Forum Discussion

Maisha's avatar
Maisha
Icon for Nimbostratus rankNimbostratus
Apr 29, 2020

How to configure One ARM setup with multiple VLAN

I have attached our network scenario as an attachment here. My concern is how to configure the F5 LTM as One ARM having multiple VLANS where the VIP and the actual nodes are in different VLAN. A defa...
application delivery
BIG-IP
Simon_Blakely's avatar
Simon_Blakely
Icon for Employee rankEmployee

> One F5 VE VM has four VMNICS, 2 for Management (VMNIC0 Active and VMNIC1 as standby) and 2 Production (VMNIC 2 primary and VMNIC3 as Standby).

 

First - you can only assign one VNIC to Management - it's a single interface. On a VE - it's the first VNIC.

 

> and 2 Production (VMNIC 2 primary and VMNIC3 as Standby).

 

Again, this isn't how it works - the VNICs are connected to the virtual network infrastructure as Interfaces 1.1 and 1.2. You may be able to define the two links as a trunk.

 

> Do I have to define individual Internal and External Interface for each Pool Members?

 

Are you talking about pool members (i.e destination servers that deliver content) or virtual servers - listeners on the BigIP that forward traffic to the pool members.

 

> AS the Internal VLAN can't have a default gateway on F5 since they are connected with the Cisco switch, what would be the Internal Interface setup look like? Will it be Just a tagged Interface with VLAN 100 and No "non-floating and floating Self-IP"?

 

Every VLAN (tagged or untagged) has to have both non-floating and floating self-ip addresses to accept or send traffic.

 

If your internal servers cannot have their default gateway set to be the BigIP, then you will need to SNAT the traffic so that the return traffic from the pool members goes back to the BigIP.

 

> My ultimate goal is to setup the F5 VE HA pair to act like an One ARM but having External and Internal VLAN are in different sub-netwrok. What would be my setup in this case?

 

As I said before, a one-arm setup only has one vlan. You do not appear to be doing this.

boneyard's avatar
boneyard
Icon for MVP rankMVP
May 03, 2020

if you just setup all networks then creating a virtual server in one VLAN with a pool with servers on another VLAN will work. it will "route" from the external to the internal network for the configured traffic. you can enable SNAT on that virtual server (option: Source Address Translation) to make sure traffic returns to the BIG-IP.

 

if you want to communicate with systems on a network then IP adresses on those networks are advises. in a HA setup then node addresses and a floating one is best pratice.

 

you can continue that setup with multiple sets of external and internal networks. also keep in mind your virtual server network can be a non physical one, but just a subtnet you route to the BIG-IP.