There are options to integrate F5 BIG-IP DNS and LTM into Cisco ACI Multi-Site or Multi-Pod. Figure 1 illustrates the common BIG-IP design options for north-south traffic flows (traffic flows between servers in the data center and clients in the external network), which is also applicable to east-west traffic flows that are the traffic flows between real servers through load balancer within data centers and across data centers. :
Figure 1. Common BIG-IP design options
As shown in figure 1, it is typical to deploy F5 BIG-IP DNS behind L3Out whereas there are different options to deploy F5 BIG-IP LTM:
Also, BIG-IP DNS is typically deployed as a shared resource among multiple tenants whereas BIG-IP LTM is deployed for each tenant or is used as a shared resource among multiple tenants. In this article, we will provide you a quick overview of the common BIG-IP design options and each of its highlight of the key characteristics. Please keep in mind that these options are illustrated in Cisco ACI Multi-Site and are applicable to Cisco ACI Multi-Pod deployments as well, with the assumptions listed below that represent common BIG-IP DNS and LTM deployment best practices:
Let us start with BIG-IP DNS.
Figure 2. Example of F5 BIG-IP DNS deployment
Figure 2 illustrates an example of typical F5 BIG-IP DNS deployment. As you can see, standalone BIG-IP DNSs are deployed behind L3Out and communicate with BIG-IP LTMs using iQuery via L3Out for information exchang. Also, BIG-IP DNSs are in the same synchronization group so that they work together to monitor the availability and performance of global resources (such as data centers, VIPs, etc.) and use that information to manage network traffic patterns. Next, let us look at BIG-IP LTM.
Figure 3. Example of a north-south BIG-IP LTM with SNAT design (with Service Graph)
Figure 3 illustrates an example of ACI fabric as the default gateway with the use of SNAT on BIG-IP LTM where service graph is used. Higlights of the key characteristics of this design are as follows:
Figure 4. Example of a north-south ACI Fabric as default gateway with PBR design
Figure 4 illustrates an example of ACI fabric as the default gateway with the use of ACI PBR to steer the return traffic to BIG-IP LTM. Higlights of the key characteristics of this design are as follows:
Figure 5. Example of a north-south BIG-IP LTM as gateway without SNAT or PBR design
Figure 5 illustrates an example of BIG-IP LTM as the default gateway without SNAT or PBR. Since the BIG-IP LTM is in the traffic path based on routing, both directions of traffic will always be forced to go through the same BIG-IP LTM and neither SNAT nor PBR is required. Higlights of the key characteristics of this design are as follows:
Figure 6. Example of a north-south ACI gateway without SNAT or PBR design (VRF sandwich)
Figure 6 illustrates an example of ACI fabric as the default gateway without SNAT or PBR. In this design option, the ACI Fabric is the default gateway of the real servers and the BIG-IP LTM is inserted inline in the data path by using another L3Out for the internal interface of the BIG-IP LTM, an option usually referred to as “VRF sandwich”. Since the BIG-IP LTM is in the traffic path based on routing, both directions of the traffic will flow through the same BIG-IP LTM, and neither SNAT nor PBR are required. Higlights of the key characteristics of this design are as follows:
To find out more information on each of the design options which includes the detail traffic flows and design recommendations etc, please refer to Cisco ACI Multi-Site/Multi-Pod and F5 BIG-IP Design Guide, a white paper jointly developed by Cisco and F5.
Don't forget to check out the Brightboard Lesson - Designing Cisco ACI and F5 Solutions together too!