For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Nathan_67739's avatar
Nathan_67739
Icon for Nimbostratus rankNimbostratus
Jan 15, 2010

Forcing "routed" traffic back to gateway

We currently have a LTM 3600 (running 10.0.1), set up in a router-on-a-stick model (vlan based network with backend servers and VIPs logically, but not physically, behind the LTM).     We a...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jan 18, 2010
Hi Nathan,

 

 

I haven't read through the full thread to understand what's everything that's been discussed, but...

 

 

For the scenario you just mentioned with two customers and an external and internal VLAN for each which you don't want to route between, you can use a fairly simple configuration which Denny described nicely here:

 

 

Source routing

 

htp://devcentral.f5.com/Default.aspx?tabid=53&forumid=31&tpage=1&view=topic&postid=2097922930

 

 

I recently set this up with routing domains for a customer who wanted to segregate their public to DMZ server traffic from internal users to internal servers. The advantage to route domains is that you can use overlapping subnets for each client. It also provides an additional layer of protection against misconfiguration of LTM allowing traffic to mix between the two sets of VLANs. I don't think the additional complexity in configuration is worth it though, if you don't need to support overlapping subnets.

 

 

Aaron