none
Default GW for Edge nodes behind HLB

    Domanda

  • Can someone please tell me what my default gw should be on my two edge nodes that are behind my F5 HLB? they both have three exrternal IPs assigned to them, one for each service but what should my default gateway be for the primary IP address?  I've read conflicting things.  Thanks!

    Rich

    sabato 9 giugno 2012 14:23

Risposte

  • Sorry just read what I wrote and I'm obviously getting tired. The default GW for the external NIC will be the IP address of the internal interface address of your external firewall

    Chris Clark - | MCTS:OCS & UC Voice Specialization | MCSE | MCSA | CCNA http://www.unitycomms.com

    sabato 9 giugno 2012 22:01
  • Even here Im reading conflicting things LOL.  Actually we have figured it out after more research.  Since we are load balanced behind an F5 we have two options.  Make the default gateway the self IP of our F5 or enable snat and make our default gateway point to the external firewall.  We enabled snat on the F5 and pointed our gateway to our external firewall and things are good now.  Thanks everyone for their input.

    Rich

    giovedì 14 giugno 2012 11:42

Tutte le risposte

  • You can only set one default GW on the edge server this should be set to the access edge IP address. You will need to add route commands for your internal NIC to route to the internal network.

    Chris Clark - | MCTS:OCS & UC Voice Specialization | MCSE | MCSA | CCNA http://www.unitycomms.com

    sabato 9 giugno 2012 21:36
  • yes, I have two nics set up on each egde server that is behind an F5 hlb. one nic has internal IP with no default gateway set.  Persistant routes are set.  The other has 3 public IPs set on it with the primary ip being the access edge (sip.domain.com).  So you are saying on that nic that has the three public IPs, the default gateway should be set on that nic, but to what address? The same IP address that I already have set for sip.domain.com?

    Rich

    sabato 9 giugno 2012 21:43
  • Sorry just read what I wrote and I'm obviously getting tired. The default GW for the external NIC will be the IP address of the internal interface address of your external firewall

    Chris Clark - | MCTS:OCS & UC Voice Specialization | MCSE | MCSA | CCNA http://www.unitycomms.com

    sabato 9 giugno 2012 22:01
  • The default gateway must be your F5 see https://devcentral.f5.com/weblogs/rkorock/archive/2011/07/14/1096289.aspx

    Rgds

    Jean-Marc

    martedì 12 giugno 2012 08:19
  • Hi,Rich,

    I agree with ChirsClark.

    According to the Microsoft document,in the planning guide for Scaled Consolidated Edge  with Hardware Load Balanced it says " the default gateway is set only on the network adapter associated with the external interface. For example, as shown in the Scaled Consolidated Edge Topology (Hardware Load Balanced) figure, the default gateway would point to the external firewall (10.45.16.1). " Details you can check  http://technet.microsoft.com/en-us/library/gg398670.aspx (Edge/Reverse Proxy Network Adapter Requirements )

    Also in the deployment guide Set Up Network Interfaces for Edge Servers On the external interface, configure three static IP addresses on the external perimeter network (also known as DMZ, demilitarized zone, and screened subnet) subnet, and point the default gateway to the internal interface of the external firewall".

    Hope this helpful.

    B/R

    Sharon


    Sharon Shen

    TechNet Community Support

    ************************************************************************************************************************

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.

    giovedì 14 giugno 2012 03:23
  • Even here Im reading conflicting things LOL.  Actually we have figured it out after more research.  Since we are load balanced behind an F5 we have two options.  Make the default gateway the self IP of our F5 or enable snat and make our default gateway point to the external firewall.  We enabled snat on the F5 and pointed our gateway to our external firewall and things are good now.  Thanks everyone for their input.

    Rich

    giovedì 14 giugno 2012 11:42