Forum Discussion

Kasem_Badwi_144's avatar
Kasem_Badwi_144
Icon for Nimbostratus rankNimbostratus
Feb 18, 2014

Deploying multiple internal vlans and multiple external vlans without Route Domain

Dears, I am migrating from Cisco ACE to LTM 4000, in ACE there are 4 contexts with multiple vlans, Can I move all vlans configured on Cisco ACE to BigIP LTM without implementing the route domain in LTM? And as far as I know we can create one internal and one external vlans on LTM, So if I have 10 subnets(10 vlans) 5 used as internal for the servers and the other 5 are used for external (virtual Servers). Since I don't have option to specify the internal and external vlans when creating multiple vlans, how can the LTM distinguish between the external and internal VLANS?

 

Thanks

 

Kasem

 

design

3 Replies

Sort By
  • JoshBecigneul's avatar
    JoshBecigneul
    Icon for MVP rankMVP
    Feb 18, 2014

    Hello,

     

    The F5 does not truly distinguish between internal/external when it comes to VLANs; it's all about where you configure your services. Those sort of labels are more an administrative thing, it's up to you.

     

    In my mind, an "internal" VLAN would have no virtual services in it and only back-end servers, while an "external" network could have both virtual services and back-end servers. That said, depending on the use of the virtual services, they may be all for internal use (ie: non-public), which is a different distinction again.

     

    Route domains are useful but they can be a hassle if you intend to migrate things between them. Our model uses them but we never migrate things between them, as we use them to contain a single customer or business group. If two route domains need to communicate, we send the traffic back to the firewall.

     

    Thanks.

     

  • Thomas_Gobet's avatar
    Thomas_Gobet
    Icon for Nimbostratus rankNimbostratus
    Feb 18, 2014

    Hi,

     

    On F5 clans are not the same than on Cisco.

     

    VLAN are a link between an interface and a name.

     

    Then on each VLAN you can define multiple Self IPs which can be part of different subnets.

     

    As you have to choose the vlan when you define a self ip, you'll have what you want.

     

  • Kasem_Badwi_144's avatar
    Kasem_Badwi_144
    Icon for Nimbostratus rankNimbostratus
    Feb 18, 2014

    Thanks to All, it seems all vlans can be moved to LTM and for better management I can map one vlan for the real server IP address to one vlan for VS, and the external vlan which we usually configure in the initial setup it is mainly for the default route(which usually point to DC FW or DC Aggregation switch).