Applies To:

Show Versions Show Versions

Manual Chapter: Implementing Overlapping IP Addresses
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

21 
The BIG-IP system includes a feature that allows you to use overlapping (duplicate) IP addresses on a network. This feature is known as route domains.
A route domain is a BIG-IP object that you create, that represents a particular address space on the network. Multiple nodes that each reside in a separate route domain on the network can have the same IP address. This allows a service provider, for example, to assign the same IP address to multiple pool members in a pool, where each pool member represents a different physical server. In this case, each pool member resides in a separate route domain. One common reason to use route domains is when you want each physical server to process traffic for a different customer.
For example, if you are processing traffic for two different customers, you can create two separate route domains. The same node address (such as 10.10.10.1) can reside in both route domains, in the same pool or in different pools, and you can assign a different monitor to each of the two corresponding pool members.
The BIG-IP system acts as if two more octets were added to each IP address. However, on the network, the system still shows the 4-octet IP address.
Each route domain has its own routing table, and traffic does not cross route domains unless explicitly configured to do so (default deny).
Each route domain that you create has a unique integer ID. The address format required for using overlapping IPv4 addresses is A.B.C.D%ID, where ID is the ID of the route domain in which the IP address resides.
For example, three distinct pool members can have the IP address 10.10.10.1:80, where one member resides in route domain 1, another member resides in route domain 2, and the third member resides in route domain 3. In this case, the three pool members are identified as 10.10.10.1%1:80, 10.10.10.1%2:80, and 10.10.10.1%3:80, respectively.
If you do not create any route domains, then all BIG-IP objects that you create reside in a single, default route domain. The default route domain has an ID of 0. If you use the default route domain only, then you do not need to specify ID 0 in any IP addresses, and this ID does not appear on the system.
For any of these BIG-IP objects that require an IP address, you must include the relevant route domain ID in the address, using the %ID format. (For information on route domain IDs, see Specifying route domain IDs.)
Figure 21.1 shows an example of configuring two distinct route domains for the purpose of using overlapping IP addresses on your network. Note in this example that the same IP addresses for objects in route domain 1 are used for objects in route domain 2. The only difference in the duplicate IP addresses is the distinct route ID.
Two route domains
The route domains are named 1 and 2.
Two VLANs per route domain
For route domain 1, these VLANs are named vlan_clientside1 and vlan_serverside1. For route domain 2, these VLANs are named vlan_clientside2 and vlan_serverside2.
Two self IP addresses per route domain
For route domain 1, the self IP addresses are 12.1.1.254%1 and 10.2.1.254%1). For route domain 2, the self IP addresses are 12.1.1.254%2 and 10.2.1.254%2.
Two client nodes per route domain
For route domain 1, the client IP addresses are 12.1.1.101%1 and 12.1.1.102%1. For route domain 2, the client IP addresses are 12.1.1.101%2 and 12.1.1.102%2.
Two server nodes per route domain
For route domain 1, the server node IP addresses are 10.2.1.101%1 and 10.2.1.102%1. For route domain 2, the server node IP addresses are 10.2.1.101%2 and 10.2.1.102%2.
Two virtual addresses per route domain
For route domain 1, the virtual addresses are 12.1.1.253%1 and 10.2.1.253%1. For route domain 2, the virtual addresses are 12.1.1.253%2 and 10.2.1.253%2.
Note: For information on the syntax for bigpipe or tmsh commands, see the Bigpipe utility Reference Guide and the Traffic Management Shell (tmsh) Reference Guide.
The first step to creating a route domain configuration is to create the VLANs. In our example, we need to create a total of four VLANs:
Two VLANs for application A (vlan_clientside1 and vlan_serverside1), corresponding to route domain 1.
Two VLANs for application B (vlan_clientside2 and vlan_serverside2), corresponding to route domain 2.
1.
On the Main tab of the navigation pane, expand Network and click VLANs.
This displays a list of all existing VLANs.
2.
In the upper-right corner, click Create.
The VLANs screen opens.
Note: If the Create button is unavailable, you do not have permission to create a VLAN. You must have the appropriate user role assigned to your user account.
3.
Locate the General Properties area, and in the Name box, type a unique name for the VLAN.
In our example, this name is vlan_clientside1.
4.
In the Tag box, type a tag for the VLAN, or leave the box blank.
If you do not specify a tag, the BIG-IP system assigns one automatically.
5.
