Forum Discussion

LoadF5_186131's avatar
LoadF5_186131
Icon for Nimbostratus rankNimbostratus
Feb 06, 2015

External & internal facing loadbalancers - different subnets,VLANs

Hi,

 

I have a question about how to design loadbalancing of IIS websites in a DMZ. The picture below describes the situation.

 

1. a users opens a loadbalanced IIS website which is external facing to the internet. 2. Loadbalancer referes to Azure Pack Tenant 3. From the Azure Pack Tenant it has to talk to a 2nd loadbalancer 4. Loadbalancers refers to Azure Pack Admin 5. Azure Pack Admin needs to be able to talk back to the 2nd loadbalancer 6. Azure Pack Admin will talk to a 3rd loadbalancer to refer to the internal domain to SPF IIS

 

Question: How to get this to work? Does the 2nd loadbalancer need to be in a seperate subnet?

 

application delivery
availability
design
LTM
microsoft

3 Replies

Sort By
  • NikhilB's avatar
    NikhilB
    Icon for Employee rankEmployee
    Feb 07, 2015

    If you are separating your LB's from internal and external environments then, yes. (your devices that you are referencing are not labelled thus its a little tricky to make out)

     

  • LoadF5_186131's avatar
    LoadF5_186131
    Icon for Nimbostratus rankNimbostratus
    Feb 09, 2015

    Hi NikhilB,

     

    Thank you for your response. I have added a new picture so the devices are labelled. As you can see in the DMZ we have an internal facing subnet and an external facing subnet.

     

    My question is regarding the device B. Should this be in a seperate subnet from the internal facing subnet? Can a loadbalancer talk to a subnet and reply to it when it is in the same subnet?

     

  • NikhilB's avatar
    NikhilB
    Icon for Employee rankEmployee
    Feb 09, 2015

    Can a loadbalancer talk to a subnet and reply to it when it is in the same subnet? Technically yes. One armed load balancing.

     

    Personally have not seen a setup with 2 legs (internal and external) without a FW to filter on traffic. (unless you have the AFN/ASM modules running)