Forum Discussion
tolinrome_13817
Nimbostratus
Nimbostratusone arm setup and two vlans
I recently setup a bigip virtual and have it as a one arm setup. The bigip is off he dmz interface and then goes back out the same interface to the internal interface (all via the firewall). I do tho...
Typically when people refer to a "one-armed" configuration, it usually means that the virtual-address is on the same vlan and subnet as the application servers, and the application servers are not configured to use the F5 as their default gateway. When the F5 is not the default gateway we have to SNAT client traffic to maintain route symmetry. On the other side of the coin, a "routed", or "dual arm" configuration usually means that application servers are on a different vlan than the virtual-address, and that the F5 has been configured as the default gateway for application servers, which then means we do not need to SNAT client traffic. In either case the F5 is a full proxy and maintains both client side and server side connections regardless of the ingress/egress path.
I don't know if I would get too hung up on trying define your configuration as "one-armed" or "two-armed", as much as I would look at your ingress and egress path. Also this definition of one-armed versus routed, or two-armed is not a global setting. You have the ability to have configurations where the egress path for some application servers happens to be on the same ingress path, and other configurations on the same device that follow a different data flow. The biggest differentiator in your topology is going to be wether or not you need to apply SNAT(automap or a snat-pool) to a virtual server.