vCMP guest VLAN assignment question

Question

hi guys.&nbsp;
I need to transform several Cisco ACE installations to an f5 viprion platform. On the ACEs, we have 50+ contexts. Each of them will be transformed into a separate set of Admin-partition, traffic-group and route-domain on several vCMP guests. Normal approach for migration of a single context is:&nbsp;

create VLANs but leave them without assigned interfaces on the vCMP host, thus avoiding interference with the affected production net and the current ACE installation&nbsp;

assign them to the appropriate guest -&gt; they will be propagated and appear in the Common partition of the guest&nbsp;

create partition and traffic-group on the vCMP guest.&nbsp;

delete VLAN in Common partition and re-create it in the dedicated partition (because it cannot be moved once it was propagated to the guest by the host)&nbsp;

do proper configuration of all elements on the vCMP guest (in appropriate partition with dedicated default RD and traffic-group), leaving all IP addresses the same as on the ACE.&nbsp;

enable VLANs on the uplinks to the viprions (still no interference with old system because of step 1).&nbsp;

In the maintenance window, disable VLANs to the ACE, then add interfaces to the VLANs on the vCMP host.&nbsp;

if needed, perform a failover of the dedicated traffic-group in order to generate gratouitious ARPs for all floating IP objects&nbsp;

This approach works very well, we've already done 20+ migrations like this.&nbsp;
Now, I have the problem that I have two contexts that share a single VLAN. The first one was already shifted to the f5, the second one needs to get prepared and moved soon (to a different vCMP guest). Because of that situation, the VLAN already has some interfaces assigned to it on the vCMP host, so my normal approach is not feasible here.&nbsp;
My current plan is to create the VLAN on the second vCMP guest directly within the appropriate partition without assigning it to the guest on the vCMP host, then do all the config stuff and as a last step assign the VLAN to the guest during cutover. I'm a bit unsure though what will happen when the vCMP host tries to propagate a "new" VLAN to a vCMP guest that already exists. Will this collide somehow? Does anybody have experience with a similar situation? Any hint is appreciated!&nbsp;
Many thanks in advance!&nbsp;
Martin&nbsp;

hamish · Answer

You can't create VLAN's on a guest. &nbsp;
IIUC you're doing it this way because you don't want to change the IP's of the VS's that are cutting over. You're shifting them from the Cisco ACE to the BigIP.&nbsp;
You could however try creating the VS's etc on the guest ahead of time. Then at cutover time you just need to attach the already created VLAN to the vCMP Guest and on the guest create any required selfIP's (Note that for INBOUND traffic to VS's with defined IP's you don't need selfIP's. They're only mandatory for targeting the BigIP itself (i.e. as a router) or when big needs to route traffic OUT of the interface to somewhere else (So you can add a next-hop route or communicate with directly attached hosts on that connected VLAN).&nbsp;
The approach above should work. You don't need the VLAN to be present when creating VS's (In fact VS IP's don't even need to exist on attached VLANS as long as you have the appropriate routing setup in your network).&nbsp;
H&nbsp;

jim_43841 · Answer

My current plan is to create the VLAN on the second vCMP guest directly within the appropriate >partition without assigning it to the guest on the vCMP host, then do all the config stuff and as a >last step assign the VLAN to the guest during cutover. I'm a bit unsure though what will happen when >the vCMP host tries to propagate a "new" VLAN to a vCMP guest that already exists. Will this collide >somehow? Does anybody have experience with a similar situation? Any hint is appreciated!

This plan will work just fine. The host matches vlans up to the guest based on the vlan id (not name), it will match up the vlan when you eventually assign it to the guest on the host in the same manner as it would have if you'd done it in the other order.

This plan will work just fine.
The host matches vlans up to the guest based on the vlan id (not name), it will match up the vlan when you eventually assign it to the guest on the host in the same manner as it would have if you'd done it in the other order.&nbsp;

amshaffer_24494 · Answer

In this configuration, did you need a dedicated failover vlan per partition/traffic group.   I am doing an ACE to F5 migration with 50 contexts

tatmotiv · Answer

No, you don't need a dedicated failover VLAN per traffic-group. Not even one per vCMP guest. You can use one shared failover VLAN for all guests, provided you use unicast failover.

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

vCMP guest VLAN assignment question

4 Replies

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Raise your hand if you'll be at AppWorld 2026

RDP Webtop deployment

Maintenance page / local website that includes subfolders

VIPRION B2250 to VELOS CX410 and BIG-IPr10900 migration

Single LTM with multiple GTM domains

Related Content

APM variable assign examples

Mitigating OWASP API Security Risk: Mass Assignment using F5 BIG-IP

Mitigating OWASP API Security Risk: Mass Assignment using F5 XC Platform

Creating, Importing and Assigning a CA Certificate Bundle

UCS Encryption Question

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS