Management & External networks on same subnet/physical network?

Question

Ok,
&nbsp;I am evaluating the LTM VE for one of our web projects as its easier than getting a physical LTM to test.  The problem is, the management network and external network are connected to the same physical network (both on 192.168.4.0) while the internal network is well segrated on a different vSwitch with a different network (172.16.6.0).  No matter what I have tried so far though, I am not allowed to assign an IP for the external network since the Big-IP detects it as the same as the management network.  Do I need to create another vSwitch with another network just for the management network and then manage it from one of my virtual servers instead of my desktop?

hoolio · Answer

Hi Shaun, 
&nbsp;  
&nbsp; If you can define a separate subnet for management on the VM network it should work fine.   
&nbsp;  
&nbsp; You should be able to administer the LTM VE using a self IP on either the external or internal self IP addresses as long as you configure port lockdown to allow default (or explicitly allow TCP ports 22 and 443.  The advantages to using the management port are more relevant for a production implementation.  For example if the config doesn't load due to a syntax or license issue, TMM won't start and the switch ports won't be accessible.   
&nbsp;  
&nbsp; Aaron

shaun_85943 · Answer

hoolio, thanks for the quick reply. I ended up creating a seperate vSwitch port group on an existing vSwitch and then assigning just one virtual server and the LTM VE to said port group. I've been using a RDP session to that server to configure it, but I just tried the external IP and it worked. Thanks for your help.  Now to just figure out how to write an iRule that directs all requests for vip/admin to one server and all request to vip/ to the other 2 servers.

qe_102628 · Answer

Try something like this?

when HTTP_REQUEST {
  if { [HTTP::uri] starts_with "/admin" } {
    node 10.1.1.200 8080
  } else {
    pool HTTP_pool
  }
}

here's the article I found that in:

iRules 101 Article

danf_103701 · Answer

Hi. 
&nbsp;I am new to the F5 world. 
&nbsp;I have a similar problem ( or the same ) trying to build a small LTM testbed. 
&nbsp;I am using Win XP with VMware Workstation 7.0 and Big IP LTM VE 10.1 trial edition. 
&nbsp;The host machine has two NICs, VMware detects them OK, but in LTM VE I can only use the management interface which is attached to the ext interface. 
&nbsp;I configured both Int and Ext in BIG-IP as custom, each one bridged to on of the two NICs. I also created self IPs on each. The two interfaces do not come up. 
&nbsp;Any suggestions would be appreciated. 
&nbsp;Tks. &nbsp;&nbsp;&nbsp;

Forum Discussion

Management & External networks on same subnet/physical network?

Recent Discussions

Big IP DNS Failover

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

Related Content

Re: Management Certificate

iControl REST Authentication Token Management

NGINX Management Suite API Connectivity Manager - Modern API driven Applications

Minimizing Security Complexity: Managing Distributed WAF Policies

Announcing F5 NGINX Instance Manager 2.18

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS