Forum Discussion

Haitham_Hadad_3's avatar
Haitham_Hadad_3
Icon for Nimbostratus rankNimbostratus
Mar 10, 2018

L3 routing on F5

Hi,

 

WE have a customer who is asking for configuring 2 F5 devices as active active and to be connected to existing Active Active Firewalls and without a switch in between - HE need to connect direct cables between the F5 and Firewall Boxes

 

When we try the same VLAN between F5 and Firewalls, We found a loop

 

When we try the same setup with 1 VLAN and a switch in between, It was good and redundancy work good and there is no loops

 

We think of using 2 VLANs between F5 and FWs , but we found that we'll need to configure routing to achieve the redundancy in case one box fail, we'll route the affected subnet the other other box. Is F5 good for routing and is F5 support only static routes or it could do any routing protocol ?

 

Also please advise for a better solution for our case if there is a better one [to have F5 as Active Active connected to 2 FWs active Active directly without a switch in between]

 

Thanks Haitham

 

application delivery
BIG-IP
LTM

1 Reply

Sort By
  • Surgeon's avatar
    Surgeon
    Ret. Employee
    Mar 10, 2018

    You can use bgp, rip, ospf on big-ip but you must have a license for it. As for active-active state. Big-ip has no option to be in true A/A state.

     

    If you have only one traffic group then A/A state means that something wrong with HA pair. Only if you have 2 or more traffic group than HA pair can be in A/A state. The 1st peer will be active for one tg and standby for another and the second peer will be active for another tg and standby for the 1st tg.

     

    What you are trying to achieve?