Forum Discussion
Nimbostratusdesign and routing for setting up multiple environments with LTM
F5 Questions
DMZ has two vlans.
Vlan A - 192.168.33.0/24 (nodes)
Vlan B – 192.168.17.0/20 (Vips)
Both are in route domain 1 with a default route of 192.168.16.1 (cisco router) I’m omitting the “%1” for easier reading
That same router has a static route to the 192.168.33.0/24 network to use 192.168.17.1 (which is the address on the F5) All pretty straight forward.
On the internal Side I have the following
Internal_Big-IP: 10.0.13.0/24 (nodes)
Internal_Server: 10.0.1.0/24 (internal)
Internal_Vip: 10.0.4.0/24 (Vip)
Very similar to DMZ.. from an outside network. If I want to get to the node network I have to route through the VIP IP address.
Here is my situation. I’ve been given the task of splitting up all of our environments so they can’t talk to one other. Like Production, Dev, Staging, ETC
I created two new vlans for each environment. Like
Prod_int_node 10.0.150.0/24
Prod_int_VIP 10.0.151.0/24
Prod_DMZ_Node 192.168.150.0/24
Prod_DMZ_VIP 192.168.151.0/24
What I’m unsure about is how to route my traffic. Do I have to setup an interface on the cisco router for each vlan and use that as the default route. If that is the case, will l have to use a gateway pool for each environment?
Am I going about this the wrong way or should I just use route domain for each different environment?
7 Replies
- nitass
Employee
Am I going about this the wrong way or should I just use route domain for each different environment?
i would use route-domain.
Kevin_Bozman_15So two route domains for each environment, one for internal and the other for external?
Then make static routes on my Cisco that point to the Vips Floating IP to route to the Nodes network. I'm saying that because when I inherited these devices, this is how the existing network is currently setup. I assume it is correct.
- nitass
So two route domains for each environment, one for internal and the other for external?
shouldn't it be one route domain for each environment? each route domain has multiple vlans i.e. vlan_node, vlan_vip.
- Kevin_Bozman_15
DMZ Traffic is going to take different route than our Internal traffic. We have web servers (DMZ) and API servers (internal) So one route domain for each. right?
- nitassi am not sure about your routing. anyway, i think if you can configure it within one route domain, it is fine to use one route domain for one environment.
- Kevin_Bozman_15
Routing in the DMZ is an now the issue that I'm not sure how to handle properly
If I have Vlans with different IP networks for each different environment but I only have interface on my router to get our of my DMZ, what is the correct was to solve this? Do I add additional interfaces to the DMZ router or handle this differently?
Previously I'd use 192.168.1.1 as a route for Route domain 1
The VIP Vlan in the DMZ was on the 192.168.1.0/24 network previously. Now that I have 192.168.2.0/24 (Dev VIP ) and 192.168.3.0/24 (Staging- VIP) I obviously can't connect to the 192.168.1.1 router. So do I add additional interfaces on my router or handle this a different way.
ON the internal side I just add an IP address for each vlan and then set the route for each route domain to that Gateway.
Appreciate any help.
- nitass
The VIP Vlan in the DMZ was on the 192.168.1.0/24 network previously. Now that I have 192.168.2.0/24 (Dev VIP ) and 192.168.3.0/24 (Staging- VIP) I obviously can't connect to the 192.168.1.1 router. So do I add additional interfaces on my router or handle this a different way.
can't router do 802.1q?
