system must communicate with other routers, servers, and firewalls in a networked environment. Before you put the BIG-IP system into production, we recommend that you carefully review the router and server configurations in your network. By doing so, you can properly configure routing on the BIG-IP system, and you can adjust the routing configurations on other network devices to include various BIG-IP system IP addresses. Depending on how you configure routing, the BIG-IP system can forward packets to a specified network device (such as a next-hop router or a destination server), or the system can drop packets altogether.
Due to its IP routing (Layer 3) capabilities, combined with the need to
process both user application traffic (for load balancing) and administrative traffic, the BIG-IP system contains two routing tables. The first is the kernel routing table, which stores and retrieves information about management routes. Management routes
are routes that the BIG-IP system uses to forward traffic through the special management (MGMT
The other routing table is the main TMM routing table, which stores and
retrieves IP routing information about TMM switch routes. TMM switch routes
are routes that the BIG-IP system uses to forward traffic through the TMM switch interfaces instead of through the management interface.
The purpose of the TMM routing table is to store essential routing
information for traffic passing through the TMM system. The BIG-IP system creates a routing table automatically when you configure its local interfaces. Once the routing table is created, there are two ways to maintain it:
Typically, a routing table on the BIG-IP system contains a combination of
static and dynamic entries. The remainder of this section describes how to add and maintain static entries.
You can use the Configuration utility to add static routes to the TMM
routing table. When you add an entry to the routing table, you specify a destination host or network, and a gateway through which traffic for that destination should pass to reach the destination address. You can also add an entry for a default route.
On a typical router, you define the gateway for each route as the address for
a next-hop router. On the BIG-IP system, however, the gateway that you specify can be any of four different resource types
: A next-hop router address, the name of a pool of routers, a VLAN name, or an instruction to reject the packet.
| || |A next-hop router address
A next-hop router address is also known as a gateway address. A gateway address
specifies a particular router that the BIG-IP system should use when forwarding packets to the destination host or network.
| || |A name of a pool of routers
Rather than specifying a specific next-hop router, you can specify an entire pool of routers. When you specify this resource type, the BIG-IP system load balances the packets twice, once to a router in the pool of routers, and again to a server in the load balancing pool. Just as with a load balancing pool, the BIG-IP system uses the Round Robin load balancing method by default when forwarding packets to a pool of routers.
| || |A VLAN name
Specifying a VLAN name indicates that the network you specify as a destination in a route entry is directly connected to the BIG-IP system. Therefore, the BIG-IP system can send an ARP request to any host in that network to obtain the MAC address of the destination host.
| || |Reject
Setting the resource type to Reject
causes the BIG-IP system to drop packets that are destined for the specified destination IP address.
Using the Configuration utility, you can easily manage the static routes
defined in the BIG-IP systems TMM routing table. Specifically, you can:
Note: Only users with an Administrator
user role can create and manage routing entries on the BIG-IP system.
| || |The destination IP address
For the destination address, you can see either a default entry, a host destination, or a network address.
| || |The netmask
This is the netmask of the destination address. No netmask appears for the default route.
| || |The resource name
The resource name is either a next-hop-router (gateway) address, a pool name, or a VLAN name.
On the Main tab of the navigation pane, expand Network
and click Routes
. The Configuration utility displays the list of static entries.
You use the Configuration utility to add static entries to the TMM routing
table. A static entry that you add can be either the default TMM route or a non-default TMM route.
Use the following procedure to add an entry to the TMM routing table. For
more detailed information, see Table 8.1
, as well as the sections that follow that table.
If the Add
button is unavailable, you do not have permission to create a self IP address. You must have the Administrator
role assigned to your user account.
| |From the Type
list, select Default Gateway
Selecting Default Gateway
disables the Destination
| | In the Destination
box, type a destination IP address.
| | In the Netmask
box, type the netmask for the IP address you typed in the Destination
lists and describes the properties that you configure when adding routing table entries. For detailed information on each property, see the sections that follow the table. For background information on static routing-table entries, see Understanding the TMM routing table
You use the Type
property to specify the type of static route that you want to define in the routing table. A static route that you add to the TMM routing table can be either of two types: a non-default route or a default route. On the screen for creating a static route entry, a non-default route is simply called a route
. A default entry is called a default gateway
You add a route when you want to provide a route that either corresponds
directly to the destination IP address of a packet, or specifies the network portion of the destination IP address of a packet.
You add a default gateway when you want to provide the route that the
BIG-IP system should use for forwarding packets when no other entry in the routing table matches the destination IP address of the packet.
When you want to define a non-default route, you use the Destination
property. If you are defining a default route, this property is unavailable.
Using the Destination
property, you can specify either a specific destination IP address, to match the destination IP address of a packet, or the network portion of a destination IP address of a packet.
For example, if you want the BIG-IP system to be able to forward packets
destined for IP address 192.168.16.240
, you could specify one of the following addresses:
| || |192.168.16.240
In this case, the BIG-IP system forwards any packet with the exact destination IP address of 192.168.16.240
to the gateway that you define in that routing table entry.
| || |192.168.16.0
In this case, the BIG-IP system forwards to the gateway any packets with a destination IP address that includes the network ID 192.168.16
You use the Netmask
property when you want to define a non-default route. If you are defining a default route, this property is unavailable.
