Forum Discussion

Chris_15694's avatar
Icon for Nimbostratus rankNimbostratus
Apr 30, 2011

LB migration idea

Hello. I am fairly new to deploying F5's and I hope that this forum is the right place for these questions.




Is it possible to deploy a pair of 3600s so that they split a common subnet across two VLANs but manage traffic at L3? This would be a temporary solution to allow for a L2 bridged Cisco CSS to be phased out gracefully. The end goal is to have the F5s functioning as the default gateway for pool members in "internal" VLAN. The current network configuration relies on the CSS being a L2 bridge which inspects all traffic to/from the default route. Unfortunately, due to the complexity of the application environment we cannot do a full migration in one clean sweep, so I need to get creative...




I've created a diagram of the "migration" state of the network to help clarify the scenario (little slow to load sometimes... but it will):




Is it possible to deploy the F5 units in parallel of the CSS, using SNAT to force application server responses back to the F5 until default routes on pool members can be updated? In this configuration the "External" and "Internal" VLANs on the F5 would not be members of a common VLAN group. Additionally, there would be an IP forwarding virtual server on the "Internal" VLAN of the F5 so that the default route on pool members could be changed to that virtual server's IP. After all default routes are updated, we turn off SNAT, remove the CSS from the configuration, and VLAN1 get's re-ip'd so that it doesn't overlap with the subnet on VLAN2.




My general concerns are:




1) This configuration *seems* to work properly using LTM VE in VMWare. In order to isolate IPs to their proper interfaces, I had to create a Route Domain on the "external" vlan and place the virtual server IPs in that route domain. This feels like a hackish way to make it work and probably isn't what Route Domains were intended to do. Is it "wrong"?




2) Will the F5's cause a L2 loop even if the F5 vlans are not grouped?




3) Is there a better / smarter way to do this?




4) Any other suggestions or advice?




Unfortunately I don't have access to this hardware in a real lab environment, so my testing is limited to LTM VE.










1 Reply

  • Chris - I'd encourage you to chat with your local SE on this as it's their job to work with you on stuff like this. SNAT will definitely help the migration. If I can find time later, I'll try and reply with more.