The challenge is routing across this direct-connect link. We need to be able to BGP peer between the vCMP guests. I cannot share the same VLAN (no L2 adjacency) because of sharing the same hypervisor host. We need the in-line tool to be able to establish what VLAN/network it's coming from so it can steer traffic to various tool ports. I've tried Q-in-Q across the link, I've tried L3 interface/routing across, and various other tagging/untagging configurations on this direct link.
Has anyone looked at a similar design?
1. VCMP dedicated on hypervisor
2. Advanced Routing Module (using BGP)
3. Route domains
1. Create an inbound, and outbound, airgap between F5s, feeding in-line tools the decrypted data.
2. The public-facing F5 hosts the VIPs and terminates the SSL sessions.
3. Re-encrypting data before sending traffic to pool resource
4. No SNAT
5. BGP routing/peering between the various networking components (Router <--> F5 <--> F5 <--> Firewall)