Can an LTM be connected to a Cisco FEX (fabric extender)?

Sure it can. I have my Viprions connected to FEX... (2248 TP's and soon 2248TP-E's as well).

 

Why would you think they can't? Or do you mean FET's? The Fabric Extender Transciever?

 

H

 

Oh. And I had a pair of 1600's connected to 2248TP's as well...

 

But they're gone now...

 

H

 

We've had issues with the FEX devices and when I learned they were planning to move my LTMs to a FEX, of course I want to research it. This thread on the Cisco forums had me concerned.

 

F5 LTM & FEX

 

Thanks for the quick response! Sounds like we will be OK.

 

Chris

 

Right. That's just BPDU's. Don't do STP (Active or pass-through) and you'll be fine. (i.e. Don't bridge any interfaces via the BigIP).

 

You also can't do layer3 interfaces on a FEX port IIRC.

 

This really just means your BigIP has to act like a host, rather than a separate switch. Which isn't usually a problem... At least the way I like to use them anyway.

 

H

 

Oh. I tend to try & connect my bigip's with 10Gb interfaces now. Usually to a Nexus 7k or Nexus 5k switch rather than the FEX's.

 

I still have a couple of FEX connected interfaces, but they're slowly migrating away. No issues though, as I don't bridge through the BigIP.

 

H

 

Hamish, were you able to connect your LTM to Cisco Nexus 7k or 5K 10G Interface? If so, what sfp module type you used? The Nexus Fabric Extender Transceiver (FET) sfp cannot be used to connect anything other than FEX. I want to know which sfp model works with F5 LTM.

 

Thanks

 

I have them connected to a pair of 7010's. (SUP1's, Fabric 1 and M132 XL cards).

 

The Optics I use at the 7010 end of the links are Cisco 10-GB-SR's. FET's probably don't work (I'm not sure of their tx/rx or freq). FET's are basically good for FEX's and FIC connectivity. (Possibly other cisco switch-switch links as well).

 

H

 

Mmm... Single arm implies single VLAN...

 

You don't have to have to have a single VLAN. You can trunk (cisco trunk, not F5 trunk) the port-channel and have 'internal' and 'external' vlans... At the end of the day, the BigIP doesn't care if external and internal vlans are on same or different physical interface.

 

I also use vPC's...So I have a single trunk at the BigIP connected to two 7010's in a vPC. So long as you're not doing routing protocols that works fine (Nexus can't do routing protocols on an SVI that's connected to a vPC)

 

H

 

Single arm implies connecting both internal and external interfaces on single switch Nexus vPC. In two arms, external interfaces are connected to upstream switch and Internal interfaces connected to downstream switch. So you are using two switches instead of one.

 

That is where I was confused because I was expecting two Trunks - external and internal traffic.

 

For example, External virtual servers VIPs 20.20.20.1, 30.30.30.1 (Trunk 1) Internal Nodes/pool members: 100.100.100.23, 200.200.200.34 (Trunk 2)

 

So you have only single LACP trunk connected to both 7010, correct?

 

I have the following questions: What happens if active F5 failed over to standby or primary vPC failed? Wouldn't this cause traffic disruption if the F5 does not have redundant link on both 7010?

 

Did you criss-cross connection to both 7010?

 

No, single arm implies a SINGLE VLAN. i.e. No Routing. This is the traditional description of single arm. Number of switch environments is immaterial when describing single versus non-single arm (Unless you're making up your own terminology instead, in which case you can call it what you like). And what you'd call a VE I have no idea.. 0 arms because it has no physical interfaces?

 

Anyway. We can argue semantics later. Preferably over a Pint of Rebellions finest.

 

So you have only single LACP trunk connected to both 7010, correct?

 

Yes. Correct. However, the Viprion DOES have a redundant link to the Nexus... There are at least TWO interfaces in the BigIP trunk. To a single vPC... Which is across TWO Nexus switches. In fact some of mine have 4 interfaces spread across 2 blades. Still a single vPC though. Because with vPC's you don't have to worry about spanning tree.

 

What happens if F5 failed over to standby or primary vPC failed?

 

Well, if the vPC failed, your nexus is probably not working anyway. (Unless it's a config problem. And they're always difficult to plan against). In fact I have yet to lose a vPC because of anything other than a complete switch failure (They're even reasonably robust against vPC peer keepalive failures so far)

 

H