Forum Discussion

philvirtual's avatar
philvirtual
Icon for Nimbostratus rankNimbostratus
May 30, 2017

Same Subnet VIP/Pool

I have an existing config with these two interfaces for my public-facing DMZ web servers : 1.1 (internal - vlan 200) and 1.3 (external - vlan 2001). All the existing VIPs are in 2001 and the pool members are in 200.

 

It's a long story, but I cannot use Microsoft NLB with either unicast or multicast, so...

 

Without screwing up my first config, I'd like to add a LAN side Load Balance setup for internal IIS servers. This completely brand new, and separate setup, should contain two IIS servers and one VIP, both on VLAN 4.

 

Do I just need one interfaces assigned to VLAN 4 (say 1.4)?

 

Any other advice for setting this up?

 

application delivery
LTM

1 Reply

Sort By
  • rob_carr's avatar
    rob_carr
    Icon for Cirrostratus rankCirrostratus
    May 30, 2017

    If the traffic is coming from and being load balanced to the same network segment, then you only need to configure a single interface/VLAN (in your example, VLAN 4). This is what F5 refers to as a 'one-arm' or 'one-IP' configuration. You didn't say which version you are running, so this may not be the correct implementation guide for you, but it should give you an idea of how to configure for your situation: LTM Implementations: Configuring a One-IP Network Topology.

     

    You need to pay special attention to how you configure SNAT behavior going forward - without a SNAT, the host you are forwarding traffic to can reply directly to the source of the traffic, which will result in connections being reset by the originating host. Again, this may not be the correct manual for your version, but have a look at this information about SNATs: LTM Concepts: SNATs.