Forum Discussion
NimbostratusBIGIP in a network Edge device role
HI
your diagram explains a few things, the routing on the f5 can fairly simple or a bit complex based on your needs
External Facing VLAN AKA vlanexternal give it an ip subnet this vlan will face your firewalls. the vlan will have a floating ip addresses as well to ensure failover to standby. from a default route perspective I am sure you can default route to the firewall ip if your internet breakout is residing that side. you can then launch your vip's from this vlan either create external facing vip's with a new ip subnet or use the external vlan ip subnet to give yourself vip's
Internal vlan/vlan's will be facing the core switch. you can run one vlan/ipsubnet from your f5 10gig lag then route all internal facing networks towards your core network as a next hop, you might not even require snat because return traffic from internal will flow back to the f5 towards the firewall/internet.
Also in this scenario your f5 will have to do routing because your core network needs to reach the internet via the f5 you will most likely require a ip forward virtual server. Hope this helps you.
you can either use static routing or dynamic depending on your requirements.
NimbostratusI've knocked up the ugly pic below. I've omitted the OOB/management networks.
Essentially we come in from the firewalls (corporate shared services) to two stacked DMZ switches in our "DMZ" with 1Gb aggregated uplinks to the F5s
The F5s are then our edge devices for the hypervisor cluster, with redundant aggregated 10Gb links to a set of stacked fabric switches in our chassis.
The question is simply- are there guides or resources I can use to configure an F5 (without AFM) for the role as an edge device?
Many thanks!
