Forum Discussion
Deploying ISP load balancing
Hi all,
We already have 2 BIG-IP APM behind 2 Cisco Firewalls. We want to use the same BIG-IP for load balancing between 2 ISP links (I think, in front of the firewalls). We already have a full license, so we can configure the BIG-IPs for doing that.
We have experience in LTM and APM, but not in load balancing ISP links.
Today, the APM module consumes 2 network ports for incoming traffic from internet and for internal traffic.
We think in add 3 more network ports (2 for ISPs and the 3rd for traffic going to Firewall).
Is it a good idea to have the same BIG-IP Hardware in front of and behind the Firewall?
On the other hand, for incoming traffic, is it strictly necessary to delegate DNS traffic to BIG-IP? Is it not possible for BIG-IP to send an update to the external DNS server, every time the ISP links fails?
Thanks in advance
Best regards
- Andy_McGrathCumulonimbus
- youssef1Cumulonimbus
Hi Sergio,
It is possible of course. you can even use the RD (Route Domain) to isolate the apm stream from the LC stream. If you want to use RD let APM part in RD 0 it will more simple.
Let me know how I can help you to achieve your need.
Regards
- Techgeeeg_28888Nimbostratus
Hi Sergio,
What you are trying to achieve is possible. Below i am listing as to how...
-
The current physical connectivity of your F5 box is serving APM.
-
In order to use the same unit for Link (both in & out bound) Load balancing it's better to use separate physical connectivity.
-
This new connectivity should be in a fashion that F5 comes between F5 & Firewall.
-
All of your Public IP addresses will terminate on F5.
-
To ensure complete separation you can create a new Route-domain for LC part.
Regards, Techgeeg
- Sergio_MagraNimbostratus
Thanks for your answer!
Best regards
-
- TechgeeegNimbostratus
Hi Sergio,
What you are trying to achieve is possible. Below i am listing as to how...
-
The current physical connectivity of your F5 box is serving APM.
-
In order to use the same unit for Link (both in & out bound) Load balancing it's better to use separate physical connectivity.
-
This new connectivity should be in a fashion that F5 comes between F5 & Firewall.
-
All of your Public IP addresses will terminate on F5.
-
To ensure complete separation you can create a new Route-domain for LC part.
Regards, Techgeeg
- Sergio_MagraNimbostratus
Thanks for your answer!
Best regards
-
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com