Seperate VLANS for Dev/QA/Prod

Question

At one of my clients, the network engineering team decided to segregate traffic in to multiple VLANS based on the application environment (DEV/QA/PROD). So far I have been using only one internal and external VLAN Setup and use the same for all Dev/QA and Prod Servers. Now I have been asked to divide them into seperate VLANS. I personally do not see a lot of value in doing this as there is not much traffic on Dev and QA environments that would affect Prod and also the configuration might get complex in terms of configuring multiple ports and routing. 
&nbsp;  
&nbsp; Before I answer, I wanted to make sure I get the expert opinion on this. Is this really complicated to do? Does Big-IP really recommend this type of design? We have the 3400 series, which does have 8 ports on them which I guess is for this type of scenarios. Pleas advise. 
&nbsp;  
&nbsp; Forgot to add, one other reason, they want to do this is for maintenance which makes it easier to identify Dev/QA and Prod Servers. 
&nbsp;  
&nbsp; Appreciate your time. 
&nbsp;  
&nbsp; Thanks, 
&nbsp; Chenna

jrahm · Answer

It is not complicated as long as your naming scheme is clearly unique between the environments.  I use two 3400's to serve five environments: The first 3400 serves the web tier for three environments and the app tier of the other two, and the second 3400 serves the app tier of the first three environments and the web tier of the other two.  I use two physical links in each box (one clientside / one serverside) and utilize vlan tagging to segregate the environments.  This has worked well for us for two+ years so far. 
&nbsp;  &nbsp;

jrahm · Answer

I forgot to add that we do not mix development with production.  Our production controls are such that we could never get any development done on the same chassis.  Your mileage may vary. 
&nbsp;  &nbsp;

wowchens · Answer

Thanks. I will try this config and post any issues that may arise.

Forum Discussion

Seperate VLANS for Dev/QA/Prod

3 Replies

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Multiple value seperator in saml Attribute

2 internal server vlans

Disable Inter-VLAN Routing?

VLAN Group and Asymmetric Deployment

F5OS API - not able to create vlan