Forum Discussion

Nik_67256's avatar
Icon for Nimbostratus rankNimbostratus
May 09, 2012

Is it advisable to deploy LTM & ASM on one Box?

Hi Aaron / All,



Does anyone know if its recommended by f5 to deploy BigIp LTM & ASM on one box.



What are the high level advantages. I looked up the documentation but nothing out there on this.






4 Replies

  • I've been discussing this with my F5 sales team. Basically its a matter of resources. In order for ASM to look at https traffic the traffic needs to be decrypted. If you are already doing ssl termination as part of the LTM, there's a lot to be said for having ASM on the same box so it only has to be unencrypted and reencrypted once. However doing the LTM function and the ASM function on the same box obviously takes more CPU/memory etc than just LTM.

    Thanks for your reply Mark.



    So Assuming CPU/memory is not an issue and if LTM is already doing SSL termination , then u mean it doesnt harm to put ASM on same box as traffic is already un-encrypted and ASM can inspect it directly (maybe makes the whole process faster). correct ?



  • Yes that is correct. Put another way, there's no conflict in functionality having them both on the same box, in fact they complement each other, you just have to make sure there's enough resources to run both
  • Hi Nik,


    It's a widely asked question and I am glad you asked it on the forum, Putting LTM and ASM on the same BOX will not harm you at all... you just need to take care of one thing which is the correct sizing of the LTM model which will take care of the Memory and CPU utilization as correctly mentioned above by Mark. Just take into consideration the total throughput of your Traffic and you are on the right track... :)..