NimbostratusJust wondering if there is rule in assigning IP address for Virtual server. Does it need to be on the same subnet as the Self IP or must be different? If it can be either ,what are the pros/cons or when would you choose one over the other? Thanks in advance.
CirrostratusHey Tino. It can be either. I've always generally made it different to the Self IP range, using a small subnet between the 'external' firewall and external BIG-IP VLAN, with the VS range routed on the firewall to the F5. This is primarily due to the environments I've worked in (large enterprises) where this kind of layer three segmentation is common, deterministic traffic flow is desired and layer two features/architectures are actively avoided. It has some advantages; there's no ARP traffic and you can add as many subnets as you like for VSs or expand existing ones easily. In a large environment I don't see any significant downsides. In smaller environments the need to route subnets to the F5 may be an overhead or add unwanted complexity.
Using the Self IP subnet is fine too and somewhat simpler but limits your expansion (or at least makes it painful should you need to) and makes your network a bit 'flat'/less heirarchical/segmented.