Applies To:

Show Versions Show Versions

Manual Chapter: BIG-IP version 9.2 Network and System Management Guide: Configuring Self IP Addresses
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>


6

Configuring Self IP Addresses


Introducing self IP addresses

A self IP address is an IP address that you associate with a VLAN, to access hosts in that VLAN. By virtue of its netmask, a self IP address represents an address space, that is, a range of IP addresses spanning the hosts in the VLAN, rather than a single host address. You can associate self IP addresses not only with VLANs, but also with VLAN groups.

Self IP addresses serve two purposes. First, when sending a message to a destination server, the BIG-IP system uses the self IP addresses of its VLANs to determine the specific VLAN in which a destination server resides. For example, if VLAN internal has a self IP address of 10.10.10.100, with a netmask of 255.255.255.0, and the destination server's IP address is 10.10.10.20 (with a netmask of 255.255.255.255), the BIG-IP system recognizes that the server's IP address falls within the range of VLAN internal's self IP address, and therefore sends the message to that VLAN. More specifically, the BIG-IP system sends the message to the interface that you assigned to that VLAN. If more than one interface is assigned to the VLAN, the BIG-IP system takes additional steps to determine the correct interface, such as checking the layer2 forwarding table.

Second, a self IP address serves as the default route for each destination server in the corresponding VLAN. In this case, the self IP address of a VLAN appears as the destination IP address in the packet header when the server sends a response to the BIG-IP system. For more information on configuring the default route of a destination server, see Chapter 13, Setting up a Redundant System .

You normally assign self IP addresses to a VLAN when you initially run the Setup utility on a BIG-IP system. More specifically, you assign one static self IP address and one floating self IP address to each of the default VLANs (internal and external). Later, using the Configuration utility, you can create self IP addresses for other VLANs that you create.

Types of self IP addresses

There are two types of self IP addresses that you can create:

  • A static self IP address is an IP address that the BIG-IP system does not share with another BIG-IP system. By default, the self IP addresses that you create with the Configuration utility are static self IP addresses.
  • A floating self IP address is an IP address that two BIG-IP systems share, such as two units of a redundant system. When you use the Configuration utility to create a self IP address, you can specify that you want the IP address to be floating address.

For more information on static and floating IP addresses, see Chapter 13, Setting up a Redundant System .

Self IP addresses and MAC addresses

For each self IP address that you create for a VLAN, the BIG-IP system automatically assigns a media access control (MAC) address. By default, the BIG-IP system assigns the same MAC address that is assigned to the lowest-numbered interface of the VLAN.

As an alternative, you can globally configure the BIG-IP system to assign the same MAC address to all VLANs. This feature is useful if your network includes a type of switch that does not keep a separate layer 2 forwarding table for each VLAN on that switch.

Using self IP addresses for SNATs

When you configure the BIG-IP system to manage local area traffic, you can implement a feature known as a secure network address translation (SNAT). A SNAT is an object that causes the BIG-IP system to translate the original source IP address of a packet to an IP address that you specify. A SNAT ensures that the target server sends its response back through the BIG-IP system rather than to the original client IP address directly.

When you create a SNAT, you can configure the BIG-IP system to automatically choose a translation address. This ability of the BIG-IP system to automatically choose a translation address is known as SNAT automapping, and in this case, the translation address that the system chooses is always an existing self IP address. Thus, for traffic going from the BIG-IP system to a destination server, configuring SNAT automapping ensures that the source IP address in the header of a packet is a self IP address.

When you create an automapped SNAT, the BIG-IP system actually creates a SNAT pool consisting of the system's internal self IP addresses, and then uses an algorithm to select and assign an address from that SNAT pool.

For more information on SNAT automapping, see the Configuration Guide for Local Traffic Management.

Creating and managing self IP addresses

As stated previously, it is when you initially run the Setup utility on a BIG-IP system that you normally create any static and floating self IP addresses and assign them to VLANs. However, if you want to create additional self IP addresses later, you can do so using the Configuration utility.

Creating a self IP address

The BIG-IP system offers several settings that you can configure for a self IP address. These settings are summarized in Table 6.1 .

Table 6.1 Configuration settings for a self IP address
Setting
Description
Default Value
IP Address
Specifies a self IP address.
No default value
Netmask
Specifies the netmask for the self IP address.
No default value
VLAN
Specifies the VLAN to which this self IP address corresponds.
No default value
Port Lockdown
Specifies the protocols and services from which the self IP address can accept traffic.
Allow Default
Floating IP
Specifies that the self IP address is a floating IP address (shared between two BIG-IP systems).
Unchecked

Use the following procedure to create a self IP address. For detailed information about each setting, see the sections following the procedure.

Note

A self IP address can be in either IPv4 or IPv6 format.

