Forum Discussion
AltostratusHigh Availability and Load Balancing for Single-Node CE with multiple ISP uplinks
I'm designing a deployment for an F5 Distributed Cloud (XC) Customer Edge (CE) on-premise and would like some guidance on the best practices for link redundancy.
Scenario:
- Deployment: Single-node Customer Edge (CE).
- Connectivity: Three distinct ISP providers for internet access.
- Objective: Achieve High Availability (HA) and traffic balancing for the connectivity between the CE and the Regional Edges (RE).
- Traffic Flow: I will have a public Virtual Server on the RE, with Origin Pools located on-premise behind this CE.
- Goals:
- I want to ensure the best possible user experience and minimal latency/downtime if one of the ISP links fails.
- I’m looking for the best way to configure the CE to utilize all ISP links for its connection to the F5 XC Fabric.
- Handle failover automatically so that the RE-to-CE communication remains stable.
- Ensure the "shortest path" or best performing link is prioritized if possible.
Are there any specific configuration in the XC that I should focus on for this dual-homed setup?
Thanks in advance.
3 Replies
- zamroni777
MVP
Obviously you wont connect the ISP cables to XCCE, but to WAN router.
I assume you can have 1 public IP of each ISP connection to be used in NATs of XCCE:
In the WAN router, make 3 static dest NATs and 3 source NATs for those 3 IP and
corresponding PBR routing (if source IP is IP1 then route to ISP1, and so on). 
StefanBraittiNTThanks zamroni777. That will work but if the link flaps the ipsec tunnel will flap as well. That's not stable at all. Also it will not load balance the links.
- Nikoolayy1
You can also deploy 3 standalone CE for each ISP and group them in a virtual site.
For 3 CE cluster max 2 RE connections will be available as this suggests 2 ISP can be utlized in a cluster deployment.
See my article for ideas:
If you want just single CE that will prioritize best link to be hones this seems like a job for SD-WAN siting infrount the CE system not F5 CE.
