BIG IP 1600 - Trunk configuration - More than 4 ISP Internet providers

Question

Dears,
Our company decided to purchase BIG IP HW, mainly to improve the internet access for our users, aggregating 4 ISP internet Links in order to get a 60Mbps link.&nbsp;
The main problem for us is, since the beginning of the project, the partner consultancy did a wrong sizing and we bought a 1600 box w/ only Link Controller (we do not have LTM License). So now we lost 2 interfaces (1 is connected to FW and other one connected to other box for HA) we have only 2 interfaces and 4 ISP ethernet links...&nbsp;
Question: Is it possible we configure the 4 interfaces in trunk mode connected to 2 or 3 Cisco switches so we would have the possibility to aggregate 4 ISP links ?&nbsp;
desired scenario&nbsp;
BIG IP======trunk====SWITCH======ISPs
We could create as many vlans as wneed to increase even more the total internet bandwidth&nbsp;
Any suggestion ?&nbsp;
Thanks in advance!!&nbsp;

chris_wentland · Answer

Yes, you can create a trunked interface, and even include your firewall interfaces if you have a single switching fabric for the LAN. If you have business reasons where VLAN isolation is not sufficient, then you will have to have a link to each switching fabric. If you have 3 separate switches, you will need 3 separate trunks. Each trunk can be a single interface, and have multiple VLANs associated with it, but the general rule is one trunk to each separate switching fabric. The switch fabric needs to be able to support LACP if you are planning to use more than one link in your trunk.

fabio_garcia_14 · Answer

Hello thank you very very much....
Please find below the topology we are chasing...&nbsp;
&nbsp;
Have you ever performed this config ? DO you know where can I find a example like that ?&nbsp;
thanks!!!&nbsp;

chris_wentland · Answer

That should be relatively straightforward. &nbsp;
Create a single trunk using LACP, add interfaces Eth1.1-1.3 to the trunk. 
Create your VLANS 100,200,300,400 on the LTM making sure to reference the appropriate tag number in the VLAN.
Create your Self IP's on VLANs 100,200,300,400
Create your Floating Self IP's on VLANs 100,200,300,400
(I would suggest locking down your ISP IP's to NO access)&nbsp;
You may also want to create a LAN enabled crossover interface for Network Fail Over that is not one of your ISP VLANs. (Do not do port lockdown on this interface)
Add a /30 IP to the crossover between the LTM for Network Fail Over and sync.&nbsp;
I think some people would question being outside of the firewall, I tend to be one of those people, but you are also load balancing ISPs. Just be careful not to permit access from the internet to any self IP on the LTM and you should be ok.&nbsp;

chris_wentland_ · Answer

Also, I'm not sure what you are looking to achieve with 3 switches in the infrastructure. If you are looking for redundancy, I may recommend putting two interfaces from each router to the lan, and using some method of unifying the forwarding plane of the switches. Whether that is in the form of stacked switches, or something along the lines of Arista / Cisco Nexus / Cisco VSS or something similar. Otherwise, the third switch in the middle really does not serve much of a purpose in the configuration.

chris_wentland · Answer

Also, I'm not sure what you are looking to achieve with 3 switches in the infrastructure. If you are looking for redundancy, I may recommend putting two interfaces from each router to the lan, and using some method of unifying the forwarding plane of the switches. Whether that is in the form of stacked switches, or something along the lines of Arista / Cisco Nexus / Cisco VSS or something similar. Otherwise, the third switch in the middle really does not serve much of a purpose in the configuration.

Forum Discussion

BIG IP 1600 - Trunk configuration - More than 4 ISP Internet providers

8 Replies

Recent Discussions

BIG-IP DNS iRule issue with static variable

Open Redirection Mitigation

how can I find the software version is 32 bit or 64 bit from LTM 15.1.10.4

(How) can I get two client certificates in one APM session?

Using okta as SSO to login F5 GUI

Related Content

F5 APM as Service Provider (SP) and Microsoft AzureAD as Identity Provider (IDP)

Enable SAML Service Provider on F5 Distributed Cloud Application

Protect an application exposed on Internet with F5 XC WAAP

F5 Terraform providers – Helping to implement Infrastructure as Code

Service Discovery and authentication options for Kubernetes providers (EKS, AKS, GCP)