Forum Discussion

Devlin_T_149357's avatar
Jan 16, 2019

F5 in Azure Question

Hi all

 

Has anyone deployed an F5 instance in Azure, specifically using the ARM template provided via F5's Github page?

 

I ask because in the deployment template there are two parameters to complete:

 

'Number of External IPs' & 'External IP Address Range Start'

 

...in our case we do not need external IP addresses as the F5 will live just below an internet-facing firewall which does NAT to the VSes below. We then intend to assign the external interface to a /24 subnet and then create virtual servers from this range.

 

Is this even possible within Azure? Surely we do not need a distinct public IP address per virtual server?

 

By the way this is a single instance, no HA.

 

Thank you

 

  • Hi Devlin,

     

    you may choose either a 1-NIC or 2-NIC depending if you want to seperate MGMT and PROD traffic or not.

     

    https://github.com/F5Networks/f5-azure-arm-templates/tree/master/supported/standalone

     

    I always keep the pre-installation wizard as simple as possible and only perform a minimalistic setup without specifying additonal IPs (just the SelfIP for each interface). Right after the installation is completed, I'm going to remove most of the wizard based configuration objects and start my own configuration from the scratch. I'm heavily OCD'ed and simply MUST to use my own naming convention... ;-)

     

    You can later add as many as needed additional IPs to your F5-VM-Interfaces via the Azure Management and then use those IPs for Virtual Servers or SNAT-Pools.

     

    Note: If you plan at some point to extent your single-node F5 to become a cluster, then make sure to use a the 2-NIC template to seperate your MGMT and PROD interfaces. By doing so you can reuse your PROD network as a sync/failover link. And with the help of an front-ending Azure-LB you will be able to create SYNC-Failover cluster pretty much comparable to the ones you are using in a fully featured Layer2 environment (far better than the feature limited Active/Active via-LB templates or the pretty much overengineered Active/Passive via-API templates supported by F5).

     

    Cheers, Kai