Forum Discussion

vinizs_131016's avatar
vinizs_131016
Icon for Nimbostratus rankNimbostratus
Aug 06, 2013

Interconnecting BIP-IPs sites | WOM or IPSec?

Hello all,

 

 

I’m definitely new with F5 BIG-IP products.

 

Anyway, need your assistance, please!

 

 

BIP-IP 11.2.0 build 2805.0 HF7

 

 

What is the best/correct way for interconnecting four BIG-IP servers thru WAN/Internet?

 

 

All of them are based on the same configuration template; however, they all have their own set of IPs, etc…

 

I mean, there is no problem to route among them the real (private) IPs of each site.

 

 

All four have many VLANs.

 

The UNTRUST is dedicated, not tagged.

 

 

I need to interconnect among the sites one specific VLAN (in the future, more).

 

All sites have this VLAN with same name, but different network range.

 

(This is the administrative VLAN).

 

 

As I could find so far, there are at least 3 ways to do that:

 

1) BIG-IP WOM in Routed Mode

 

http://support.f5.com/kb/en-us/products/wan_optimization/manuals/product/wom-implementations-11-2-0/4.html

 

2) BIG-IP WOM in Bridge Mode

 

http://support.f5.com/kb/en-us/products/wan_optimization/manuals/product/wom-implementations-11-1-0/3.html

 

3) IPsec in Tunnel Mode between Two BIG-IP Systems

 

http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-11-2-0/9.html

 

 

Please, when using WOM? When using IPSec?

 

Inside IPSec topic: when using Routed and when using Bridge?

 

(Considering my need…)

 

 

Thanks a lot in advance for your help!

 

BR

 

vinizs

 

config
design

3 Replies

  • marco_octavian_'s avatar
    marco_octavian_
    Icon for Nimbostratus rankNimbostratus
    Aug 06, 2013
    1) When you say "four BigIP devices", do you mean two pairs (a pair at each site) or four single boxes (4 boxes - 4 sites)?

     

     

    2) Please make the goal clearer? Do you want to optimize specific application traffic and use a secure tunnel to do so (WOM)? More of a limited DCI/extended_layer2_vlan situation (WOM)?Or do you want to eventually have many/all subnets route to each other (IPSec) ?

     

     

    3) Do you have a VPN network currently? Do you have routers as the demarc for your ISP connections?

     

     

  • vinizs_131016's avatar
    vinizs_131016
    Icon for Nimbostratus rankNimbostratus
    Aug 07, 2013
    Hi!

     

     

    1) four single boxes (4 boxes - 4 sites)

     

     

    2) Goal: a secure tunnel. / many/all subnets routed to each other.

     

     

    3) Do you have a VPN network currently? Only client2site to connect from home, for example.

     

    Do you have routers as the demarc for your ISP connections? They are all operational and working with Internet.

     

     

    Thanks!!
  • vinizs_131016's avatar
    vinizs_131016
    Icon for Nimbostratus rankNimbostratus
    Aug 07, 2013
    I was reading about WOM.

     

    Seems that this is supposed to be set up “only” for apps performance purposes?

     

    Right?

     

    I mean, clients on site A need do access a WEB app in site B via WAN….

     

    In this case, WOM would help with performance. Is that right?

     

     

    So, the need here is interconnect all four single servers across the internet.

     

    In each site, some VLANs will interact with the others VLANs on the other sites.

     

    Ping; file sharing; terminal services, any kind of protocol necessary…

     

     

    I would say that what I need is a lan2lan IPSec VPN between each pair. Will be 6 tunnels to interconnect all four sites.

     

     

    Seems that I’m confusing WOM with this scenario…

     

    Is WOM for this purpose?

     

     

    Thanks!