Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

design and routing for setting up multiple environments with LTM

F5 Questions

DMZ has two vlans.

Vlan A - 192.168.33.0/24 (nodes)

Vlan B – 192.168.17.0/20 (Vips)

Both are in route domain 1 with a default route of 192.168.16.1 (cisco router) I’m omitting the “%1” for easier reading

That same router has a static route to the 192.168.33.0/24 network to use 192.168.17.1 (which is the address on the F5) All pretty straight forward.

On the internal Side I have the following

Internal_Big-IP: 10.0.13.0/24 (nodes)

Internal_Server: 10.0.1.0/24 (internal)

Internal_Vip: 10.0.4.0/24 (Vip)

Very similar to DMZ.. from an outside network. If I want to get to the node network I have to route through the VIP IP address.

Here is my situation. I’ve been given the task of splitting up all of our environments so they can’t talk to one other. Like Production, Dev, Staging, ETC

I created two new vlans for each environment. Like

Prod_int_node 10.0.150.0/24

Prod_int_VIP 10.0.151.0/24

Prod_DMZ_Node 192.168.150.0/24

Prod_DMZ_VIP 192.168.151.0/24

What I’m unsure about is how to route my traffic. Do I have to setup an interface on the cisco router for each vlan and use that as the default route. If that is the case, will l have to use a gateway pool for each environment?

Am I going about this the wrong way or should I just use route domain for each different environment?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Am I going about this the wrong way or should I just use route domain for each different environment?

i would use route-domain.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

So two route domains for each environment, one for internal and the other for external?

Then make static routes on my Cisco that point to the Vips Floating IP to route to the Nodes network. I'm saying that because when I inherited these devices, this is how the existing network is currently setup. I assume it is correct.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

So two route domains for each environment, one for internal and the other for external?

shouldn't it be one route domain for each environment? each route domain has multiple vlans i.e. vlan_node, vlan_vip.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

DMZ Traffic is going to take different route than our Internal traffic. We have web servers (DMZ) and API servers (internal) So one route domain for each. right?

0
Comments on this Answer
Comment made 22-Apr-2015 by nitass 13357
i am not sure about your routing. anyway, i think if you can configure it within one route domain, it is fine to use one route domain for one environment.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Routing in the DMZ is an now the issue that I'm not sure how to handle properly

If I have Vlans with different IP networks for each different environment but I only have interface on my router to get our of my DMZ, what is the correct was to solve this? Do I add additional interfaces to the DMZ router or handle this differently?

Previously I'd use 192.168.1.1 as a route for Route domain 1

The VIP Vlan in the DMZ was on the 192.168.1.0/24 network previously. Now that I have 192.168.2.0/24 (Dev VIP ) and 192.168.3.0/24 (Staging- VIP) I obviously can't connect to the 192.168.1.1 router. So do I add additional interfaces on my router or handle this a different way.

ON the internal side I just add an IP address for each vlan and then set the route for each route domain to that Gateway.

Appreciate any help.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

The VIP Vlan in the DMZ was on the 192.168.1.0/24 network previously. Now that I have 192.168.2.0/24 (Dev VIP ) and 192.168.3.0/24 (Staging- VIP) I obviously can't connect to the 192.168.1.1 router. So do I add additional interfaces on my router or handle this a different way.

can't router do 802.1q?

0