BIGIP in a network Edge device role
Hi all, I need some assistance if possible. I'm familiar with F5s in a conventional load balancing role inside the corporate network, but we're building a new environment with a pair of 4000-series devices in a configsync pair. I have a DMZ network behind the corporate firewall, bound via LAGs to the 1Gb ports, and a set of internal VLANs bound via LAGs to the 10G ports which will be used for application services, Hypervisor management etc. We'd like to leverage APM to secure all traffic, essentially making them the edge devices for the internal environment.
I guess all services are going to be presented via VIPs/Pools/Nodes, but I'm not sure how to set up the basic routes/outgoing traffic rules, default gateways. Has anyone got any guidance or resources on how to configure a BIGIP in this sort of role? I've has a look around but couldn't find anything obvious...
Many thanks in advance
HI
your diagram explains a few things, the routing on the f5 can fairly simple or a bit complex based on your needs
External Facing VLAN AKA vlanexternal give it an ip subnet this vlan will face your firewalls. the vlan will have a floating ip addresses as well to ensure failover to standby. from a default route perspective I am sure you can default route to the firewall ip if your internet breakout is residing that side. you can then launch your vip's from this vlan either create external facing vip's with a new ip subnet or use the external vlan ip subnet to give yourself vip's
Internal vlan/vlan's will be facing the core switch. you can run one vlan/ipsubnet from your f5 10gig lag then route all internal facing networks towards your core network as a next hop, you might not even require snat because return traffic from internal will flow back to the f5 towards the firewall/internet.
Also in this scenario your f5 will have to do routing because your core network needs to reach the internet via the f5 you will most likely require a ip forward virtual server. Hope this helps you.
you can either use static routing or dynamic depending on your requirements.