Forum Discussion

IRONMAN's avatar
IRONMAN
Icon for Cirrostratus rankCirrostratus
Aug 19, 2019
Solved

i Have LTM Connected directly with Core Switch with two interfaces?

I am facing small design challenge, i Have LTM & AFM Connected directly with Core Switch with two interfaces, each are different purpose?

 

Interface one for incoming traffic from client side?

Interface two for outgoing to traffic to Server Farm?

 

How to achieve this? Because I am using IP forward Virtual servers with AFM , Which Ips are same as server farm? I don,t want traffic from core should go directly server without LTM and AFM inspection?

 

AFM
application delivery
LTM
security
  • KeesvandenBos's avatar
    KeesvandenBos
    Aug 19, 2019

    Hi Saravanan,

     

    On your core switch, there should be no SVI/VRF for the vlan of the Server Farm. This will break your configuration. Your setup will only work if your server vlan is a L2 vlan on the core switch.

     

    Cheers,

     

    Kees

6 Replies

Sort By
  • KeesvandenBos's avatar
    KeesvandenBos
    Icon for MVP rankMVP
    Aug 20, 2019

    Your welcome Saravanan,

     

    Both your vlan's are connected to the core and the BIG-IP on L2, but the real server vlan can only be found by the core via the BIG-IP. If this vlan is a L3 vlan the Core will sent traffic to the real servers directly instead of via the BIG-IP. This created asymmetric routing.

     

    Your network setup is like the picture:

     

    Cheers,

     

    Kees

  • KeesvandenBos's avatar
    KeesvandenBos
    Icon for MVP rankMVP
    Aug 19, 2019

    Hi Ironman,

     

    On your core switch, did you configure a static route for the server farm network? It should point to the floating self-ip of your BIG-IP cluster. (on inerface one)

    You also have to confiure routes back to your client's, these should point to the floating self-ip on interface two (or is the BIG-IP the default gateway for your server farm?)

     

    Cheers,

     

    Kees

  • IRONMAN's avatar
    IRONMAN
    Icon for Cirrostratus rankCirrostratus
    Aug 19, 2019

    Thanks Kees, I will try your ides in below methods,

     

    I try Static route from core to Interface 1 floating IP or use OSPF between this !

     

    BIG-IP the default gateway for your server farm, for Interface two! Will configure Server VLAN gateway to pointing the LTM Interface 2 VLANs floating IP!

     

     

     

    Thanks

    Saravanan

     

     

    • KeesvandenBos's avatar
      KeesvandenBos
      Icon for MVP rankMVP
      Aug 19, 2019

      Hi Saravanan,

       

      On your core switch, there should be no SVI/VRF for the vlan of the Server Farm. This will break your configuration. Your setup will only work if your server vlan is a L2 vlan on the core switch.

       

      Cheers,

       

      Kees

      • IRONMAN's avatar
        IRONMAN
        Icon for Cirrostratus rankCirrostratus
        Aug 19, 2019

        Thanks Kees, it started working after i moved to Servers VLANs on core to l2.

        any reasons, I unable to understand this?

        When my core learning the Client IPs address with Different routes, But my servers choosing the LTM interface 2?