Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

DIFFERENCE BETWEEN ONE ARM and ROUTED DEPLOYMENT OF F5?

Prince
Altostratus
Altostratus

‎07-Sep-2014 08:38

Hi All,

 

Can anyone please explain what are the differences between the two deployment types? Advantages and disadvantage of both?

 

Thanks in advance.

 

Labels:
0 Kudos
6 REPLIES 6

The_Bhattman
Nimbostratus
Nimbostratus

‎07-Sep-2014 09:50

Hi Vineet,

 

"One-armed" configuration typically means an application servers you are load balancing is not configured on the network that is facing the VIP. Where the application server is not configured to use the F5 as their default gateway. When the F5 is not the default gateway, you have to SNAT client traffic to maintain route symmetry. The disadvantage is that you loose the ability to view the client IP address on the application server either through logs or troubleshooting . You would then need to deploy indirect methods to keep track of IP addresses. However, the power is that it can be inserted in an existing network where you cannot make network changes.

 

Routed is basically traffic that goes through the F5 either via load balancing or as a layer 3 hop. This is the preferred setup, but requires the application servers to be in position where the gateway is the F5.

 

I hope that clears things up

 

0 Kudos

Chris_Wentland
Nimbostratus
Nimbostratus

‎08-Sep-2014 06:24

You also need to keep in mind that "one armed" configurations change your available bandwidth through the BigIP. If you have a single interface to your LAN, you will only get half of the throughput in theory. Make sure you scale links using LACP appropriately to ensure that you have enough bandwidth.

 

Client -> VIP = Ingress on BigIP Port SNAT -> Server = Egress on BigIP Port Server -> SNAT = Ingress on BigIP Port VIP -> Client = Egress on BigIP Port.

 

0 Kudos

Prince
Altostratus
Altostratus

‎08-Sep-2014 07:15

Hi Bhattman,

 

I was assuming earlier as the virtual servers and the pool members are on the same VLAN in one-arm deployment and in this deployment we use SNAT to force the source to look like BigIP and keep the flows symmetric. So, it is wrong if I assume so?

 

Hi Chris,

 

Am I correct to say that in one arm deployment, the ingress and egress traffic on F5 travels the same path?

 

0 Kudos

Chris_Wentland
Nimbostratus
Nimbostratus

‎08-Sep-2014 08:00

Correct. Additionally, the "arms" used to be typically referred to as physical interfaces. Prior to 802.1Q, IP addresses were allocated to single interfaces. In actuality, "arms" refer to VLANs with an associated IP. You can have a one armed config with more than one physical interface. You can also have multiple one-armed configs with more than one VLAN on the same BigIP. But the implication would be that the interface which the vlan is associated to will be used for both ingress and egress traffic. If that is an LACP trunk, then traffic will get hashed and distributed on the trunk.

 

0 Kudos

Anirban
Nimbostratus
Nimbostratus

‎07-Jun-2023 10:23 - edited ‎07-Jun-2023 10:34

My F5 is in routed mode without SNAT. But strange is I can see pool member IP communicating with client in packet capture. 

Captured packet in client machine

Need help

0 Kudos

boneyard
MVP
MVP
In response to Anirban

‎28-Jun-2023 10:38

Please start a new question with a drawing of your setup and what you see where.

0 Kudos
Copyright © 2023 Khoros, LLC