To create a self IP address

  1. On the Main tab of the navigation pane, expand Network, and click Self IPs.
    This displays a list of existing self IP addresses.
  2. In the upper-right corner of the screen, click the Create button.
  3. In the IP Address box, type the self IP address that you want to assign to a VLAN.
  4. In the Netmask box, type a netmask.
  5. For the VLAN setting, select the name of the VLAN to which you want to assign the self IP address.
    The default value is internal.
  6. For the Port Lockdown setting, select Allow Default, Allow All, Allow None, or Allow Custom.
    Selecting Allow Custom displays the Custom List setting. For more information on these setting values, see Specifying port lockdown .
  7. If you chose Allow Custom in step 7, click TCP, UDP, or Protocol.
    1. If you chose TCP or UDP, do one or both of the following:
    2. Click All or None and then click Add.
      The value All or None appears in the TCP or UDP box.
    3. Click Port, type a port number, and then click Add.
      The port number appears in the TCP or UDP box.
    4. If you chose Protocol, select a protocol name and click Add.
  8. If you want to configure the self IP address as a floating IP address, check the Floating IP box.
  9. To finish the configuration of this self IP address and create other self IP addresses, click Repeat and perform all previous steps until all self IP addresses have been created.
  10. Click Finished.

Specifying an IP address

As described in Introducing self IP addresses , a self IP address, combined with a netmask, typically represents a range of host IP addresses in a VLAN. If you are assigning a self IP address to a VLAN group, the self IP address represents the range of self IP addresses assigned to the VLANs in that group.

The self IP address that you specify in the IP Address setting is a static IP address, unless you enable the Floating IP setting. For more information, see Specifying a floating IP address .

Specifying a netmask

When you specify a netmask for a self IP address, the self IP address can represent a range of IP addresses, rather than a single host address. For example, a self IP address of 10.0.0.100 can represent several host IP addresses if you specify a netmask of 255.255.0.0.

Associating a self IP address with a VLAN

You assign a unique self IP address to a specific VLAN or a VLAN group:

  • Assigning a self IP address to a VLAN
    The self IP address that you assign to a VLAN should represent an address space that includes the self IP addresses of the hosts that the VLAN contains. For example, if the address of one destination server in a VLAN is 10.0.0.1 and the address of another server in the VLAN is 10.0.0.2, you could assign a self IP address of 11.0.0.100, with a netmask of 255.255.0.0, to the VLAN.
  • Assigning a self IP address to a VLAN group
    The self IP address that you assign to a VLAN group should represent an address space that includes the self IP addresses of the VLANs that you assigned to the group. For example, if the self IP address of one VLAN in a VLAN group is 10.0.20.100 and the address of the other VLAN in a VLAN group is 10.0.30.100,you could assign an address of 10.0.0.100, with a netmask of 255.255.0.0, to the VLAN group.

The VLAN list displays the names of all existing VLANs and VLAN groups.

Specifying port lockdown

Each self IP address has a feature known as port lockdown. Port lockdown is a security feature that allows you to specify particular UDP and TCP protocols and services from which the self IP address can accept traffic. By default, a self IP address accepts traffic from these protocols and services:

  • For UDP, the allowed protocols and services are: DNS (53), SNMP (161), RIP (520)
  • For TCP, the allowed protocols and services are: SSH (22), DNS (53), SNMP (161), HTTPS (443), 4353 (iQuery)

If you do not want to use the default setting (Allow Default), you can configure port lockdown to allow either all UDP and TCP protocols and services (Allow All), no UDP protocols and services (Allow None), or only those that you specify (Allow Custom).

Specifying a floating IP address

You can enable the Floating IP setting if you want the self IP address to be a floating IP address, that is, an address shared between two BIG-IP systems. A floating self IP address enables a destination server to successfully send a response when the relevant BIG-IP unit is unavailable. When two units share a floating self IP address, a destination server can send traffic to that address instead of a static self IP address. If the target unit is unavailable, the peer unit can receive and process that traffic. Without this shared floating IP address, the delivery of server traffic to a unit of a redundant system can fail.

Note

The Floating IP setting appears on the screen only when the BIG-IP system is configured as a unit of a redundant system. For more information on configuring a redundant system, see Chapter 13, Setting up a Redundant System .

Managing self IP addresses

Using the Configuration utility, you can view or change the properties of a self IP address, or delete a self IP address.

To view or modify the settings of a self IP address

  1. On the Main tab of the navigation pane, expand Network, and click Self IPs.
    This displays a list of existing self IP addresses.
  2. In the IP Address column, click a self IP address.
    This displays the properties page for that self IP address.
  3. To change the setting values, modify the values and click Update.
    This displays the list of existing self IP addresses.
Note

You can modify any setting except IP Address. To modify the IP Address setting, you must delete the self IP address and create a new one. For more information, see To delete a self IP address , following, and To create a self IP address .

To delete a self IP address

  1. On the Main tab of the navigation pane, expand Network, and click Self IPs.
    This displays a list of existing self IP addresses.
  2. In the IP address column, locate the self IP address you want to delete.
  3. Click the select box to the left of the IP address.
  4. Click Delete.
    A confirmation screen appears.
  5. Click Delete.



Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)