For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Johannes_106389's avatar
Johannes_106389
Icon for Nimbostratus rankNimbostratus
Jun 09, 2012

LTM VLAN-setup and tagging

Hi,

 

 

We have a couple of LTMs and when we setup a new environment we do this:

 

 

 

VLAN 10 - Transport VLAN between our external firewall and the LTM, this is where we setup the VIP.

 

VLAN 20 - VLAN where the loadbalanced servers are located.

 

 

 

FW

 

|

 

|

 

|

 

SW ==== LTM (vlan 10 tagged on interface 1, vlan 20 tagged on interface 2)

 

|

 

|

 

|

 

 

_____________

 

| | |

 

SRV1 SRV2 SRV3

 

 

 

 

 

Is this setup wrong? Should we tag both VLAN10 and VLAN20 on the same interface (interface1)?

 

 

 

//Johannes

 

basic
getting started
new to f5

2 Replies

  • Johannes_106389's avatar
    Johannes_106389
    Icon for Nimbostratus rankNimbostratus
    Jun 09, 2012
    What is the best practice, is it even neccesary to use a separate VLAN for the "TRANSPORT"-traffic?

     

     

  • El_Jefe's avatar
    El_Jefe
    Icon for Nimbostratus rankNimbostratus
    Jun 27, 2012
    Johannes -

     

     

    Untagged = 1 VLAN per interface

     

    Tagged = 802.1q tagging (multiple VLANS on an interface), or a TRUNKED interface in Cisco terms.

     

     

    There isn't really a right or wrong. The interfaces work either way. Personally, I like to have all my VLANS in one group running to a Trunk (f5 terminology) on the LTM (multiple interfaces bonded together using LACP) and to different back end switches if your environment can support it. That way if one interface goes down, you don't lose the VLANs and cause a fail-over on the LTM if you are set up that way.

     

     

    Hope this helps.