Forum Discussion
NimbostratusWill F5 single arm setup work without SNAT?
NimbostratusThanks Shaggy. The whole idea behind paying top dollar and engaging F5 PS was to have an F5 expert work with us to understand our CSS based setup (using WebEx as they had to work remotely) and understand all the intricacies of our environment (working alongside our network & architect team). You will be surprised to know that till date we have had 4 WebEx sessions and every-time we got a new F5 engineer assigned to us. We were told by our initial F5 tech that ours was a pretty "cookie cutter" setup i.e. CSS in a single arm design receiving traffic from internet (behind a firewall) and load balancing among 3 servers (all of which are on same vlan). In any case we are going back to the drawing board and having our strategy meeting tomorrow, because if F5 can't allow our load balanced servers to see real source IP's and we have to change it to dual arm just for this functionality then we will seriously consider not buying anymore of these LTM's.
shaggyI've always had great experiences with F5 PS, so it's unfortunate that you are having a different experience. Regardless, the challenges you will face with the F5 one-armed routed architecture will be similar, if not identical, to what you experienced with CSS - drawbacks to an architecture aren't always due to the devices involved, but due to how TCP/IP operates. Some devices may hide traffic-flow issues auto-magically, others require different configuration to achieve the same behavior. Yours seems to be a fairly cookie-cutter setup, with a twist. You might discuss options presented by F5 PS regarding other designs/architectures to see if any work better for your environment. There are things that I've seen done in CSS environments that worked fine based on how CSS is internally designed, but may not be optimal for F5 environments.
