Single Arm Installation of LTM

want to install the LTM in a single arm mode do I still need to create both "internal-vlan" and "external-vlan"??? or I can create only one vlan that is "internal"when i say one-arm, i mean one vlan.

 

 

I have 8 ports on the LTM can I bundle all these ports into a single trunk and assign it to the internal and external VLAN together or in case if i can make only internal vlan then i assign this vlan to this single vlan.either will work. it depends on how many vlan you want.

 

 

Also is it a good idea to keep any of the ports free or I can put all of them in trunk. In case if i group all the ports in a single trunk how about the network fail-over will it work fine?or it may have some issue???for network failover, i prefer using dedicated port and connect it to peer unit directly (no intermediate device).

Thanks Nitass for your reply so let me just re-confirm and understand the things again... in one arm installation there is no need for multiple VLAN's to keep as internal and external ????right???

 

 

Now......

 

 

In case if I have a LTM fail-over unit, do i have to do these trunk configuration on the fail-over unit as well or it can get these configuration on synchronizing the two units.

 

 

Also in case of Active/Standby configuration can I keep the LACP mode as active on both of the units? or it should be Active on active unit and Passive on Standby unit?????

 

 

Also,

 

I have 2 cisco switches one active and other as standby I am planning to keep 4-ports (Gig) of BIG-IP LTM (Active unit) to active Cisco Switch and another 4-ports (Gig) to the standby Cisco switch as trunk group and same for the Standby unit of LTM. Now the problem is If i take out one port from each LTM unit and keep it for network fail-over as separate it will disturb my design as described above. So keeping in view the design situation and best practice what do you suggest to be done now????

 

 

Regards,

in one arm installation there is no need for multiple VLAN's to keep as internal and external ????right??? yes

 

 

In case if I have a LTM fail-over unit, do i have to do these trunk configuration on the fail-over unit as well or it can get these configuration on synchronizing the two units. network configuration (e.g. vlan, non-floating selfip, trunk, etc) is not included in synchronization. you have to configure them maually.

 

 

Also in case of Active/Standby configuration can I keep the LACP mode as active on both of the units? or it should be Active on active unit and Passive on Standby unit????? LACP active mode on both sides is fine.

 

 

Now the problem is If i take out one port from each LTM unit and keep it for network fail-over as separate it will disturb my design as described above.can you use serial failover instead of network failover? if i were you and serial failover was not possible, i would use 2 ports for each cisco (4 ports totally), 2 ports for network failover and 2 ports for future use.

Thanks Nitass for your last point do you mean I should keep one port from each of the LTM units to Active/Stand by switch for fail-over?? Can you explain I got mixed up a bit....

sorry to confuse you. i mean per bigip unit i would use 4 ports for cisco (2 each), 2 ports for network failover and 2 ports for future use. since network failover heartbeat is really important, if it is missing, both bigip units would end up with active/active. so i think using 2 ports as a trunk might be better if port is available. anyway, it is just my personal opinion. it is not right or wrong. you may use only 1 dedicated port for network failover as primary and use internal vlan as secondary.

Thanks Nitass......

 

 

In this single arm installation the Virtual IP for different services are in different IP subnet also the Nodes are in the different IP range let me explain it like this.....

 

 

 

 

[{server1:192.168.1.1}, {server2:192.168.1.2}, {server3:192.168.1.3}] >VIP:10.10.10.1

 

 

[{server1:192.168.2.1}, {server2:192.168.2.2}, {server3:192.168.3.3}] >VIP:10.10.20.1

 

 

[{server1:192.168.3.1}, {server2:192.168.3.2}, {server3:192.168.3.3}] >VIP:10.10.30.1

 

 

 

 

Once the default gateways is define all the IP's are accessible in the single arm mode. Now is it a good idea to keep the setup as single arm mode for Internal and external or it is better to separate the internal and external vlan's???? can you please comment on this... .

 

 

 

Regards,

 

 

in bigip perspective, i do not think it is so different. you can use either one vlan or two vlans. even using two vlans if return traffic does not pass through bigip, you also have to configure snat to force return traffic going to bigip before returning back to client.

ok now if i create one VLAN only named "INTERNAL" and I assign the ports to it... now when it comes to assigning the IP address to this VLAN.... do i have to create three IP address each from 192.168.1.x ,192.168.2.x, 192.168.3.x ranges separately.... or I can keep this interface in a totally different subnet lets say 192.168.4.0/24 and lets say I assign this VLAN an IP address 192.168.4.1 (active self), 192.168.4.2 (standby self) and 192.168.4.3 (floating) with a route that can make the box reach all of the other mentioned subnets will that be ok and will it work.... ?

I can keep this interface in a totally different subnet lets say 192.168.4.0/24 and lets say I assign this VLAN an IP address 192.168.4.1 (active self), 192.168.4.2 (standby self) and 192.168.4.3 (floating) with a route that can make the box reach all of the other mentioned subnets will that be ok and will it work.... ?yes, it should work.

what is the advantage or disadvantage from technical or design point do you see in using a self ip for all the subnets or keeping the same IP for allll ?