Forum Discussion

kernel_panic_38's avatar
kernel_panic_38
Icon for Nimbostratus rankNimbostratus
Feb 07, 2019

Is it possible to covert (in prod) from "inline" to "one armed" mode?

Is this possible? What would I have to do on the F5 and the connected switch port to accomplish this?

 

To explain: I am at a remote site. Our other load-balancers were setup in one arm mode and for the sake of standardizing it would be nice to reconfigure this device if it is do-able. I have two different vlans on untagged Inside / Outside interfaces. I apologize ahead of time - I hope an expert would have the time to help a novice such as I.

 

BIG-IP
devops

4 Replies

Sort By
  • wlopez_98779's avatar
    wlopez_98779
    Icon for Nimbostratus rankNimbostratus
    Feb 07, 2019

    One arm mode means that both the F5 virtual servers and pool members are handled through the same vlan, most likely within the same netmask. If you're already configured this way, you probably already have SNAT Automap or SNAT Pool configured on the virtual servers.

     

    The main issues you might face are really not with modifying the F5 configurations, but with the IP scheme and routing for the pool members.

     

    In order to do the basic routing based load balancing setup you'll need to move the servers to the internal vlan (behind he F5s) using the F5 floating IP on the vlan as the pool members' default gateway, or configure SNAT (which you probably already have) to avoid asymetric routing.

     

    • kernel_panic_38's avatar
      kernel_panic_38
      Icon for Nimbostratus rankNimbostratus
      Feb 08, 2019

      To be clear - My current IN PRODUCTION system is using an inline configuration. I have an INSIDE INTERFACE mapped as 1.1 and OUTSIDE INTERFACE mapped to 1.2. Virtual Servers are setup on the OUTSIDE 1.2 interface. Pools / Pool Members are setup on the INSIDE 1.1 interface. I am confused as how to configure the system to have the virtual interface start forwarding traffic on the 1.2 interface to the pools. Is this possible with a couple configuration settings or am I needing to remove the OUTSIDE and INSIDE interfaces from the system and re-create a new interface and re-map the Virtual Servers and Pools to it?

       

      In other words could I do something like changing the inside interface to be mapped to the 1.2 interface and the system should (using Auto Map) start using a "one armed" mode for forwarding traffic? If I am understanding documentation properly the system would start using the virtual ip of the 1.2 interface to forward traffic to the pools. (using snat if asymetric routing was expected).

       

  • wlopez's avatar
    wlopez
    Icon for Cirrocumulus rankCirrocumulus
    Feb 07, 2019

    One arm mode means that both the F5 virtual servers and pool members are handled through the same vlan, most likely within the same netmask. If you're already configured this way, you probably already have SNAT Automap or SNAT Pool configured on the virtual servers.

     

    The main issues you might face are really not with modifying the F5 configurations, but with the IP scheme and routing for the pool members.

     

    In order to do the basic routing based load balancing setup you'll need to move the servers to the internal vlan (behind he F5s) using the F5 floating IP on the vlan as the pool members' default gateway, or configure SNAT (which you probably already have) to avoid asymetric routing.

     

    • kernel_panic_38's avatar
      kernel_panic_38
      Icon for Nimbostratus rankNimbostratus
      Feb 08, 2019

      To be clear - My current IN PRODUCTION system is using an inline configuration. I have an INSIDE INTERFACE mapped as 1.1 and OUTSIDE INTERFACE mapped to 1.2. Virtual Servers are setup on the OUTSIDE 1.2 interface. Pools / Pool Members are setup on the INSIDE 1.1 interface. I am confused as how to configure the system to have the virtual interface start forwarding traffic on the 1.2 interface to the pools. Is this possible with a couple configuration settings or am I needing to remove the OUTSIDE and INSIDE interfaces from the system and re-create a new interface and re-map the Virtual Servers and Pools to it?

       

      In other words could I do something like changing the inside interface to be mapped to the 1.2 interface and the system should (using Auto Map) start using a "one armed" mode for forwarding traffic? If I am understanding documentation properly the system would start using the virtual ip of the 1.2 interface to forward traffic to the pools. (using snat if asymetric routing was expected).

       

Related Content