Forum Discussion
NimbostratusIs it possible to covert (in prod) from "inline" to "one armed" mode?
Is this possible? What would I have to do on the F5 and the connected switch port to accomplish this?
To explain: I am at a remote site. Our other load-balancers were setup in one arm mode and for the sake of standardizing it would be nice to reconfigure this device if it is do-able. I have two different vlans on untagged Inside / Outside interfaces. I apologize ahead of time - I hope an expert would have the time to help a novice such as I.
wlopez_98779One arm mode means that both the F5 virtual servers and pool members are handled through the same vlan, most likely within the same netmask. If you're already configured this way, you probably already have SNAT Automap or SNAT Pool configured on the virtual servers.
The main issues you might face are really not with modifying the F5 configurations, but with the IP scheme and routing for the pool members.
In order to do the basic routing based load balancing setup you'll need to move the servers to the internal vlan (behind he F5s) using the F5 floating IP on the vlan as the pool members' default gateway, or configure SNAT (which you probably already have) to avoid asymetric routing.
kernel_panic_38To be clear - My current IN PRODUCTION system is using an inline configuration. I have an INSIDE INTERFACE mapped as 1.1 and OUTSIDE INTERFACE mapped to 1.2. Virtual Servers are setup on the OUTSIDE 1.2 interface. Pools / Pool Members are setup on the INSIDE 1.1 interface. I am confused as how to configure the system to have the virtual interface start forwarding traffic on the 1.2 interface to the pools. Is this possible with a couple configuration settings or am I needing to remove the OUTSIDE and INSIDE interfaces from the system and re-create a new interface and re-map the Virtual Servers and Pools to it?
In other words could I do something like changing the inside interface to be mapped to the 1.2 interface and the system should (using Auto Map) start using a "one armed" mode for forwarding traffic? If I am understanding documentation properly the system would start using the virtual ip of the 1.2 interface to forward traffic to the pools. (using snat if asymetric routing was expected).
wlopezCirrocumulus
One arm mode means that both the F5 virtual servers and pool members are handled through the same vlan, most likely within the same netmask. If you're already configured this way, you probably already have SNAT Automap or SNAT Pool configured on the virtual servers.
The main issues you might face are really not with modifying the F5 configurations, but with the IP scheme and routing for the pool members.
In order to do the basic routing based load balancing setup you'll need to move the servers to the internal vlan (behind he F5s) using the F5 floating IP on the vlan as the pool members' default gateway, or configure SNAT (which you probably already have) to avoid asymetric routing.
- kernel_panic_38
To be clear - My current IN PRODUCTION system is using an inline configuration. I have an INSIDE INTERFACE mapped as 1.1 and OUTSIDE INTERFACE mapped to 1.2. Virtual Servers are setup on the OUTSIDE 1.2 interface. Pools / Pool Members are setup on the INSIDE 1.1 interface. I am confused as how to configure the system to have the virtual interface start forwarding traffic on the 1.2 interface to the pools. Is this possible with a couple configuration settings or am I needing to remove the OUTSIDE and INSIDE interfaces from the system and re-create a new interface and re-map the Virtual Servers and Pools to it?
In other words could I do something like changing the inside interface to be mapped to the 1.2 interface and the system should (using Auto Map) start using a "one armed" mode for forwarding traffic? If I am understanding documentation properly the system would start using the virtual ip of the 1.2 interface to forward traffic to the pools. (using snat if asymetric routing was expected).