In the Resources area, for the Interfaces setting, click an interface number or trunk name in the Available box, and using a Move button (<< or >>), move the interface number to the Tagged box. Repeat this step as necessary.
For more information on tagged interfaces, see the TMOSTM Management Guide for BIG-IP Systems.
7.
For the MTU setting, use the default value or type a new value.
8.
In the MAC Masquerade box, type a MAC address.
For more information, see the TMOSTM Management Guide for BIG-IP Systems.
9.
For the Fail-safe setting, check the box if you want to base redundant-system failover on VLAN-related events.
For more information, see the TMOSTM Management Guide for BIG-IP Systems.
10.
Click Finished.
11.
Repeat this procedure to create the second VLAN for route
domain 1, assigning the name vlan_serverside1 in step 3.
To continue with our example, use the procedure in the preceding section to create the VLANs for route domain 2. In this case, you assign the names vlan_clientside2 and vlan_serverside2 to the VLANs.
The next step in the configuration process is to create a self IP address for each VLAN. In our example, we are creating four self IP addresses: one for each of two VLANs in route domain 1, and one for each of two VLANs in route domain 2. Note that the two self IP addresses within a route domain must be unique, but any two self IP addresses that fall within separate route domains can have duplicate addresses, as long as the route domain ID in each address is unique.
1.
On the Main tab of the navigation pane, expand Network, and click Self IPs.
This displays a list of existing self IP addresses.
Note: If the Create button is unavailable, you do not have permission to create a self IP address. You must have the appropriate user role assigned to your user account.
3.
In the IP Address box, type the self IP address that you want to assign to VLAN vlan_clientside1, including the route domain ID (1).
In our example, the self IP address for vlan_clientside1 is 12.1.1.254%1.
4.
In the Netmask box, type a netmask.
In our example, the netmask is 255.255.255.0.
5.
For the VLAN setting, select the name of the VLAN that you want to assign to the self IP address.
In our example, this is vlan_clientside1.
6.
For the Port Lockdown setting, select Allow Default.
8.
To finish the configuration of this self IP address and create other self IP addresses, click Repeat and perform all previous steps until all self IP addresses have been created.
9.
Click Finished.
10.
Repeat this procedure to create a self IP address for the other VLAN in route domain 1.
In our example, this self IP address is 10.2.1.254%1 and the corresponding VLAN is vlan_serverside1.
To continue with our example, use the procedure in the preceding section to create the self IP addresses for VLANs in route domain 2. The self IP addresses for VLANs in route domain 2 are the same as the addresses in route domain 1, except for the route ID. In our example, the self IP addresses for route domain 2 are 12.1.1.254%2 and 10.2.1.254%2, and you assign the VLANs vlan_clientside2 and vlan_serverside2 to these addresses.
The next step to creating a route domain configuration is to create route domain objects. In our example, we create two route domain objects, and assign two existing VLANs to each route domain.
1.
On the Main tab of the navigation pane, expand Network, and click Route Domains.
This displays a list of existing route domains.
Note: If the Create button is unavailable, you do not have permission to create a self IP address. You must have the appropriate user role assigned to your user account.
3.
In the ID box, type an integer for the route domain ID.
For our example, this number is 1.
4.
In the Description box, type a textual description of the route domain.
5.
From the Parent ID box, select None.
6.
For the VLANs setting, click the VLAN name vlan_clientside1 in the Available box, and using a Move button (<< or >>), move the name to the Members box. Repeat the process for VLAN name vlan_serverside1.
7.
Click Finished.
To continue with our example, use the procedure in the preceding section to create route domain 2. In this case, assign the VLANs vlan_clientside2 and vlan_serverside2 to the route domain.
Next, you must create pools with pool members for each route domain. To continue with our example, create two pool members for each pool, specifying the route domain IDs in the pool member addresses.
In our example, each route domain has the same set of pool members; only the route domain ID differs within each route domain. Thus, route domains 1 and 2 each have the same pool members 10.2.1.101:80 and 10.2.1.102:80.
1.
On the Main tab of the navigation pane, expand Local Traffic, and click Pools
This displays a list of existing pools.
Note: If the Create button is unavailable, you do not have permission to create a pool. You must have the appropriate user role assigned to your user account.
3.
In the Name box, type a name for the pool, such as pool_rd1.
4.
For the Health Monitors setting, click a monitor name in the Available box, and using a Move button (<< or >>), move the interface number to the Active box.
5.
