The Big-IP can be configured to use either tmm or mgmt interfaces for remote authentication (LDAP, TACACS, RADIUS, etc.) traffic.

Problem

When you want configure remote authentication on a F5 BIG-IP system you need to decide where the traffic will be routed. You need to specify either tmm or the management interface for remote authentication traffic.

tmm or management interface leads to another source ip and path, this can be set with the right routing configuration.

F5 Architecture

Now the F5 BIG-IP has two network stacks, tmm and linux, the following picture explains the difference:

mceu_10082175411612511642682.png

So, user processes can communicate over the tmm switch module or over the Mgmt Processor (linux kernel). The decision is made by setting route configuration.

Routing

BIG-IP routing tables

The BIG-IP routing table consists of a combination of routing subtables. A subtable for management routes, and a  subtable for TMM routes. Routes in the TMM subtable are defined with a lower metric than routes in the management subtable. As a result, if an equally specific route exists as both a TMM route and a management route, the system will prefer the TMM route. This also applies if the only defined management route is a default gateway, the system will prefer the TMM default gateway.

TMM switch routes are routes that the BIG-IP system uses to forward traffic through the TMM switch interfaces instead of through the management interface. Traffic sourced from a TMM (self IP) address will always use the most specific matching TMM route. Traffic sourced from a TMM address will never use a management route. When TMM is not running, the TMM addresses are not available, and all TMM routes are removed. As a result, when TMM is not running, all outbound administrative traffic uses the most specific matching management route.

The BIG-IP system maintains two kinds of routes:

Management routes

Management routes are routes that the BIG-IP system uses to forward traffic through the special management interface. The BIG-IP system stores management routes in the Linux (that is, kernel) routing table.

Management routing parameters

Viewing, deleting, and adding management IP addresses

TMM routes

TMM routes are routes that the BIG-IP system uses to forward traffic through the Traffic Management Microkernel (TMM) interfaces instead of through the management interface. The BIG-IP system stores TMM routes in both the TMM and kernel routing tables.

TMM routing parameters

Further information can you get on this excellent F5 documentation:

K13284: Overview of management interface routing


Revision #9
Created 20 September 2022 06:11:32 by Peter Baumann
Updated 12 February 2025 08:05:26 by Peter Baumann (Admin)