Applies To:

Show Versions Show Versions

Manual Chapter: Configuring Layer 3 nPath Routing
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Layer 3 nPath routing

Using Layer 3 nPath routing, you can load balance traffic over a routed topology in your data center. In this deployment, the server sends its responses directly back to the client, even when the servers, and any intermediate routers, are on different networks. This routing method uses IP encapsulation to create a uni-directional outbound tunnel from the server pool to the server.

You can also override the encapsulation for a specified pool member, and either remove that pool member from any encapsulation or specify a different encapsulation protocol. The available encapsulation protocols are IPIP and GRE.

Example of a Layer 3 routing configuration
This illustration shows the path of a packet in a deployment that uses Layer 3 nPath routing through a tunnel.
  1. The client sends traffic to a Fast L4 virtual server.
  2. The pool encapsulates the packet and sends it through a tunnel to the server.
  3. The server removes the encapsulation header and returns the packet to the network.
  4. The target application receives the original packet, processes it, and responds directly to the client.

Configuring Layer 3 nPath routing using TMSH

Before performing this procedure, determine the IP address of the loopback interface for each server in the server pool.
Use Layer 3 nPath routing to provide direct server return for traffic in a routed topology in your data center.
  1. On the BIG-IP system, start a console session.
  2. Create a server pool with an encapsulation profile. tmsh create ltm pool npath_ipip_pool profiles add { ipip } members add { } This command creates the pool npath_ipip_pool, which has three members that specify all services:,, and, and applies IPIP encapsulation to outbound traffic.
  3. Create a profile that disables hardware acceleration. tmsh create ltm profile fastl4 fastl4_npath pva-acceleration none This command disables the Packet Velocity ASIC acceleration mode in the new Fast L4 profile named fastl4_npath.
  4. Create a virtual server that has address translation disabled, and includes the pool with the encapsulation profile. tmsh create ltm virtual npath_udp destination pool npath_ipip_pool profiles add { fastl4_npath } translate-address disabled ip-protocol udp This command creates a virtual server named npath_udp that intercepts all UDP traffic, does not use address translation, and does not use hardware acceleration. The destination address matches the IP address of the loopback interface on each server.
These implementation steps configure only the BIG-IP device in a deployment example. To configure other devices in your network for L3 nPath routing, consult the device manufacturer's documentation for setting up direct server return (DSR) for each device.

Layer 3 nPath routing example

The following illustration shows one example of an L3 nPath routing configuration in a network.

Example of a Layer 3 routing configuration

The following examples show the configuration code that support the illustration.

Client configuration: # ifconfig eth0 inet netmask up # route add –net netmask gw
BIG-IP device configuration: # - create node pointing to server's ethernet address # ltm node { # address # } # - create transparent monitor # ltm monitor tcp t.ipip { # defaults-from tcp # destination # interval 5 # time-until-up 0 # timeout 16 # transparent enabled # } # - create pool with ipip profile # ltm pool ipip.pool { # members { # { - real server's ip address # address # } # } # monitor t.ipip - transparent monitor # profiles { # ipip # } # } # - create FastL4 profile with PVA disabled # ltm profile fastl4 fastL4.ipip { # app-service none # pva-acceleration none # } # - create FastL4 virtual with custom FastL4 profile from previous step # ltm virtual test_virtual { # destination - server's loopback address # ip-protocol tcp # mask # pool ipip.pool - pool with ipip profile # profiles { # fastL4.ipip { } - custom fastL4 profile # } # translate-address disabled - translate address disabled # translate-port disabled # vlans-disabled # }

Linux DSR server configuration:

# modprobe ipip # ifconfig tunl0 netmask up # ifconfig lo:0 netmask -arp up # echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore # echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce # echo 0 >/proc/sys/net/ipv4/conf/tunl0/rp_filter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)