Forum Discussion
Hi,
Not an expert here but this is what I think: Better solution is solution 1. That is quite standard setup and is not messing around with L2 (like solution 2), so no problems with STP and other L2 related issues. Only possible problem is that F5 can be bypassed by users if server IP will be entered instead of VIP (for LB servers). Could be kind of security risk. Question is as well if you really need separate RDs here. You will need to separate VLANs on F5 via which servers can be reached - VLAN can be assigned to only one RD.
I think VLAN Group approach will be much more complicated, servers has to be in other VLAN (tagged switch VLAN) than traffic from clients. If not both F5 and servers will see ARP request and reply - not a good situation. That could as well pose a problem with direct access to servers without LB need. Some VLAN routing will have to exist.
Again I am not a pro so maybe I messed things around.
Piotr