Forum Discussion

Fawad_29089's avatar
Fawad_29089
Icon for Nimbostratus rankNimbostratus
Mar 19, 2012

F5 LTM setup with Cisco FWSMs

Hi,     I am going to setup F5 LTMs in our environment for server load balancing. I have a question about the placement of F5 LTMs. We want to use our existing Data Centre Gateway Switch to con...
config
design
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Apr 29, 2012
Not sure I envy you with this one.

 

 

When you say 'the standby unit is disconnected... the active unit will try to failover' do you mean the FWSM's? Or BigIP? Not sure I like the description that the VLANs are done by the FWSM. That implies they think the BigIP is going to NOT be inline with the traffic to/from the VLANs. Unless they've implemented TWO actual vans for each server vlan (One in front of F5, one for the servers themselves). It sounds messy (Which is what usually happens when the groups don't talk to each other and theres a bit of a battle going on as each side attempts to make it all work how they see it.. Sadly they usually see it differently, and with no holistic view, it gets real complicated real fast).

 

 

Anyway.. Any chance of a diagram to show us how the routing is accomplished? I'm not sure I follow the bit about both external interfaces and making the other side pause. If your networks people really want the SVI's to be on the FWSM's, there's not a lot you can do. But they're making life difficult and i'm not sure I follow why. A simple FWSM with 2 SVI's and a whole lot of Layer-2 VLAN's that the BigIP is the router for has got to be easier for them. (I'm also assuming here you have multiple FWSM's in an active/standby config with multiple 6509's and the VLANs are all spanned across both switches with a trunk between them (That's a cisco trunk, not an F5 one :)

 

 

Oh... 6509's aren't really EOL yet. The card modules may be if they're old, but the chassis and the sups (Esp if they're sup720's or sup32's) have a bit of life left in them. e.g. Sup720-3B/3BXL have had EOL notices, but they're still on sale until next year, and supported until Jan 31 2018. Sup32's until March 2017. There are replacement 65xx parts BTW as well. YMMV depending on modules you have...

 

 

Oh... Assuming you're doing network failover, do you have a link between the two BigIP's that isn't on the same switches? I usually like to have a dedicated physical switch for HB's... Just in case...

 

 

H