Using the Netmask
property, you specify the netmask for the destination IP address that you defined with the Destination
property. The purpose of the netmask is to indicate whether the IP address defined in the Destination
property is a host address or a network address.
Any entry that you add to the TMM routing table includes either a next-hop
router, a pool of routers, or a VLAN as the gateway, or resource
, through which to send traffic. To specify a resource in a routing table entry, you use the Resource
property. You can also instruct the BIG-IP system to reject packets for the specified destination IP address.
shows part of a sample bigip.conf
file that results when you specify a pool of routers, a next-hop router, or a VLAN as a resource. The figure also shows an entry that results when you want the system to reject packets destined for a particular host or network.
A common scenario when adding a route is to define the gateway as a pool
of routers instead of a single next-hop router. For example, you can create a pool named router_pool
, and specify the pool as the gateway for the default route. You can see this route in the first entry of Figure 8.1
Before you specify a pool of routers as a gateway in the routing table,
however, you must create the pool, using the same Configuration utility screens that you use for creating a pool of load balancing servers.
For more information on creating a pool, see the Configuration Guide for BIG-IP® Local Traffic Management
. For background information on using a pool of routers as a gateway, see Understanding the TMM routing table
On the Main tab of the navigation pane, expand Local Traffic
and click Pools
. This displays the list of existing pools on the BIG-IP system. This list includes any load balancing pools and router pools that you have created.
If you know that a server in a load balancing pool is on the same internal
network as the BIG-IP systems next-hop router, you can add an entry that defines the servers IP address as the destination, and the next-hop router address as the gateway. For example, the second route entry in Figure 8.1
shows a destination network address of 192.168.102.0
, and a next-hop router address of 192.168.104.101
The gateway address in a routing entry can also be a VLAN name. You can
select a VLAN name as a resource when the destination address you specify in the routing entry is a network address. Using a VLAN name as a resource implies that the specified network is directly connected to the BIG-IP system. In this case, the BIG-IP system can find the destination host simply by sending an ARP request to the hosts in the specified VLAN, thereby obtaining the destination hosts MAC address. Then, the BIG-IP system simply checks the VLANs Layer 2 forwarding table to determine the correct interface through which to forward the packet.
On the Main tab of the navigation pane, expand Network
and click VLANs. This displays the list of existing VLANs on the BIG-IP system.
Sometimes, you might want the BIG-IP system to drop any packets destined
for the IP address specified as the destination in a routing entry. In this case, you simply select Reject
as the value for the Resource
setting when creating a route entry.
For a static entry in the routing table, you can modify the resource that you
specified when you added the entry. You cannot modify the entry type (Default Gateway
), the destination address, or the netmask.
Deleting entries from the routing table is necessary when the routers or
destination hosts on your network change for any reason. For example, you might remove a specific host or router from the network, thereby invalidating a destination or gateway address in the routing table. You can easily delete static entries using the Configuration utility.
| |Click Delete
A confirmation message appears.
After you have configured the TMM routing table on the BIG-IP system,
you might want to consider some other routing issues. For example, it is customary to ensure that the routers on the network have information about the various IP addresses for the BIG-IP system, such as virtual server addresses, self IP addresses for VLANs, and so on. Fortunately, the BIG-IP system eases this task by sending gratuitous Address Resolution Protocol (ARP) messages to other routers on the network, to notify them of BIG-IP system IP addresses. For more information on ARP and the BIG-IP system, see Chapter 9, Configuring Address Resolution Protocol
The beginning of this chapter explained that there are two types of entries in
the BIG-IP system routing table: static entries and dynamic entries. The chapter then described how to add and delete static entries. If you want the system to add entries dynamically, you can use one of the advanced routing modules. For more information, see Appendix C, Configuring Advanced Routing Modules
When configuring routes on a BIG-IP system, it is helpful to understand the
differences between management routes and TMM routes. This is because there are certain administrative tasks, such as a system installation, that you should perform only when the TMM is not running. In those cases, the BIG-IP system uses the default management route for processing that traffic.
We recommend that you read the guide Installation, Licensing, and Upgrades for BIG-IP® Systems
. for procedures on configuring the management interface. You should also read the section in Chapter 3, Configuring the BIG-IP Platform and General Properties
, that describes the management interface. Chapter 17, Configuring BIG-IP System Services
, suggests some of the administrative tasks that you should perform only when the TMM service is stopped.
Finally, make sure that you have defined a default TMM route in the main
TMM routing table. Defining a default TMM route prevents high volumes of administrative traffic generated by the BIG-IP system from using the management interface. For more information, see Adding static entries to the TMM routing table
Part of managing routes on a network is making sure that destination servers
on the network can route responses to the BIG-IP system. To do this, you should configure the default route on each load balancing server to forward responses to the BIG-IP system.
Configuring the default route on your destination servers is a typical
network configuration task. A primary reason for configuring the default route on each server to forward responses to the BIG-IP system is to avoid interruption of service if you have a redundant system configuration and an active unit becomes unavailable. In this case, you want the default route entry on the servers in your load balancing pools to specify a floating self IP address that the two units of the redundant system share. By setting the default route of your destination servers to a floating self IP address, you ensure that if one unit becomes unavailable for any reason, the other unit can still process the responses.