Forum Discussion

Nimbostratus

May 06, 2015

LTM setup question

I'm trying to setup a LTM in my network and was curios on the design aspects. Here's mysetup. Firewall ---> Switch ( let's say port to firewall inside is on vlan 100) --> IPS IN port is on VLAN...

Greg_Robinson_1

Cirrus

May 11, 2015

You could theoretically put VLAN 200 and the server VLANs on the same trunk. If you need to physically separate the pre and post F5 traffic, you'd then need separate trunks. I would recommend using at least two ports per physical F5 unit for redundancy. Anything after two really just depends on the bandwidth requirements. Extra capacity can be a great thing.

Yes, its best to use a separate VLAN for HA. I wouldn't even put an L3 gateway on that VLAN, just make it a /30 using RFC1918 and lock it down as I described.

You also need to check your switch for the load-balancing hash algorithm it uses for bundling links. Since you have all traffic coming from the firewall going to the F5 VIP(s), you want to avoid using any type of MAC-address-only hashing, otherwise your traffic is only going to use one of those links regardless of how many you have. Using a combination of source/destination IP or L4 port would be best, usually all four if possible (like Cisco's src-dst-ip-port if available.)

Best of luck!

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)