Forum Discussion

amit_55944's avatar
amit_55944
Icon for Nimbostratus rankNimbostratus
Dec 05, 2009

Traffic routing using LTM

We are implementing internet banking website. two LTMs are used in two tier network.

 

In tier1 LTM is doing SSL ofloading and send traffic to webseal server. webseal server sending traffic to firewall. Firewall pass on traffic to all servers via LTM in tier2. we have two vlans in tier2 to seperate the traffic between http/application/oracle server and ldap/policy servers. https servers are configured for loadbalancing.

 

My doubt is how will the inter vlan communication in tier2 will happen ? will it be through LTM also how should we configure LTM for routing the traffic of servers back to the firewall ?

 

also since all the traffic of servers which are not configured VIP how the traffic will pass through it ?
config
design

6 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Dec 07, 2009
    Hi Amit,

     

     

    It might help if you could post a simplified network diagram of the layout you're considering. If you can include subnets and sample IP addresses, it would help.

     

     

    Thanks,

     

    Aaron
  • amit_55944's avatar
    amit_55944
    Icon for Nimbostratus rankNimbostratus
    Dec 07, 2009
    I dont have IP addressess with me but the Public of client will be retained in network. traffic communication from outside world be like

     

    Firewall->LTM1->webseal->firewall2->LTM2->ldap->webserver and back.

     

    so the LTM2 has two VLANs to segregate the traffic between LDAPs and webservers. these two servers are loadbalancing also.

     

    apart from these their is policy and sms server which are not loadbalancing and behind the LTM2.

     

    and hence my query.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Dec 10, 2009
    That's a fairly similar to a firewall sandwich scenario. I couldn't find any recent documentation on this, but the 4.6.2 Solutions Guide has a useful diagram and sample configuration for this. The syntax will be different in v9 or v10, but the concepts are the close:

     

     

    Manual Chapter: BIG-IP Solutions Guide v4.6.2: Balancing Two-Way Traffic Across Firewalls

     

    https://support.f5.com/kb/en-us/products/big-ip_4_x/manuals/product/bigip4_6_2admin/bigipflb_bidest.html

     

     

    Aaron
  • amit_55944's avatar
    amit_55944
    Icon for Nimbostratus rankNimbostratus
    Dec 11, 2009
    Wow Aaron, i find this very useful. thanks a bunch....it is great help
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Dec 11, 2009
    That's good to hear. If you try implementing something similar and get stuck let me know.

     

     

    Aaron
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Dec 11, 2009
    That's good to hear. If you try implementing something similar and get stuck let me know.

     

     

    Aaron