WE have a customer who is asking for configuring 2 F5 devices as active active and to be connected to existing Active Active Firewalls and without a switch in between - HE need to connect direct cables between the F5 and Firewall Boxes
When we try the same VLAN between F5 and Firewalls, We found a loop
When we try the same setup with 1 VLAN and a switch in between, It was good and redundancy work good and there is no loops
We think of using 2 VLANs between F5 and FWs , but we found that we'll need to configure routing to achieve the redundancy in case one box fail, we'll route the affected subnet the other other box. Is F5 good for routing and is F5 support only static routes or it could do any routing protocol ?
Also please advise for a better solution for our case if there is a better one [to have F5 as Active Active connected to 2 FWs active Active directly without a switch in between]
You can use bgp, rip, ospf on big-ip but you must have a license for it.
As for active-active state. Big-ip has no option to be in true A/A state.
If you have only one traffic group then A/A state means that something wrong with HA pair.
Only if you have 2 or more traffic group than HA pair can be in A/A state. The 1st peer will be active for one tg and standby for another and the second peer will be active for another tg and standby for the 1st tg.