Forum Discussion
CaliStar_13172
Nimbostratus
NimbostratusF5 and Nexus Routing Issues
We had 10.8 network on 2 F5's in Active and Standby mode. We created a new routing domain for another network 10.18 and also we used different physical interfaces on the F5. The F5's are connected to 2K-5K-7K - Firewall and they are trying to reach to 2 NAS hosts in the prod network which is a similar 7K-5K-2K . The 10.8 works fine.
When we try to reach to 2 hosts from the newly created 10.18 subnet servers , we are able to connect to one of the hosts. The traffic for the other host drops in the F5 and 7K mess. We plugged in a laptop to eliminate the server from which we were trying to reach to the hosts, the opposite happens now. We were able to reach to the nas host which we weren't reaching from the server.
Somewhere the traffic gets dropped .
Did anybody face similar problems? ? Please suggest.
8 Replies
HamishCirrocumulus
Can you create a logical diagram and attach it?
I don't follow why you created separate routing domains for what looks like to me just two separate subnets... (10.8.0.0/16 and 10.18.0.0/16). To me that should just be one (If summarised) to two static routes configured on the F5 to reach the destination subnets.
H
CaliStar_13172We had to create separate routing domains because 10.8 and 10.18 would be firewalled off in future.
Also we have a VIP VLAN which is a layer 3 SVI on the Core .
The node VLAN's are layer 2 only with statics on the core pointing to the VIP's .
The NAS server is sitting in the prod which is a completely different network.
We have this setup for the current 10.8 network . We were trying to move the 10.18 behind the F5's in a similar setup but we are using different physical interfaces on the F5.
I will create the complete logical diagram and upload it soon.- CaliStar_13172We have a self IP and floating IP on the LTM . 3 IP's per inside vlan - one for the active unit, one for the standby unit and one floating IP across both units
The real machines (nodes) have default gateway to that of the floating IP. - HamishAIUI that's not what routing domains on the LTM is intended for... Routing domains are for where you have two networks with the same address space... What you've got is just two subnets....
IIUC what your setup looks like you just need two vlans.
H - HamishAIUI that's not what routing domains on the LTM is intended for... Routing domains are for where you have two networks with the same address space... What you've got is just two subnets....
IIUC what your setup looks like you just need two vlans.
H - CaliStar_13172Do you have any suggestions on how we should approach towards this problem?
thanks for your time.... - HamishYeah. Just drop the routing domains on the BigIP and route to the destination subnets normally.
Beinhard_8950Imho the routing domains is to virtulize the F5 ( eq. different securty zones) and to maintain Users from doing something wrong (leaking traffic from a operator mistake in conjuction with partitions) and in the later release dedicate hardware resources to each routing domains.