For the New Members setting:
a)
In the Address box, type a pool member address, including the route domain ID. For our example, this address is 10.2.1.101%1.
b)
In the Service Port box, type a service name, or select one from the list.
c)
Click Add.
d)
6.
Click Finished.
To continue with our example, use the procedure in the preceding section to create pool members for route domain 2. In our example, you create a pool with a name such as pool_rd2, and assign IP addresses 10.2.1.101%2 and 10.2.1.102%2 to the pool members. Note that these are the same IP addresses that you specified for the pool members in pool_rd1, except for the route domain ID.
Next, you must create static routes that apply to each route domain. In the example, for each route domain, the routes apply to both client-side and server-side destinations.
1.
On the Main tab of the navigation pane, expand Network, and click Routes.
The Routes screen opens.
Note: If the Add button is unavailable, you do not have permission to create a static route. You must have the appropriate user role assigned to your user account.
3.
From the Type list, select Route.
4.
In the Destination box, type a destination IP address, including the route domain ID.
For example, the destination can be the node address of a pool member, such as 10.2.1.101%1 (in pool_rd1).
5.
In the Netmask box, type the netmask for the IP address you typed in the Destination box.
6.
For the Resource property, select either of the following:
a)
Use Gateway
In the box, type the self IP of a VLAN within route domain 1, such as 10.2.1.254%1. (This is the self IP address for vlan_serverside1.)
b)
Use VLAN
In the box, type the name of a VLAN in route domain 1, such as vlan_serverside1.
7.
Click Finished.
a)
A route to the other server-side node in pool_rd1 (10.2.1.102%1).
In this case, the gateway address and VLAN name are the same as for the route you created in steps 1 through 7 (10.2.1.254%1 and vlan_serverside1, respectively).
b)
A route to a client-side node in route domain 1.
In this case, using our example, the destination address is 12.1.1.101%1, the gateway address is 12.1.1.254%1, and the VLAN name is vlan_clientside1.
c)
A route to the other client-side node in route domain 1.
In this case, still using our example, the destination address is 12.1.1.102%1, and the gateway address and VLAN name are the same as in the previous step (12.1.1.254%1 and vlan_clientside1, respectively).
To continue with our example, use the procedure in the preceding section to create static routes for route domain 2. In this case, you create these routes:
Two routes corresponding to each of the two server-side nodes in pool_rd2 (nodes 10.2.1.101%2 and 10.2.1.102%2), specifying either the gateway address 10.2.1.254%2 or the VLAN name vlan_serverside2.
Two routes corresponding to each of the two client-side nodes (nodes 12.1.1.101%2 and 12.1.1.102%2), where the gateway address and VLAN name are 12.1.1.254%2 and vlan_clientside2, respectively).
Finally, you must create virtual servers for each route domain, assigning a pool to each virtual server. In our example, the two nodes in pool_rd1 use the same two pool member addresses as the nodes in pool_rd2, although the routing IDs specified in the pool member addresses differ by route domain.
1.
On the Main tab, expand Local Traffic, and click Virtual Servers.
The Virtual Servers screen opens.
2.
On the upper right portion of the screen, click the Create button.
The New Virtual Server screen opens.
Note: If the Create button is unavailable, this indicates that your user role does not grant you permission to create a virtual server. You must have the appropriate user role assigned to your user account.
3.
In the Name box, type a name for a virtual server in route
domain 1, for example, vs_serverside_rd1.
4.
In the Destination box:
a)
Verify that the Host button is selected.
b)
In the Address box, type an IP address for the virtual server, for example, 10.2.1.253%1.
5.
In the Service Port box, either type a service number (such as 80), or from the list, select a service name (such as HTTP).
6.
Verify that the State setting is set to Enabled.
7.
From the Configuration list, select Advanced and do the following:
a)
From the Type list, select Performance (Layer 4).
For information on this virtual server type, see the Configuration Guide for BIG-IP Local Traffic Management.
b)
Except for the Default Pool setting, retain all default values.
8.
From the Default Pool list, select the name of the pool for route domain 1.
In our example, this name is pool_rd1.
9.
Click Finished.
10.
Repeat this procedure to create a client-side virtual server for route domain 1.
In our example, the virtual server name is vs_clientside_rd1 and the virtual server address is 12.1.1.253%1. You can skip step 8, selecting a default pool name.
Create a virtual server with a name such as vs_serverside_rd2 with an IP address of 10.2.1.253%2.
Create a virtual server with a name such as vs_clientside_rd2 with an IP address of 12.1.1.253%2. You can skip step 8, selecting a default pool name.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)