How does F5 Bigip packets route inside/among its route domains?

Question

How does F5 Bigip route packets inside/among its route domains?

I have an F5 BigIP device. On that BigIP, I create a test partition called test123, the route-domain, VLAN, self IP of that test123 partition. It is like below:

Phenomenon Description：


[root@bigip:Active:Standalone] partitions # cat test123/bigip_base.conf
#TMSH-VERSION: 14.1.0

net route-domain /test123/test111 {
    id 111
    strict disabled
    vlans {
        /test123/test111
    }
}
net route-domain /test123/test321 {
    id 321
    strict disabled
    vlans {
        /test123/test321
    }
}
net self /test123/test111 {
    address 172.168.111.111%111/24
    allow-service all
    traffic-group /Common/traffic-group-local-only
    vlan /test123/test111
}
net self /test123/test321 {
    address 172.168.32.32%321/24
    allow-service all
    traffic-group /Common/traffic-group-local-only
    vlan /test123/test321
}
net vlan /test123/test111 {
    interfaces {
        1.1 {
            tagged
        }
    }
    sflow {
        poll-interval-global no
        sampling-rate-global no
    }
    tag 111
}
net vlan /test123/test123 {
    interfaces {
        1.1 {
            tagged
        }
    }
    sflow {
        poll-interval-global no
        sampling-rate-global no
    }
    tag 123
}
net vlan /test123/test321 {
    interfaces {
        1.1 {
            tagged
        }
    }
    sflow {
        poll-interval-global no
        sampling-rate-global no
    }
    tag 321
}
net fdb vlan /test123/test111 { }
net fdb vlan /test123/test123 { }
net fdb vlan /test123/test321 { }

As you can see the configuration of partition test123.

I create a tagged VLAN named vlan111 with tag 111, a route-domain called test111 with domain id 111 use the vlan111, and last I also bind a self IP 172.168.111.111%111/24 on vlan111.

Similar to the self IP 172.168.32.32%321/24 I create a tagged VLAN named vlan321 with tag 321, a route-domain called test321 with domain id 321 use the vlan321, and last I also bind a self IP 172.168.32.32%321/24 on vlan321.

Till now, I have self IP 172.168.111.111%111 and 172.168.32.32%321.

Then I ssh to my BigIP terminal, ping each IP locally, like below:

# I am in the default route-domain ping both IP without domain id
# cannot reach.

[root@bigip:Active:Standalone] partitions # ping -W 5 -c 3 172.168.111.111
PING 172.168.111.111 (172.168.111.111) 56(84) bytes of data.

--- 172.168.111.111 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms

[root@bigip:Active:Standalone] partitions # ping -W 5 -c 3 172.168.32.32
PING 172.168.32.32 (172.168.32.32) 56(84) bytes of data.

--- 172.168.32.32 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms

# ping with the route domain, they can be reached

[root@bigip:Active:Standalone] partitions # ping -W 5 -c 3 172.168.111.111%111
PING 172.168.111.111%111 (172.168.111.111%111) 56(84) bytes of data.
64 bytes from 172.168.111.111%111: icmp_seq=1 ttl=64 time=0.039 ms
64 bytes from 172.168.111.111%111: icmp_seq=2 ttl=64 time=0.042 ms
64 bytes from 172.168.111.111%111: icmp_seq=3 ttl=64 time=0.043 ms

--- 172.168.111.111%111 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.039/0.041/0.043/0.005 ms

[root@bigip:Active:Standalone] partitions # ping -W 5 -c 3 172.168.32.32%321
PING 172.168.32.32%321 (172.168.32.32%321) 56(84) bytes of data.
64 bytes from 172.168.32.32%321: icmp_seq=1 ttl=64 time=0.032 ms
64 bytes from 172.168.32.32%321: icmp_seq=2 ttl=64 time=0.039 ms
64 bytes from 172.168.32.32%321: icmp_seq=3 ttl=64 time=0.033 ms

