to the TMM route as it has the lower metric compared to the management route.

Commands:-

1.To check routing Table;tmsh show/net route

2.To check the configured static route:tmsh list/net route

3.To check the management route:list/sys management-route

4.To check the management interface IP address:list/sys management-ip.

What is a route domain?

 A route domain is a configuration object that isolates network traffic for a particular application on the network.

Because route domains segment network traffic, you can assign the same IP address or subnet to multiple nodes on a network, provided that each instance of the IP address resides in a separate routing domain.

Note: Route domains are compatible with both IPv4 and IPv6 address formats.

Important: For systems that include both BIG-IP Local Traffic Manager (LTM) and BIG-IP Global Traffic Manager (GTM), you can configure route domains on internal interfaces only.

Benefits of route domains

Using the route domains feature of the BIG-IP system, you can provide hosting service for multiple customers by isolating each type of application traffic within a defined address space on the network.

With route domains, you can also use duplicate IP addresses on the network, provided that each of the duplicate addresses resides in a separate route domain and is isolated on the network through a separate VLAN. For example, if you are processing traffic for two different customers, you can create two separate route domains. The same node address (such as 10.0.10.1) can reside in each route domain, in the same pool or in different pools, and you can assign a different monitor to each of the two corresponding pool members.

Sample partitions with route domain objects

This illustration shows two route domain objects on a BIG-IP system, where each route domain corresponds to a separate customer, and thus resides in its own partition. Within each partition, the customer created the network objects and local traffic objects required for that customer's application (AppA or AppB).

 Sample partitions with route domains

Sample route domain deployment

A good example of the use of route domains is a configuration for an ISP that services multiple customers, where each customer deploys a different application. In this case, the BIG-IP system isolates traffic for two different applications into two separate route domains. The routes for each application's traffic cannot cross route domain boundaries because cross-routing restrictions are enabled on the BIG-IP system by default.

 A sample route domain deployment

About route domain IDs

A route domain ID is a unique numerical identifier for a route domain. You can assign objects with IP addresses (such as self IP addresses, virtual addresses, pool members, and gateway addresses) to a route domain by appending the %ID to the IP address.

The format required for specifying a route domain ID in an object’s IP address is A.B.C.D%ID, where ID is the ID of the relevant route domain. For example, both the local traffic node object 10.10.10.30%2 and the pool member 10.10.10.30%2:80 pertain to route domain 2.

The BIG-IP system includes a default route domain with an ID of 0. If you do not explicitly create any route domains, all routes on the system pertain to route domain 0.

Important: A route domain ID must be unique on the BIG-IP system; that is, no two route domains on the system can have the same ID.

Traffic forwarding across route domains

You can create a parent-child relationship between two route domains, and configure strict isolation, to control the extent to which the BIG-IP system can forward traffic from one route domain to another.

About parent IDs

When you create a route domain, you can specify the ID of another route domain as the parent route domain. The parent ID identifies another route domain that the system can search to find a route if the system cannot find the route within the child route domain.

For example, using the BIG-IP Configuration utility, suppose you create route domain 1 and assign it a parent ID of 0. For traffic pertaining to route domain 1, the system looks within route domain 1 for a route for the specified destination. If no route is found, the system searches the routes in route domain 0.

By default, if the system finds no route in the parent route domain, the system searches the parent route domain’s parent, and so on, until the system finds either a match or a route domain with no parent. In the latter case, the system refrains from searching any other route domains to find a match, thus preventing the system from using a route from another route domain.

Comparison of NATs and SNATs

 

TMSH Modular Structure