F5 Load Balancing and Cisco Routing

Question

Hey all,&nbsp;
In our current setup we have 2 BIG-IP 2000s in HA pair. Both have uplinks to the Internet. Currently the F5s are doing all of the internal routing for our network. Since our needs have changed, we decided to purchase 2xCisco ASR 1001-Xs to move our internal routing to. The F5s are used to load balance APP/WEB servers in our environment. My question is, how can I move off the routing from the F5 to the Cisco routers, cleanly, and maintain the current load balancing configuration on the F5s (VIPs, NATs etc)? when I try to remove self IPs, it says they are connected to other resources. I need to remove these self IPs because these networks are now on the Cisco routers.&nbsp;
Any ideas?&nbsp;

brad_parker · Answer

Will need a little more clarification about your topology to make a better educated suggestion. I will say that the reason you can't remove the self-ips is that they are being used to connect to your nodes/pool members. If you have L2 connectivity to the networks they live in, the BIG-IP won't let you remove those until they are no longer needed. This can be accomplished by adding additional new self-ips in those networks so you can reclaim what you want, but I can't say if that is prudent without more of an understanding of your topology.

rb323_217345 · Answer

You are correct. Basically the issue is that the floating IPs (Default Gateway for VLANS on F5s) will conflict with the ASR's VLAN DFGW of 172.19.xyz.1. I don't want to change the .1 on the ASR side since all our servers point to .1 So the current setup is:&nbsp;
F5-1 (Active)  ------&gt; Internet 1
              [VLANS 110-111, 120-123, 130,140,141,160] ------&gt; Trunk to Core Switch&nbsp;
F5-2 (Passive) -----&gt; Internet 2
              [VLANS 110-111, 120-123, 130,140,141,160]  -----&gt; Trunk To Core Switch&nbsp;
Future Setup:&nbsp;
F5-1 (Active)  ------&gt; Internet 1
               ------&gt; Trunk to ASR 1 (All VLANS reside on ASRS)
F5-2 (Passive)  ------&gt; Internet 2
               ------&gt; Trunk to ASR 2 (All VLANS reside on ASRS)&nbsp;
Is there a clean way of doing this without messing around with the nodes/pools on the F5s?&nbsp;

brad_parker · Answer

So you are going to a routed(L3) connectivity to your nodes/pool members, rather than connecting directly L2 to them?

rb323_217345 · Answer

The nodes/pool members are on different VLANs, I'm unsure if the L3 is the best way to go in this situation. Basically the F5 should only be doing the load balancing, not inter-vlan routing anymore, hence why we put in Cisco ASRs. Which way would be the best in your opinion?

Forum Discussion

F5 Load Balancing and Cisco Routing

4 Replies

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Load Balancing versus Application Routing

F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options

Deploying F5 Distributed Cloud (XC) Services in Cisco ACI - Layer Three Attached Deployment

Cisco ACI Endpoint Learning with a BIG-IP HA Failover