NimbostratusIncoming external client traffic in a different VLAN/IP space than Virtual Servers.
Usually when I put an F5 into an environment, it's typically (internet) -FW- (VLANx 10.0.x.0/24) -F5- (VLANy 10.0.y.0/23) - Servers. Pretty straight forward. Client requests come in, pass thru the firewall, connect to the VIP on VLANx, and are balanced out the back to a server pool in VLANy. I've been asked to put together something a bit different, and trying to wrap my head around it. Client requests would come from in the internet, thru the firewall, but the VIPs instead of being in VLANx as shown above, would be in a separate VLAN/IP space (let's call it VLANz): Sorry for the ascii art lol
(internet) -FW- (VLANx 10.0.x.0/28) -F5- (VLANz 10.0.z.0/24) -F5- (VLANy 10.0.y.0/23) -Servers
|____SAME F5 LTM_____|
So, the question is, how to make this work, and what the traffic flow would look like. To me, the firewall should have a route on it ip route 10.0.z.0/24 next hop 10.0.x.F5, servers would have a default route back to the 10.0.y.F5 interface, but getting the VLANx traffic to a VS on VLANz is where my question lies.
Thoughts?
