Forum Discussion
NimbostratusRouted and SNAT modes on the same Box
Hi All, My customer has multiple servers resides on three different VLANs, each vlan has its own physical gateway, he needs to implement LTM by using SNAT for one group of servers (VLAN1) and routed in-line mode for the other VLANs as shown in the following diagram (hopefully it is clear)
I'm wondering if this is valid deign or not , if it is valid , do we need to use route domains ? keep in mind that Juniper FW is the gateway for two vlans and the ASA is the gateway for the third vlan.
please let me know if you need more clarification.
Ahmad.
3 Replies
Jason_40733Cirrocumulus
We have F5's divided into multiple route domains to provide multiple default gateways for customers in a shared load balancing environment. This works quite well for us.
I take it from your diagram that it is in fact multiple default gateways that you desire. If it's just for particular subnets a simple route statement could set the gateway.
Ravi_K__MalhotrHey,
Personally, i consider in-line as the last resort, as i see its demerits weights more than its merits. you can run the Big IP cluster in a hybrid mode, that means be in One-Arm mode, and just use inline for the particular vips when & where necessary. Remember configuring the F5 as a router or one armed device is not a global setting. so, you can configure a hybrid of sNAT'ed vips as well as non sNAT'ed vips on the same F5 unit.
--Ravi K. Malhotra--
- Kevin_Stewart
Employee
Routed (inline) and one-arm are both valid options, and I'd add that one-arm generally requires a SNAT whereas routed does not. And you'd only need route domains if:
- You need to occupy the same IP subnet for multiple customers, or
- You need to provide multiple default outbound routes
That doesn't seem to be the case here though. And yes as Ravi states you can definitely use routed and one-arm configs on the same platform.
