one arm setup and two vlans
I recently setup a bigip virtual and have it as a one arm setup. The bigip is off he dmz interface and then goes back out the same interface to the internal interface (all via the firewall). I do though have two vlans created with the bigip, the vlan associated with the inside interface on the firewall and obviously the dmz interface. First I want to make sure that this is the correct setup in this scenario, meaning these two vlans and th eway traffic flows is the one arm setup. Traffic comes in the firewall on the dmz to the bigip, exits the bigip to the firewall and to the inside interface. Can someone please confirm this?
Secondly, if I put the Big with dual arm, directly connected to the inside and dmz what would the pros and cons and options be? Is there documentation on 1 and 2 arm setups for the bigip? Thanks.
Typically when people refer to a "one-armed" configuration, it usually means that the virtual-address is on the same vlan and subnet as the application servers, and the application servers are not configured to use the F5 as their default gateway. When the F5 is not the default gateway we have to SNAT client traffic to maintain route symmetry. On the other side of the coin, a "routed", or "dual arm" configuration usually means that application servers are on a different vlan than the virtual-address, and that the F5 has been configured as the default gateway for application servers, which then means we do not need to SNAT client traffic. In either case the F5 is a full proxy and maintains both client side and server side connections regardless of the ingress/egress path.