Regarding design LTM

Question

Hi team,&nbsp;
I have two Big Ip one is active and other is standby. I have web servers connect to perimeter firewall and have internal servers connected to core. Now i have to load balance the both internal servers and web servers. Now my question is what is the best and secure way to execute this.&nbsp;
If my big ip is connected to Core Sw. can i configure one vlan for internal server and bind 1 port to it and connect to core sw. and another vlan for web server and bind another port and connect to perimeter firewll?&nbsp;
Prashanth&nbsp;

brad_parker_139 · Answer

I would suggest connecting you BigIP to the VLAN your web servers live in and use a One-arm mode to load balance them behind your firewall.  As for your internal servers connecting the BigIP to internal VLAN via the core is more than a valid approach.  If you don't want to change your network topology than a One-arm approach will work for that as well.&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_implementations_guide_10_1/sol_one_arm.html&nbsp;

brad_parker · Answer

I would suggest connecting you BigIP to the VLAN your web servers live in and use a One-arm mode to load balance them behind your firewall.  As for your internal servers connecting the BigIP to internal VLAN via the core is more than a valid approach.  If you don't want to change your network topology than a One-arm approach will work for that as well.&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_implementations_guide_10_1/sol_one_arm.html&nbsp;

pkannur_189341 · Answer

Hi Mr. Parker,&nbsp;
Thanks for the response..&nbsp;
Web servers is connected to behind perimeter firewall, web server will be accessed from outside and internal servers are connected to core sw which is behind internal firewall ie on core sw, will be accessed by internal users.
Below Is this what you meant:&nbsp;
i connect f5[p1] to core sw in the same vlan as internal server [One arm mode] i can load balance internal server. 
For web server i  i connect f5[p2] to sw in the same vlan as web servers behind perimeter FW.&nbsp;
Correct me if i am wrong&nbsp;

pkannur_189341 · Answer

Hi Mr. Parker,

Thanks for the response..

Web servers is connected to behind perimeter firewall, web server will be accessed from outside and internal servers are connected to core sw which is behind internal firewall ie on core sw, will be accessed by internal users. Below Is this what you meant:

i connect f5[p1] to core sw in the same vlan as internal server [One arm mode] i can load balance internal server. For web server i i connect f5[p2] to sw in the same vlan as web servers behind perimeter FW.

Correct me if i am wrong

pkannur_189341 · Answer

Hi Mr. Parker,

Thanks for the response..

Web servers is connected to behind perimeter firewall, web server will be accessed from outside and internal servers are connected to core sw which is behind internal firewall ie on core sw, will be accessed by internal users. Below Is this what you meant:

i connect f5[p1] to core sw in the same vlan as internal server [One arm mode] i can load balance internal server. For web server i i connect f5[p2] to sw in the same vlan as web servers behind perimeter FW.

Correct me if i am wrong

Forum Discussion

Regarding design LTM

6 Replies

Recent Discussions

About custome Response Blocking Page

Office Online Server with SharePoint 2016

health monitor source IP address

How to target only webview rendering with CSS?

ltm policy asm_auto_l7_policy

Related Content

Query Regarding extramb

Verified Design: SSL Orchestrator with Palo Alto NGFW Virtual Edition-Part 1

Verified Design: SSL Orchestrator with McAfee Web Gateway-Part 1

F5 BIG-IP in Cisco ACI Multi-Site and Multi-Pod - Design Considerations

Decision box design using js