Forum Discussion
Regarding design LTM
Hi team,
I have two Big Ip one is active and other is standby. I have web servers connect to perimeter firewall and have internal servers connected to core. Now i have to load balance the both internal servers and web servers. Now my question is what is the best and secure way to execute this.
If my big ip is connected to Core Sw. can i configure one vlan for internal server and bind 1 port to it and connect to core sw. and another vlan for web server and bind another port and connect to perimeter firewll?
Prashanth
- Brad_Parker_139Nacreous
I would suggest connecting you BigIP to the VLAN your web servers live in and use a One-arm mode to load balance them behind your firewall. As for your internal servers connecting the BigIP to internal VLAN via the core is more than a valid approach. If you don't want to change your network topology than a One-arm approach will work for that as well.
- pkannur_189341NimbostratusHi Mr. Parker, Thanks for the response.. Web servers is connected to behind perimeter firewall, web server will be accessed from outside and internal servers are connected to core sw which is behind internal firewall ie on core sw, will be accessed by internal users. Below Is this what you meant: i connect f5[p1] to core sw in the same vlan as internal server [One arm mode] i can load balance internal server. For web server i i connect f5[p2] to sw in the same vlan as web servers behind perimeter FW. Correct me if i am wrong
- Brad_ParkerCirrus
I would suggest connecting you BigIP to the VLAN your web servers live in and use a One-arm mode to load balance them behind your firewall. As for your internal servers connecting the BigIP to internal VLAN via the core is more than a valid approach. If you don't want to change your network topology than a One-arm approach will work for that as well.
- pkannur_189341NimbostratusHi Mr. Parker, Thanks for the response.. Web servers is connected to behind perimeter firewall, web server will be accessed from outside and internal servers are connected to core sw which is behind internal firewall ie on core sw, will be accessed by internal users. Below Is this what you meant: i connect f5[p1] to core sw in the same vlan as internal server [One arm mode] i can load balance internal server. For web server i i connect f5[p2] to sw in the same vlan as web servers behind perimeter FW. Correct me if i am wrong
- pkannur_189341Nimbostratus
Hi Mr. Parker,
Thanks for the response..
Web servers is connected to behind perimeter firewall, web server will be accessed from outside and internal servers are connected to core sw which is behind internal firewall ie on core sw, will be accessed by internal users. Below Is this what you meant:
i connect f5[p1] to core sw in the same vlan as internal server [One arm mode] i can load balance internal server. For web server i i connect f5[p2] to sw in the same vlan as web servers behind perimeter FW.
Correct me if i am wrong
- Brad_ParkerCirrusThat is correct.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com