Forum Discussion

TAC_AAL_342424's avatar
TAC_AAL_342424
Icon for Nimbostratus rankNimbostratus
Dec 02, 2017

CiscoACE to F5 Big IP LTM migration

Hi, I'm upgrading from Cisco ACE to BigIP LTM. My Cisco devices are in bridge mode, so I have to keep that config for LTM.

 

  • With the BigIP LTM I have done all my tests using a separate partition (other than Common). In this partition I have a VLAN group with two members (external and internal) and bridging enabled. External and Internal interfaces are not tagged. Everything works as expected.

     

  • Since I have few contexts in the Cisco ACE I have to create Partitions and RDs to match with the number of contexts. I have tagged the interfaces based on the tagging I already have on the network, and create a VLAN group for each Partition. The switch ports where LTM interfaces are connected are set for trunk mode (Cisco) with dot1q encapsulation since they have to support multiple VLAN.

     

  • When I do this it creates a loop and STP blocks one the ports (either the one corresponding to the external or internal interface of the LTM). I've been looking through the manuals, and as well on questions on dev central but I did not find anything similar. Did anybody encountered this issue or if you know of any document, white-paper, Q and A that cover this scenario? Any input is greatly appreciated. Thanks

     

  • You want cross-VLAN routing via BIG-IP LTM? Why not use Forwarding Type Virtual Server(s)? How many VLANs you have that must be able to communicate to one-another?

     

    Bridged mode is never a goal in modern DC designs. I believe if you retain the functionality of cross-VLAN communication nobody will complain about your work.

     

    • Hannes_Rapp's avatar
      Hannes_Rapp
      Icon for Nimbostratus rankNimbostratus

      For reference, in case of many VLANs that need to be able to communicate to one-another, use a network mask to overlap them all (for the Forwarding Type Virtual Server). I have one client with 23 server-side networks that require cross-VLAN connectivity without restrictions. For that, in BigIP LTM, I have 23 VLANs, local-only and floating SelfIPs, and 1 Virtual Server to cover the requirement. Nothing else required. Ofcourse, this works best if your networks are all starting with same octet values, i.e. 172.16.x.x.

       

  • You want cross-VLAN routing via BIG-IP LTM? Why not use Forwarding Type Virtual Server(s)? How many VLANs you have that must be able to communicate to one-another?

     

    Bridged mode is never a goal in modern DC designs. I believe if you retain the functionality of cross-VLAN communication nobody will complain about your work.

     

    • Hannes_Rapp_162's avatar
      Hannes_Rapp_162
      Icon for Nacreous rankNacreous

      For reference, in case of many VLANs that need to be able to communicate to one-another, use a network mask to overlap them all (for the Forwarding Type Virtual Server). I have one client with 23 server-side networks that require cross-VLAN connectivity without restrictions. For that, in BigIP LTM, I have 23 VLANs, local-only and floating SelfIPs, and 1 Virtual Server to cover the requirement. Nothing else required. Ofcourse, this works best if your networks are all starting with same octet values, i.e. 172.16.x.x.