[c-nsp] F5 BIG IP and FWSM

Vikas Sharma vikassharmas at gmail.com
Fri Sep 12 01:11:18 EDT 2008 

Hi,

Thanks for the quick reply.

I agree with your advice. But it might be required to loadbalance other
devices those are sitting somewhere in my MPLS network. To do this mandatory
condition is - LB internal interface should be able to ping / reach that. If
I am using first DG to LB VIP and from LB 2nd DG to fwsm context failover
ip, how can I achieve reachability from LB internal interface to servers
somewhere in my MPLS network as  to reach LB one have to pass through FWSM.

Do i need to create a separate context for LB reachability to servers
outside in MPLS network?

Regards,
Vikas Sharma


On 9/12/08, Max Reid <max.reid at saikonetworks.com> wrote:
>
> > That looks backwards...why not have the DG for internal hosts be the
> > BigIP, and DG the BigIP to the inside of the FWSM?
> >
> > The BigIP does a good job of performing NAT, and doesn't need to be
> > directly connected to the nodes in its pools...in fact, I would highly
> > recommend against connecting nodes directly to the BigIP - you should
> > utilize a core switch block for that and default route to a floating
> > internal ip on the BigIP, from there, upstream to the FWSM and let it
> > handle security out front.
>
> I concur with this advice, esp. the note about having an L3 connected
> network between the back end hosts and the 'Inside' interface of the big
> IP.
>
>
> Main Benefit is failover (no arp issues on clients or F5); when dealing
> with large load balanced farms.
>
> ~Max
>
>
> >
> >
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Vikas Sharma
> > Sent: Thursday, September 11, 2008 11:08 AM
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] F5 BIG IP and FWSM
> >
> > Hi,
> >
> > Did any one have worked on F5 BIG IP and FWSM? If yes please help me. As
> > this point I wanted to know BIG IP and how it should be conected to
> > fwsm,
> > specially in routed mode.
> >
> > My understanding -
> >
> > 6509 (MSFC) --> outside interface of LB --> Inside interface of LB ->
> > FWSM
> > context (multiple context)
> >
> > How bigip will be able to do loadbalancing, when it is not directly
> > connected to servers. All servers d/g is fwsm context.
> >
> > Regards,
> > Vikas Sharma
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>

More information about the cisco-nsp mailing list