Deploying ISP load balancing

Question

Hi all,&nbsp;
We already have 2 BIG-IP APM behind 2 Cisco Firewalls. We want to use the same BIG-IP for load balancing between 2 ISP links (I think, in front of the firewalls). We already have a full license, so we can configure the BIG-IPs for doing that.&nbsp;
We have experience in LTM and APM, but not in load balancing ISP links.&nbsp;
Today, the APM module consumes 2 network ports for incoming traffic from internet and for internal traffic.&nbsp;
We think in add 3 more network ports (2 for ISPs and the 3rd for traffic going to Firewall).&nbsp;
Is it a good idea to have the same BIG-IP Hardware in front of and behind the Firewall?&nbsp;
On the other hand, for incoming traffic, is it strictly necessary to delegate DNS traffic to BIG-IP? Is it not possible for BIG-IP to send an update to the external DNS server, every time the ISP links fails?&nbsp;
Thanks in advance&nbsp;
Best regards&nbsp;

andy_mcgrath · Answer

Is this what you are trying to achieve?&nbsp;
F5: Configuring ISP Load Balancing&nbsp;

youssef1 · Answer

Hi Sergio,&nbsp;
It is possible of course. you can even use the RD (Route Domain) to isolate the apm stream from the LC stream. If you want to use RD let APM part in RD 0 it will more simple.&nbsp;
Let me know how I can help you to achieve your need.&nbsp;
Regards&nbsp;

techgeeeg_28888 · Answer

Hi Sergio,&nbsp;
What you are trying to achieve is possible. Below i am listing as to how... &nbsp;

The current physical connectivity of your F5 box is serving APM.&nbsp;

In order to use the same unit for Link (both in &amp; out bound) Load balancing it's better to use separate physical connectivity.&nbsp;

This new connectivity should be in a fashion that F5 comes between F5 &amp; Firewall.&nbsp;

All of your Public IP addresses will terminate on F5.&nbsp;

To ensure complete separation you can create a new Route-domain for LC part.&nbsp;

Regards,
Techgeeg  &nbsp;

techgeeeg · Answer

Hi Sergio,&nbsp;
What you are trying to achieve is possible. Below i am listing as to how... &nbsp;

The current physical connectivity of your F5 box is serving APM.&nbsp;

In order to use the same unit for Link (both in &amp; out bound) Load balancing it's better to use separate physical connectivity.&nbsp;

This new connectivity should be in a fashion that F5 comes between F5 &amp; Firewall.&nbsp;

All of your Public IP addresses will terminate on F5.&nbsp;

To ensure complete separation you can create a new Route-domain for LC part.&nbsp;

Regards,
Techgeeg  &nbsp;

sergio_magra · Answer

Thanks for your answer!&nbsp;
Best regards&nbsp;

Forum Discussion

Deploying ISP load balancing

6 Replies

Recent Discussions

health monitor source IP address

How to target only webview rendering with CSS?

ltm policy asm_auto_l7_policy

MAC address not showing up in LLDP packet

F5Access | MacOS Sonoma

Related Content

Deploying F5 BIG-IP with Azure Cross-region load balancer

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

NGINXaaS for Azure: Load Balancing

What is Load Balancing?

NGINX Load balancing feature