Forum Discussion
CirrusSelf IP for External VLAN on Active/Active Configuration
Hi Experts,
I want to implement active/active configuration using two BigIP 4200. My plan is to put both device to host my web server without firewall in front of them.
My questions is :
1. Do i need self ip for External VLAN on each device? I really don't want to waste our public ip.
2. Suppose our web server will accessible from both public and office network, do i need to create 2 VS or just one VS (put it on DMZ VLAN) and redirect traffic from public ip using NAT?
Thanks guys...
11 Replies
- nitass
Employee
1. Do i need self ip for External VLAN on each device? I really don't want to waste our public ip.yes, you need seflip on each device. anyway, you know virtual server address doesn't need to be in the same subnet as selfip, don't you?
sol11880: BIG-IP objects can be configured on a different subnet than the self IP address
http://support.f5.com/kb/en-us/solutions/public/11000/800/sol11880.html
2. Suppose our web server will accessible from both public and office network, do i need to create 2 VS or just one VS (put it on DMZ VLAN) and redirect traffic from public ip using NAT?either could be fine.
I want to implement active/active configuration using two BigIP 4200. My plan is to put both device to host my web server without firewall in front of them.you know one virtual server address can be hosted on only one bigip at a time, don't you? 
Ongko_8903Hi Nitass,
Thank you for your respond.
My Network Config is : Public IP Segment on X.Y.Z.32/28. Our ISP router (default gw) is on X.Y.Z.33.
After I read the documentation, i think i will create self ip using A.B.C.1 and A.B.C.2, and use A.B.C.3 as floating self ip
All VS will be floating IP on X.Y.Z.34 - X.Y.Z.46.
I will create default gw to ip X.Y.Z.33.
Do you think it will work?
If so, what is the purpose of ip A.B.C.1-3 ?
After I can understand problem number 1, maybe i can figure out which approach suitable to solve problem number 2
Regarding active-active configuration, i already know that 1 VS only reside in 1 traffic group, and 1 traffic group can only be active on 1 device.
I have about 10+ Server, so i will distribute it on both device, what are your recomendation?
Create 1 traffic group for 1 Virtual server to ease management and assign several traffic group to BigIP, or
Create 1 traffic group for each bigip and distribute several VS to both traffic group?
Thanks again...- Ongko_8903Posted By Ongko on 03/04/2013 09:48 AM
Hi Nitass,
Thank you for your respond.
My Network Config is : Public IP Segment on X.Y.Z.32/28. Our ISP router (default gw) is on X.Y.Z.33.
After I read the documentation, i think i will create self ip using A.B.C.1 and A.B.C.2, and use A.B.C.3 as floating self ip
All VS will be floating IP on X.Y.Z.34 - X.Y.Z.46.
I will create default gw to ip X.Y.Z.33.
Do you think it will work?
If so, what is the purpose of ip A.B.C.1-3 ?
After I can understand problem number 1, maybe i can figure out which approach suitable to solve problem number 2
Regarding active-active configuration, i already know that 1 VS only reside in 1 traffic group, and 1 traffic group can only be active on 1 device.
I have about 10+ Server, so i will distribute it on both device, what are your recomendation?
Create 1 traffic group for 1 Virtual server to ease management and assign several traffic group to BigIP, or
Create 1 traffic group for each bigip and distribute several VS to both traffic group?
Thanks again...
Hi Nitass,I already try it, but it didn't work. If my default GW is X.Y.Z.33 then i must have self ip on X.Y.Z.32/28. So i ended up wasting 2 public IP, one for each device.
Any other suggestion ?
What_Lies_Bene1Cirrostratus
You'll waste IP addresses in most HA configurations. In fact, if you fully implement active/active you'll need four, not three for the BIG-IPs. Can you not use a private subnet between the ISP router and the F5's and route the public range to the F5's as necessary?
- Ongko_8903
Hi Steve,
In existing configuration there isn't private subnet. I just want to replace my old device and also implement active-active configuration, so i want to minimize network change. To implement private subnet in between, i must buy router (infact two routers, to implement network HA) and a lot of changes.
So it's a dead end then......
btw, any recommendation for trafic group implementation?
I also read somewhere that BigIP can only host 15 Traffic Group, is it true? Is it 15 active, or 15 in total?
- nitassI have about 10+ Server, so i will distribute it on both device, what are your recomendation?
Create 1 traffic group for 1 Virtual server to ease management and assign several traffic group to BigIP, or
Create 1 traffic group for each bigip and distribute several VS to both traffic group? i do not have real experience. anyway, i think either is fine as long as high-utilization virtual servers are not in the same group.
I also read somewhere that BigIP can only host 15 Traffic Group, is it true? Is it 15 active, or 15 in total?it is 15 in total.
just my 2 cents. - What_Lies_Bene1
OK, so you'll have to waste the IP addresses it would seem.
See here for a diagram of an ideal active/active configuration: http://sdrv.ms/XTFhKD. You'll note it requires routing which in your case will be on the ISP router - I hope that's possible. If you need a more detailed explanation, post back. - Ongko_8903Hi Nitass,
thanks for clarifying about traffic group.
Hi Steve,
thanks for the pic. It seems you are using different Subnet on each traffic group. Is it possible for 2 traffic group share one network?
thanks. - What_Lies_Bene1Yes it is, but each TG needs it's own Floating Self-IP, hence the fact you'll use up four IP addresses. I've split the VS range up in the diagram but you don't necessary have to do it that way, you could of course use host routes as required, it's your choice but splitting on subnet lines is obviously a bit neater and has a lower admin overhead.
- Ongko_8903
OK, thanks steve, I think i will try it first on my lab.
