cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

one-armed with one vlan

how can we implement one-armed solution with only on vlan between F5 and our gateway router.

3 REPLIES 3

M_Afifi
Altostratus
Altostratus

Hi Mostafa,

 

This can be implemented by using one VLAN and a default route in the BIGIP.

 

You will have to configure F5 BIGIP with self IPs in the same vlan and create a default route pointing to your router.

 

In case your back-end servers (pools members) in a different VLAN the F5 will reach these servers via the router. Otherwise, if your back-end servers are in the same VLAN make sure to use SNAT or make the F5 floating IP as the back-end servers Gateway.

 

I hope this helps.

 

Best Regards.

 

 

so kindly explain what is different between one-Armed and two-Armed design

M_Afifi
Altostratus
Altostratus

Hi Mostafa,

 

Typically, one-armed is when the communications between BIGIP and clients , and the communications between BIGIP and pools members using the same VLAN.

 

And two-armed is when you use defferent VLANs i.e. different self-IPs, one VLAN for the communications between BIGIP and clients , and the other VLAN for the communications between BIGIP and pools members.

 

See below:

 

0691T00000CpLBeQAN.pngI hope that helps.

 

Regards.