For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Shaun_85943's avatar
Shaun_85943
Icon for Nimbostratus rankNimbostratus
Apr 26, 2010

Management & External networks on same subnet/physical network?

Ok,

 

I am evaluating the LTM VE for one of our web projects as its easier than getting a physical LTM to test. The problem is, the management network and external network are connected to the same physical network (both on 192.168.4.0) while the internal network is well segrated on a different vSwitch with a different network (172.16.6.0). No matter what I have tried so far though, I am not allowed to assign an IP for the external network since the Big-IP detects it as the same as the management network. Do I need to create another vSwitch with another network just for the management network and then manage it from one of my virtual servers instead of my desktop?
ve
virtualization

4 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Apr 26, 2010
    Hi Shaun,

     

     

    If you can define a separate subnet for management on the VM network it should work fine.

     

     

    You should be able to administer the LTM VE using a self IP on either the external or internal self IP addresses as long as you configure port lockdown to allow default (or explicitly allow TCP ports 22 and 443. The advantages to using the management port are more relevant for a production implementation. For example if the config doesn't load due to a syntax or license issue, TMM won't start and the switch ports won't be accessible.

     

     

    Aaron
  • Shaun_85943's avatar
    Shaun_85943
    Icon for Nimbostratus rankNimbostratus
    Apr 26, 2010
    hoolio, thanks for the quick reply. I ended up creating a seperate vSwitch port group on an existing vSwitch and then assigning just one virtual server and the LTM VE to said port group. I've been using a RDP session to that server to configure it, but I just tried the external IP and it worked. Thanks for your help. Now to just figure out how to write an iRule that directs all requests for vip/admin to one server and all request to vip/ to the other 2 servers.
  • qe_102628's avatar
    qe_102628
    Icon for Nimbostratus rankNimbostratus
    Apr 28, 2010
    Try something like this? 
    when HTTP_REQUEST {
  if { [HTTP::uri] starts_with "/admin" } {
    node 10.1.1.200 8080
  } else {
    pool HTTP_pool
  }
}
    here's the article I found that in: iRules 101 Article
  • DanF_103701's avatar
    DanF_103701
    Icon for Nimbostratus rankNimbostratus
    Jul 20, 2010
    Hi.

     

    I am new to the F5 world.

     

    I have a similar problem ( or the same ) trying to build a small LTM testbed.

     

    I am using Win XP with VMware Workstation 7.0 and Big IP LTM VE 10.1 trial edition.

     

    The host machine has two NICs, VMware detects them OK, but in LTM VE I can only use the management interface which is attached to the ext interface.

     

    I configured both Int and Ext in BIG-IP as custom, each one bridged to on of the two NICs. I also created self IPs on each. The two interfaces do not come up.

     

    Any suggestions would be appreciated.

     

    Tks.