Forum Discussion

khtut2012_10706's avatar
khtut2012_10706
Icon for Nimbostratus rankNimbostratus
Feb 19, 2012

F5 LTM - load-balance multiple network segment with cross-talk

Hi

 

 

I am planning to deploy the new BigIP LTM to the current 2 server firms. We have Web-Farm(192.168.1.0/24) and App-Farm(192.168.2.0/24) separated by Firewall for security.

 

 

We don't want to change the IP addressing thus opt for VLAN-Group to make LTM as inline deployment.

 

 

We only have budget for 1 pair of LTM thus I need to use the same LTM for both Web & App Firm. Means, LTM will have 2 connections to Web segment and 2 connections to App segment.

 

 

Normally, traffic will flow from Internet -> Web and Web -> App.

 

 

Now my question is :

 

 

After LTM is deployed, when Web Server(Real) talk to App Server(Virtual), how the traffic will flow? Is web server traffic hit to firewall or is it going to be routed by LTM?

 

 

My objective is to force the traffic to pass through via Firewall for security reason.

 

 

Thanks in advance for help and hope to get this work.

 

 

Kind regards

 

khtut

 

config
design

4 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Feb 20, 2012
    do you mean you are deploying 2 vlan groups (one is on 192.168.1.0/24 and the other one is on 192.168.2.0/24)? and you want to know when host on 192.168.1.0/24 subnet is going to talk to host on 192.168.2.0/24 subnet, will it bypass firewall using bigip?

     

     

    i never tested but i think it goes to firewall since it is at layer 2 bridging. anyway, if it is not, i think route domain may be used to separate routing between subnet.
  • khtut2012_10706's avatar
    khtut2012_10706
    Icon for Nimbostratus rankNimbostratus
    Feb 20, 2012
    Thanks for the reply.

     

     

    Yes, you are right that I'm deploying 2 vlan groups. I saw other thread discussing about how to make them talk using vs. So I suppose by default, LTM will not route between vlan. I'll try to test and get the concrete answer hopefully by this week and keep posted.

     

     

    Cheers!
  • khtut2012_10706's avatar
    khtut2012_10706
    Icon for Nimbostratus rankNimbostratus
    Feb 29, 2012
    Tested in the Lab and traffic will hit to Firewall before routed back to LTM.

     

     

    Posted By khtut2012 on 02/20/2012 01:50 PM

     

    Thanks for the reply.

     

     

    Yes, you are right that I'm deploying 2 vlan groups. I saw other thread discussing about how to make them talk using vs. So I suppose by default, LTM will not route between vlan. I'll try to test and get the concrete answer hopefully by this week and keep posted.

     

     

    Cheers!

     

     

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Feb 29, 2012
    Use network virtual servers to perform the forwarding of traffic from one vlan to another.

     

     

    They should be if type 'forwarding (ip)'

     

     

    H