LInk controller 1600

Hi, basically link aggregation is configured between two unique equipments and cannot cross equipments, but you have alternative solution:

 

If your router interfaces are LAN interfaces like in many cisco ISR routers , then you can use them as such:

 

1. Create two VLANS in F5: VLAN_ISP1 & VLAN_ISP2
2. In each F5 take an interface (let's assume 1.1) assign it to VLAN_ISP1 and connect it to your ISP1 router
3. Do the same thing for a second interface (1.2) with VLAN_ISP2 and connect to ISP2 router

You will then have used both interfaces for extra redundancy without using link aggregation. This is for the outside part.

 

For your inside switches, if you want extra redundancy, you can use a full mesh topology where every F5 has a port connected to each switch, and a trunk link is connecting the switches. In this scenario you must ensure Spanning Tree is running and that the trunk link between the switches is always in STP forwarding state.

 

Thanks Amine

 

Can i have the sample config for the ISR Routers of 2?

 

I understood, create VLAN_ISP1 in both link controller and assing port 1.1 and connect with ISR 1 and ISR 2 router!!

 

Inside i am fine, should i use layer 3 switch or layer 2? if i use layer 2 any slowness?

 

else can i use a Cisco firewall to avoid switch?

 

Sorry I can't help for the Cisco part however since I have spoken about layer 2 switching I think it is easy to set up.

 

Inside i am fine, should i use layer 3 switch or layer 2? if i use layer 2 any slowness?

 

L2 switches are enough and theoretically they are not slower than L3 switches. You should be able to use the switch board integrated to the ISR, you can also use separate switches.

 

else can i use a Cisco firewall to avoid switch?

 

Yes you can but I can't see a reason to. Firewall is usually behind the LC, and I don't understand why you would avoid a switch for a firewall between F5 and the routers.

 

Thanks,

 

i using the link controller for load balance the ISP's, then my firewall in place to monitor the traffic.

 

I am ok with upto traffic from ISP1 & 2 to swithh1 and swithc 2.

 

ISP1-Router1-LC1-SWITCH1- FW1-CORE 1

 

ISP2-Router2-LC2-SWITCH2- FW2-CORE 2

 

now i want to connect the swithc 1 & 2 with FW 1 & 2? with redundancy?

 

now i want to connect the swithc 1 & 2 with FW 1 & 2? with redundancy?

 

Check the FW specific documentation for that, I think F5 is not involved here. Depending on your firewalls' brand and targeted design (Active-Active or Active-Passive) there will surely be more than one answer to your question.