Forum Discussion

CaliStar_13172's avatar
CaliStar_13172
Icon for Nimbostratus rankNimbostratus
Jul 27, 2011

F5 and Nexus Routing Issues

We had 10.8 network on 2 F5's in Active and Standby mode. We created a new routing domain for another network 10.18 and also we used different physical interfaces on the F5. The F5's are connected to 2K-5K-7K - Firewall and they are trying to reach to 2 NAS hosts in the prod network which is a similar 7K-5K-2K . The 10.8 works fine.

 

 

When we try to reach to 2 hosts from the newly created 10.18 subnet servers , we are able to connect to one of the hosts. The traffic for the other host drops in the F5 and 7K mess. We plugged in a laptop to eliminate the server from which we were trying to reach to the hosts, the opposite happens now. We were able to reach to the nas host which we weren't reaching from the server.

 

 

Somewhere the traffic gets dropped .

 

 

Did anybody face similar problems? ? Please suggest.

 

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Can you create a logical diagram and attach it?

     

     

    I don't follow why you created separate routing domains for what looks like to me just two separate subnets... (10.8.0.0/16 and 10.18.0.0/16). To me that should just be one (If summarised) to two static routes configured on the F5 to reach the destination subnets.

     

     

    H
  • We had to create separate routing domains because 10.8 and 10.18 would be firewalled off in future.

     

     

    Also we have a VIP VLAN which is a layer 3 SVI on the Core .

     

    The node VLAN's are layer 2 only with statics on the core pointing to the VIP's .

     

    The NAS server is sitting in the prod which is a completely different network.

     

     

    We have this setup for the current 10.8 network . We were trying to move the 10.18 behind the F5's in a similar setup but we are using different physical interfaces on the F5.

     

     

    I will create the complete logical diagram and upload it soon.
  • We have a self IP and floating IP on the LTM . 3 IP's per inside vlan - one for the active unit, one for the standby unit and one floating IP across both units

     

     

    The real machines (nodes) have default gateway to that of the floating IP.
  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    AIUI that's not what routing domains on the LTM is intended for... Routing domains are for where you have two networks with the same address space... What you've got is just two subnets....

     

     

    IIUC what your setup looks like you just need two vlans.

     

     

    H

     

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    AIUI that's not what routing domains on the LTM is intended for... Routing domains are for where you have two networks with the same address space... What you've got is just two subnets....

     

     

    IIUC what your setup looks like you just need two vlans.

     

     

    H

     

  • Do you have any suggestions on how we should approach towards this problem?

     

     

    thanks for your time....

     

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Yeah. Just drop the routing domains on the BigIP and route to the destination subnets normally.
  • Imho the routing domains is to virtulize the F5 ( eq. different securty zones) and to maintain Users from doing something wrong (leaking traffic from a operator mistake in conjuction with partitions) and in the later release dedicate hardware resources to each routing domains.