design and routing for setting up multiple environments with LTM

Question

F5 Questions&nbsp;
DMZ has two vlans.&nbsp;
Vlan A -  192.168.33.0/24 (nodes)&nbsp;
Vlan B –  192.168.17.0/20 (Vips)&nbsp;
Both are in route domain 1 with a default route of 192.168.16.1 (cisco router) I’m omitting the “%1” for easier reading&nbsp;
That same router has a static route to the 192.168.33.0/24 network to use 192.168.17.1  (which is the address on the F5)
All pretty straight forward.&nbsp;
On the internal Side I have the following&nbsp;
Internal_Big-IP: 10.0.13.0/24 (nodes)&nbsp;
Internal_Server: 10.0.1.0/24 (internal)&nbsp;
Internal_Vip: 10.0.4.0/24 (Vip)&nbsp;
Very similar to DMZ.. from an outside network. If I want to get to the node network I have to route through the VIP IP address.&nbsp;
Here is my situation. I’ve been given the task of splitting up all of our environments so they can’t talk to one other. Like Production, Dev, Staging, ETC&nbsp;
I created two new vlans for each environment. Like &nbsp;
Prod_int_node  10.0.150.0/24&nbsp;
Prod_int_VIP     10.0.151.0/24&nbsp;
Prod_DMZ_Node 192.168.150.0/24&nbsp;
Prod_DMZ_VIP 192.168.151.0/24&nbsp;
What I’m unsure about is  how to route my traffic. Do I have to setup an interface on the cisco router for each vlan and use that as the default route. If that is the case, will  l have to use a gateway pool for each environment?&nbsp;
Am I going about this the wrong way or should I just use route domain for each different environment?&nbsp;

nitass · Answer

Am I going about this the wrong way or should I just use route domain for each different environment?&nbsp;

i would use route-domain.&nbsp;

kevin_bozman_15 · Answer

So two route domains for each environment, one for internal and the other for external?&nbsp;
Then make static routes on my Cisco that point to the Vips Floating IP to route to the Nodes network. I'm saying that because when I inherited these devices, this is how the existing network is currently setup. I assume it is correct.&nbsp;

nitass · Answer

So two route domains for each environment, one for internal and the other for external?&nbsp;

shouldn't it be one route domain for each environment? each route domain has multiple vlans i.e. vlan_node, vlan_vip.&nbsp;

kevin_bozman_15 · Answer

DMZ Traffic is going to take different route than our Internal traffic. We have web servers (DMZ) and API servers (internal) So one route domain for each.  right?&nbsp;

nitass · Answer

i am not sure about your routing. anyway, i think if you can configure it within one route domain, it is fine to use one route domain for one environment.

Forum Discussion

design and routing for setting up multiple environments with LTM

7 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Multiple Kubernetes Clusters and Path-Based Routing with F5 Distributed Cloud

Create F5 BIG-IP Next Instance on Proxmox Virtual Environment

Using F5 Distributed Cloud Network Connect to transit, route, & secure private cloud environments

Multi-Stores Citrix environment BIG-IP APM

Symmetric routing on NGINX Plus with multiple interfaces