F5 LTM Route Domains and Dynamic Routing

I’ve spent a lot of time on F5’s over the last few weeks as we’re implementing them in a new data center design. Route domain functionality is being used in order to provide load balancing services to both our Extranet/DMZ environments as well as on the LAN. While good practice would usually dictate that these are on separate devices, route domains allow you to cut up a single appliance into virtual areas where traffic is completely isolated from one another. One aspect of this scenario that has trouble me a little has been getting dynamic routing on each of these route domains working – there isn’t a great deal of example configurations and f5’s own documentation doesn’t seem to offer much in the way of how you actually get it all set up. Dynamic routing on multiple routing domains is new as of LTM and TMOS 11.2.0.

In reality the config is very simple but knowing where and what to add proved difficult to find.

Assuming you have a partition called LAN and within it a route domain with instance id ‘1’, the following is required.

VERY IMPORTANT: On the Self-IP of the VLAN/Interface that you wish to have participate in OSPF make sure the port lockdown allows OSPF. I ended up making a custom profile which allows this or you can select the ‘ALL’ or ‘Default’ settings which will permit this. Weirdly, the default state which allow nothing will permit FULL OSPF adjacencies to form (sometimes) but weird behavior – route tables showing in the OSPF database but those routes not being added to the route table of the routing domain. On the Cisco end I frequently saw EXSTART or EXCHANGE states which wouldn’t move.

To edit route domain one, from the CLI run “imish -r 1” (where 1 is the route domain).

Enter configuration mode by typing ‘conf t’

The following is an example that will form an adjacency with a Cisco switch.

interface /LAN/LANTrunk
ip ospf priority 0
!
router ospf 1
redistribute kernel
network 192.168.0.0 0.0.0.255 area 10

The priority of 0 will just mean your F5 doesn’t become the DR, this may or may not be preferable on your network.

Redistribute Kernel will advertise any live VIP’s from the active f5 node (if they’re in a cluster).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.