Forum Discussion
NimbostratusExternal & internal facing loadbalancers - different subnets,VLANs
Hi,
I have a question about how to design loadbalancing of IIS websites in a DMZ. The picture below describes the situation.
1. a users opens a loadbalanced IIS website which is external facing to the internet. 2. Loadbalancer referes to Azure Pack Tenant 3. From the Azure Pack Tenant it has to talk to a 2nd loadbalancer 4. Loadbalancers refers to Azure Pack Admin 5. Azure Pack Admin needs to be able to talk back to the 2nd loadbalancer 6. Azure Pack Admin will talk to a 3rd loadbalancer to refer to the internal domain to SPF IIS
Question: How to get this to work? Does the 2nd loadbalancer need to be in a seperate subnet?
3 Replies
NikhilBEmployee
If you are separating your LB's from internal and external environments then, yes. (your devices that you are referencing are not labelled thus its a little tricky to make out)
LoadF5_186131Hi NikhilB,
Thank you for your response. I have added a new picture so the devices are labelled. As you can see in the DMZ we have an internal facing subnet and an external facing subnet.
My question is regarding the device B. Should this be in a seperate subnet from the internal facing subnet? Can a loadbalancer talk to a subnet and reply to it when it is in the same subnet?
- NikhilB
Can a loadbalancer talk to a subnet and reply to it when it is in the same subnet? Technically yes. One armed load balancing.
Personally have not seen a setup with 2 legs (internal and external) without a FW to filter on traffic. (unless you have the AFN/ASM modules running)
