Hey Carl
This all depends on how the networking (VLANs, Routes and Self-IP addresses is configured). When using a Forwarding IP VS, the BIG-IP will simply forward the traffic to the IP address configured in the Destination IP Address field of the virtual server. However, it will be stateful.
To give you an example using an external and internal VLAN, you would configure it the following way:
External VLAN
- Self-IP Address: 10.10.1.31
Internal VLAN
- Self-IP Address: 172.16.1.31
Virtual-Server
- Destination IP Address: 172.16.1.100 (Same as FTP Server)
- Destination Port: 21
- VLANs and Tunnels: DO NOT Listen on Internal
- SNAT Automap: Off
It is important you configure so that the VS does not "listen" on VLAN internal. This is because the BIG-IP will ARP for 172.16.1.100 if it does that on the internal VLAN you will end up with an IP conflict. So it is important you only listen on VLANS where you expect traffic will originate from
FTP Server
- IP Address: 172.16.1.100
- Port: 21
- Default Gateway: 172.16.1.31
On the External Network Routing you add the following routing entry:
External Routing
destination 172.16.1.100 255.255.255.255 10.10.1.31
The traffic will flow the following way:
- Traffic originating from external with the destination of 172.16.1.100 will be routed to 10.10.1.31 (Self-IP of the BIG-IP)
- Since we have a virtual server (listener) on the BIG-IP for 172.16.1.100 it will pick up the traffic.
- The configuration on the virtual server state that it will not translate the client IP address (no SNAT), not translate the destination IP address or destination Port (standard for Forwarding IP type VS)
- The BIG-IP will review its routing table, traffic for 172.16.1.100 will be routed through VLAN internal since it is directly connected.
- Traffic arrives at the FTP server and since it uses the BIG-IP's self-IP address as default gateway, the return traffic will pass through the BIG-IP again.
- The BIG-IP will match the return traffic because it matches the session and send it back out on the external VLAN.
To read more about Forwarding IP VS's please check this article:
K7595: Overview of IP forwarding virtual servers
But that is one way of solving it. It all depends on how the environment is designed and configured.
I hope this helps!
Let me know if you have any further questions :).