CSS to F5 migration question ( with multiple VLAN's)

Question

Hi F5 Guru's
I've a unique situation and was wondering if you could help me out&nbsp;
A) I have a CSS connected to the switch and that's currently doing the Load Balancing. The weird part of it is that the CSS has certain VLAN's defined with multiple IP address and since this was set up ages ago at client site, i couldn't figure out why they have done that. The public IP is being used as both VIP address and for end point server address. How do i migrate such set up to F5 . Should i split up the VLAN's to have their own individual subnets in F5. &nbsp;
circuit VLAN6
  ip address   255.255.255.128
  ip address 192.168.45.1 255.255.255.128 
circuit VLAN5&nbsp;
ip address 192.168.50.1 255.255.255.0 
  ip address  255.255.255.224  &nbsp;
B) The current set up has 5 Vlan's ( inclusive of the 2 above). I was wondering how i go about migrating. Can you advise me on the migration approach. The CSS is connected to a switch and it has servers directly connected to it and there are some downstream switches which also has some servers connected. &nbsp;
Are these setps below correct: 
A) Clear the VLAN config from CSS, clear Arp table and Mac entries. 
B)  connect teh LTM 2000S to the same switch which has the CSS connected
C) Configure the LTM with the VLAN's ( and the same IP's as it were in CSS) and associate those VLAN's to the trunk interface that connects the LTM to the switch. &nbsp;
this is the first time i'm wroking on the loadbalancers and any pointers will be appreciated. &nbsp;

boneyard · Answer

A) if you don't understand how the current setup exactly works then I would advise you to make sure you do understand it. perhaps contact the company that set this up, or a company that understands CSS. because it is difficult to advise you on this would knowing the full setup. in principle a setup on the F5 with one VLAN could work, but two might be nicer.&nbsp;
B) I don't get why you would wipe the VLAN CSS config, just disconnect the device, that way you have an easy rollback.&nbsp;
if I would be tasked with this I would use this situation to redesign to solution so I understand it.&nbsp;

f5fanboy_182636 · Answer

Thanks for the response. What i meant on my 2nd question was that my set is something like 
Internnet router --&gt; Internet Switch ---&gt; Firewall ---&gt; Server Switch ---&gt; Servers &amp; LTM ( both connected to this switch) &nbsp;
so my question is that should i create 2 trunks from LTM towards the connected Server switch or just create one trunk and pass both External and Internal VLAN in it. I don't see a big differentiation in external Vs Internal Vlan. The external vlan is a /28 subnet which has the Fwall inside port, Server Switch.  The internal vlan is the subnet in which i have the Physcial Servers, Server Switch connected to it . Since the route for the F5 to either Internet or to Inside Servers is through that same server switch, i'm confused as to where i can just build a trunk from LTM to Server Switch and pass all VLAN's. ( Also, i'm confused on the concept of internal Vs External VLAN in this scenario).. &nbsp;
Thanks in Advance .. &nbsp;

f5fanboy_182636 · Answer

Thanks for the response. What i meant on my 2nd question was that my set is something like 
Internnet router --&gt; Internet Switch ---&gt; Firewall ---&gt; Server Switch ---&gt; Servers &amp; LTM ( both connected to this switch) &nbsp;
so my question is that should i create 2 trunks from LTM towards the connected Server switch or just create one trunk and pass both External and Internal VLAN in it. I don't see a big differentiation in external Vs Internal Vlan. The external vlan is a /28 subnet which has the Fwall inside port, Server Switch.  The internal vlan is the subnet in which i have the Physcial Servers, Server Switch connected to it . Since the route for the F5 to either Internet or to Inside Servers is through that same server switch, i'm confused as to where i can just build a trunk from LTM to Server Switch and pass all VLAN's. ( Also, i'm confused on the concept of internal Vs External VLAN in this scenario).. &nbsp;
Thanks in Advance .. &nbsp;

boneyard · Answer

in your scenario the internal and external VLAN isn't that hard to see. your virtual server is on the external VLAN and your actual servers are on the internal VLAN. the usual inline scenario.&nbsp;
sure the VLANs might be on one switch environment and no on totally separate ones, but that is very common. &nbsp;
so yes you can do both VLANs on one link or use two links to separate them, it really doesn't matter much if bandwidth isn't an issue.&nbsp;

Forum Discussion

CSS to F5 migration question ( with multiple VLAN's)

4 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Edge to Pulse: IP Geolocation Database Migration

uCS platform-migrate

Re: Welcome to the F5 BIG-IP Migration Assistant

Health monitor question

F5 Connection Mirroring question