Forum Discussion
NimbostratusBIG-IP Network Setup Question
We a virtual BIG-IP that has reached its 10 NIC limit(VMWare limitation). Right now for every network that we have a node in we connect that network up to the BIG-IP using another NIC and unfortunately this is a vCloud environment so we cannot trunk the vlans easily. This worked great when we were smaller, it kept the health checks for clogging up the firewall and IDS. Now I believe we need to start routing traffic as the 1:1 relationship between NICs and networks won't be sustainable. Has anyone else run into this limitation and could give some advice on their experiences with routing traffic versus having a leg into every network?
2 Replies
mimlo_61970Cumulonimbus
I have used a routing traffic setup for many years, even running a 1 armed LTM.
I have always used it in a SNAT situation, I don't think any other option will work when there are multiple hops between the LTM and the backend resource. Assuming you are already doing SNAT, or are OK with moving to it, there isn't much to do, other than create the appropriate self IPs, SNATs(if you don't use automap) and routes pointing to the correct next hop.
Brad_146558Yep, I am a big fan of automap =)
Turns out we'd setup a default route long ago but never had the firewall rules in place to support it so all I had to do was create some rules. One thing I will say to anyone else who reads this is to make sure you turn logging off on that rule if your firewall does logging on a per rule basis. From what I saw on our firewall the BIG-IP generated traffic every 5 seconds to every node that has a health monitor.
