Forum Discussion

yogesh_gaikwad_'s avatar
yogesh_gaikwad_
Icon for Nimbostratus rankNimbostratus
Oct 01, 2015

I am transferring LB services from ACE to F5 and i have below questions.

I am transferring LB services from ACE to F5 and i have below questions.

 

===================================================================================================

 

In ACE we have a vlan configred with a secondary subnet like below:

 

interface vlan 2644 ip address 10.129.50.34 255.255.255.224 peer ip address 10.129.50.35 255.255.255.224 alias 10.129.50.33 255.255.255.224 ip address 10.129.50.130 255.255.255.192 secondary peer ip address 10.129.50.131 255.255.255.192 secondary alias 10.129.50.129 255.255.255.192 secondary

 

So can i configure two set of self IP's and tag them with the same vlan ID 2644

 

First 10.129.50.34/27 is my self IP for primary unit 10.129.50.35/27 is my self IP for Secondary unit 10.129.50.33/27 is the float The above set of self IP's are tagged with vlan2644

 

10.129.50.130/26 is my self IP for primary unit 10.129.50.131/26 is my self IP for Secondary unit 10.129.50.129/26 is the float This set of self IP's is also tagged with vlan2644

 

So is such kind of configuration possible on the F5?

 

===================================================================================================

 

===================================================================================================

 

Then i have a pool configured with two nodes in it.

 

ltm pool pre_holvi_ldap_write { description pre_holvi_ldap_write members { bpredir3_10.129.50.55:ldap { address 10.129.50.55 session monitor-enabled state down } bpredir4_10.129.50.56:any { address 10.129.50.56 session monitor-enabled state down } } monitor tcp_389 partition ilm-int-acc

 

Below is the ACE config for this pool

 

serverfarm host pre_holvi_ldap_write failaction purge probe tcp389 rserver bpredir3_10.129.50.55 389 backup-rserver bpredir4_10.129.50.56 inservice rserver bpredir4_10.129.50.56 inservice standby

 

Now in ACE the config is such that 10.129.50.55 is the primary NODE and 10.129.50.56 is the secondary NODE. And the secondary NODe remains inactive until the primary fails. So how to configure such scenario in F5?

 

===================================================================================================

 

===================================================================================================

 

And how can i achieve the below config using GUI, i see that both http and https is configured in same virtual

 

ltm virtual pre-holvi {

 

destination 10.129.50.134:https

 

ltm virtual pre-holvi {

 

destination 10.129.50.134:http

 

pool pre-holvi

 

profiles {

 

tcp {}

 

http {}

 

} }

 

===================================================================================================

 

deployment

2 Replies

Sort By
  • IheartF5_45022's avatar
    IheartF5_45022
    Icon for Nacreous rankNacreous
    Oct 01, 2015

    Hi,

     

    • Yes you can have multiple self-ips per VLAN which emulates secondary IP addresses on a Cisco device.
    • You need to use the "priority group activation" feature https://devcentral.f5.com/questions/priority-group-activation-why-use-it
    • You need one virtual for http, and one for https. Before you create the https virtual you'll need to create SSL certificate/Keys, then a client SSL profile, then you assign the client SSL profile to the https virtual.

    Let us know if you need any help but it's all quite straightforward.