F5 HA Cluster on Azure without Public IPs
I'd like to ask a couple of question about F5 running on Azure Public Cloud.
- Is that possible to use CFE without Public IP (aka elastic ip) and just with secondary ip addresses?
- Is that possible to use CFE for just manipulating the routes?
These question comes into my mind when i need to figured out a solution for a pair of F5 running on Azure Public Cloud. Because, all public IP addresses bound on a Firewall which currently sitting in between Internet and F5 cluster. Since there won't be any public ip addresses on F5s, i could not find a way to send traffic to the active F5. CFE comes into play here but CFE needs two ip addresses which first one is public and the other is secondary. Clearly, without public ips, CFE won't help much.
The schenario in my mind, when traffic came to public ip address on firewall, it sends the traffic to the secondary ip address which is currently attached on active F5 device. But when a failover occurred, i have to send traffic to the current active device, but how? Could i use CFE to manage just route tables? If yes, so i can point to traffic where should be sent, even if there is no public ip addresses. When a failover occurred, i can point to other secondary ip on curent active unit for whole subnet that F5 uses as virtual ip addresses, or this is just a dream?