Management & External networks on same subnet/physical network?

Question

Ok,
&nbsp;I am evaluating the LTM VE for one of our web projects as its easier than getting a physical LTM to test.  The problem is, the management network and external network are connected to the same physical network (both on 192.168.4.0) while the internal network is well segrated on a different vSwitch with a different network (172.16.6.0).  No matter what I have tried so far though, I am not allowed to assign an IP for the external network since the Big-IP detects it as the same as the management network.  Do I need to create another vSwitch with another network just for the management network and then manage it from one of my virtual servers instead of my desktop?

hooleylist · Answer

Hi Shaun, 
&nbsp;  
&nbsp; If you can define a separate subnet for management on the VM network it should work fine.   
&nbsp;  
&nbsp; You should be able to administer the LTM VE using a self IP on either the external or internal self IP addresses as long as you configure port lockdown to allow default (or explicitly allow TCP ports 22 and 443.  The advantages to using the management port are more relevant for a production implementation.  For example if the config doesn't load due to a syntax or license issue, TMM won't start and the switch ports won't be accessible.   
&nbsp;  
&nbsp; Aaron

shaun_85943 · Answer

hoolio, thanks for the quick reply. I ended up creating a seperate vSwitch port group on an existing vSwitch and then assigning just one virtual server and the LTM VE to said port group. I've been using a RDP session to that server to configure it, but I just tried the external IP and it worked. Thanks for your help.  Now to just figure out how to write an iRule that directs all requests for vip/admin to one server and all request to vip/ to the other 2 servers.

qe_102628 · Answer

Try something like this?

when HTTP_REQUEST {
  if { [HTTP::uri] starts_with "/admin" } {
    node 10.1.1.200 8080
  } else {
    pool HTTP_pool
  }
}

here's the article I found that in:

iRules 101 Article

danf_103701 · Answer

Hi. 
&nbsp;I am new to the F5 world. 
&nbsp;I have a similar problem ( or the same ) trying to build a small LTM testbed. 
&nbsp;I am using Win XP with VMware Workstation 7.0 and Big IP LTM VE 10.1 trial edition. 
&nbsp;The host machine has two NICs, VMware detects them OK, but in LTM VE I can only use the management interface which is attached to the ext interface. 
&nbsp;I configured both Int and Ext in BIG-IP as custom, each one bridged to on of the two NICs. I also created self IPs on each. The two interfaces do not come up. 
&nbsp;Any suggestions would be appreciated. 
&nbsp;Tks. &nbsp;&nbsp;&nbsp;

Forum Discussion

Management & External networks on same subnet/physical network?

4 Replies

Recent Discussions

Help with URL Masking

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

Minimizing Security Complexity: Managing Distributed WAF Policies

Re: Management Certificate

NGINX Management Suite API Connectivity Manager - Modern API driven Applications

iControl REST Authentication Token Management

CSV to Address External Datagroup File