--- 172.168.32.32%321 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.032/0.034/0.039/0.007 ms

# Swith to route domain 111, the 172.168.111.111 can be reached.
 
[root@bigip:Active:Standalone] partitions # rdsh 111

[root@bigip:Active:Standalone] partitions # ping -W 5 -c 3 172.168.111.111
PING 172.168.111.111 (172.168.111.111) 56(84) bytes of data.
64 bytes from 172.168.111.111: icmp_seq=1 ttl=64 time=0.027 ms
64 bytes from 172.168.111.111: icmp_seq=2 ttl=64 time=0.025 ms
64 bytes from 172.168.111.111: icmp_seq=3 ttl=64 time=0.035 ms

--- 172.168.111.111 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.025/0.029/0.035/0.004 ms

[root@bigip:Active:Standalone] partitions # ping -W 5 -c 3 172.168.32.32
connect: Network is unreachable

# Ping other route domain IP, it needs %route-domain-id
[root@bigip:Active:Standalone] partitions # ping -W 5 -c 3 172.168.32.32%321
PING 172.168.32.32%321 (172.168.32.32%321) 56(84) bytes of data.
64 bytes from 172.168.32.32%321: icmp_seq=1 ttl=64 time=0.050 ms
64 bytes from 172.168.32.32%321: icmp_seq=2 ttl=64 time=0.029 ms
64 bytes from 172.168.32.32%321: icmp_seq=3 ttl=64 time=0.021 ms

--- 172.168.32.32%321 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.021/0.033/0.050/0.013 ms

My Question: The ICMP packets flow between different subnets and route-domains without a static gateway configured.

What is the flow(process/mechanism) of F5 BigIP inner packets routing among different route domains?

I try to figure out the question by tracing the route between different subnets.

# I switch to 321 route domain
[root@bigip:Active:Standalone] config # rdsh 321


# in 321 route domain net space shows route table, no route to 172.168.111.0/24 network.
[root@bigip:Active:Standalone] config # ip r
127.1.1.0/24 dev if3  proto kernel  scope link  src 127.1.1.254
172.168.32.0/24 dev if5  proto kernel  scope link  src 172.168.32.32


# trace the route, the bigip.hostname is the hostname mapped to IP 172.168.111.111
[root@bigip:Active:Standalone] etc #  tmsh run util traceroute  172.168.111.111%111
traceroute to 172.168.111.111 (172.168.111.111), 30 hops max, 60 byte packets
 1  bigip.hostname (172.168.111.111)  0.047 ms  0.009 ms  0.008 ms


# switch to 111 route domain net space
[root@bigip:Active:Standalone] config # rdsh 111


# the IP bigip.hostname is changed to 172.168.32.32
[root@bigip:Active:Standalone] config # tmsh run util traceroute 172.168.32.32%321
traceroute to 172.168.32.32 (172.168.32.32), 30 hops max, 60 byte packets
 1  bigip.hostname (172.168.32.32)  0.036 ms  0.084 ms  0.070 ms

It seems the packets just go to the interface directly because the IP is the local IP on the BigIP machine. And there is no routing table. Is that mean I could regard it just as a local IP, and there is no routing among different subnet IPs in different route domains?

But I guess there are must be something to do with the map, right? is there any route domain map that can be shown?

There is little information about the mechanism of F5 BigIP route domain mapping on the Internet, most of the information on route domain is on the management and use cases of BigIP route domain.

Hope anyone could help to shed some light on this part?

score 0 · Answer 1 · answered Feb 23 '22 at 18:59

the system (in which your CLI commands reside) only has access to routes in RD0, which is why you can't ping even local interfaces without specifying the other route domains in which those self IPs are present. If parent domains are configured, routes not found within the child domain can be looked up in the parent, but this does not work in reverse.

How does F5 Bigip packets route inside/among its route domains?

1 Answers1