Forum Discussion
cxcal_18687
Nimbostratus
NimbostratusOne Arm Config - 6900 series
Have a client that needs a 6900 configured in a one-arm config.
They have a internal and external VIPs for the LB.
By default, I created two VLANs with individual self IPs.
Should I have created a VLAN group and a single self IP.
Cspillane_18296Hello cxcal,
for a one-arm configuration (also called a dogleg configuration) you really only need one VLAN. You'll also need to ensure a SNAT is applied to the Virtual Servers so responses traverse the BigIP (SNAT automap is the simpllest way to achieve this).
Let me know if you need anything else.
Chris
cxcal_18687Thanks.. I will review my current config.- Exactly, there is no need for internal/external Vlans in a one arm or "on a stick" config... you would have one VLAN where the VIPs live, and one self IP. The VIPs would all live on the Self IP vlan, and the pool members would be anything the selfIP vlan can route to.... You would then need to SNAT on all the VSs.. automap being your basic option...
Note, in a one arm config and SNATing you lose the source address of the host... All the traffic looks like it's coming from the LTM.. There are ways around that like using the X-Forwarder, and or a custom iRule, but it all requires you to screw with logging to actual pull that information out in a useful manner for troubleshooting..
Hope that helps..
