Ok i need your HEEEEEELP.
It is kinda of a noob question since i am a cisco engineer and i have been dealing with F5 for a couple of months only\. I have two F5 BigIP 3600 with LTM. I want to configure them to load balance three oracle application server pools. I have made a sample schema of my network which you can find attached.Now i configured the two F5 to work as an active/active pair and i have the following addressing (all are fake addresses just for an example). Router has an inside ip of 10.10.10.1 and it communicates with the firewall which has an outside ip of 10.10.10.2. In it i have a block of real ip addresses and it translates my real website IP for pool 1 (191.95.125.90) to an inside private ip (192.168.1.12) real ip for pool 2 (191.95.125.91) to inside ip (192.168.1.14) and pool 3 real ip (191.95.125.92) to (192.168.1.16) which all private ip's are the virtual servers on the F5.The pools are Pool1 10.20.10.0 ,Pool2 10.20.20.0 and Pool3 10.20.30.0. I cannot make it work in no way. I have tried making VLAN's, vlan groups but no luck. I cannot make it communicate with the outside world. Can i have some help in configuring the F5. I know how to make vlans, self ips and so. What i need is the steps to make it work. The exinda accelerator shown in the picture is out for now. Moreover it is transparent in the network so dont take it into consideration. PLEASE HELP i am so confused. Any more info you might need ask and i will be more than happy to provide. I WANT TO USE ONE outside interface which will be communicating with the firewall (192.168.1.10) to reach the internet and accept requests.
Thanks in advance.

Are you looking to get traffic from the internet to the Virtual address on the LTM or are you looking to get traffic from the Oracle Application to get to the internet directly?
What was your decision to have the LTM configured for Active/Active. Were you looking to distribute the traffic across 2 LTMs or was your critieria for redundancy alone?
So for the questions but in order for me or the forum to help we need to know some of the design decision you made to provide you the best assistance we can.


thanks,
CB

Hello and thanks for your reply. The application server hosts a custom application (on ports 80 and 443) which i need to be accessed from the internet. I want to load balance the incoming traffic.
As for active active i just wanted to share traffic on the two LTM's i can anytime revert it to active/standby.

The first thing I would do is determine if the packet's are coming into the LTM. That way at least you know it's reaching there, unless you know for sure it's not reaching the LTM

What you can do is run a tcpdump command on the LTM


I.E. tcpdump -ni <interface> host <destination IP adderss>

This will give you a sniffer dump on the screen. Let me know if you see anything.

thanks,
#CB

Hello again. First of all i need some helo with the configuration. From the firewall i have translated the real ip's to the private ip's of the virtual servers. What do i need to do to configure an outside interface? One interface with a self ip on this subnet is ok? I need a self ip or not at all? I need a real self ip on the F5 and nat the virtual servers in the f5??? I am pretty confused with what to do on the "outside" way. Inside-wards i make three vlan's one for each pool with routes for the inside networks with destination the Vlan. eg. route to 10.10.10.0 is through vlan 1. What steps should i take to configure my F5. Should i revert them to active/standby???

Thanks for all your help and i would ask for some patience cause as i told you i am a noob F5 user.

Since you are a noob, I have to ask a simple question. Is your management port on seperate IP and Vlan from the traffic you are trying to pass? If not you will not pass traffic through BIG-IP. It is a security design.

Yes they are on a totally seperate vlan and subnet. My question is simpler. I have not made it to configure a functional "out" interface. I have three internal vlans as i said and one outside vlan. I need three pools and three virtual servers.I just want general guidelines how to do it cause F5's guides got me a bit confused.Do i need to use a real IP on the outside or a translation on my router is enough?Probably it will work on a closed network (vpn and direct access ) so my real ip need will be eliminated. Thanks again/.

The first thing I would check out is to make sure the BIG-IP itself can get out and to the internet. From the BIG-IP command line, can you ping your firewall, router, et al? After that, I would then try to ping stuff by name out past your firewall and router (google.com for instance).

I have to admit that I was a little confused by your initial post -- not your diagram, but your explanation of addressing and where & how you were or weren't translating. Maybe another diagram, but just in text that included all your network addressing.

In the end, your BIG-IP will have to have self-IP addresses on any network segments it is attached to, regardless if it's real or a VLAN. Any hosts that needs to get traffic back through the BIG-IP will either have to have the BIG-IP as it's default gateway, or the initial request traffic will need to have a SNAT applied to it. Otherwise, traffic coming out of your Application Servers will head out a different direction because of asynchronous routing.

I have a similar architecture as yours; Did you configure succesfully? Could you give me some tracks? Thank you,

Interesting. What does Exinda offer your solution that F5 cannot already do?

EDIT : I think found my answer that Exinda does better rate shaping and traffic management, like Packeteer or Riverbed. Cool.

Well thats true. Except from that it is used for prioritization of traffic. Anyway it was not my decision to use these i just had to have them in my network so........