Forum Discussion

Harry1's avatar
Harry1
Icon for Nimbostratus rankNimbostratus
Apr 09, 2017

one arm mode deployment

Hi,

 

I need to draft a solution document where we have multiple server vlan and need to deploy F5 ASM in one arm mode since customer doesn't want to change the default gateway of servers.

 

please correct me if wrong anywhere regarding one arm mode deployment:

 

as a quick notes on configuration piece: * need to have all vlans ID which needs to be introduced in F5 * self ip of each vlans * floating ip of each vlan( in case active-standby) * one physical interface of F5 will be trunk interface which will have all these server's vlan from core switch * accordingly define SNAT for all respective VS

 

appreciate for an early response.

 

Regards Prak

 

application delivery
ASM Advanced WAF
LTM

2 Replies

Sort By
  • Amine_Kadimi's avatar
    Amine_Kadimi
    Icon for MVP rankMVP
    Apr 09, 2017

    1st option, F5 in one arm mode: you only use one VLAN on F5 (not counting HA), and a default gateway which is the firewall or L3 switch. F5 will reach all the servers through its routing table. This is easy to put in place, you don't need to configure VLAN tags on F5, and this is more commonly used as per my experience.

     

    2nd option, F5 in mulitple one arms mode: exactly as you said. In this case, I don't rely on SNAT automap but create for each VLAN a SNAT pool containing the self IP of the egress VLAN, and eventually if you want to use MAC masquerading in a clean way, you should create a traffic group with an overriden virtual MAC for each VLAN and use that traffic group for the Virtual addresses. A painful solution when you have an easier choice.

     

  • Harry1's avatar
    Harry1
    Icon for Nimbostratus rankNimbostratus
    Apr 09, 2017

    I think it should work .i mean trunk for multiple vlan with single interface and define selfip of each vlan.only need to take care is vlan-keyed setting.