Forum Discussion
Hamish
Apr 11, 2011Cirrocumulus
Well.
Asymmetric routing is supported. It's usually referred to as n-path routing in F5 world. However the limitation of that is that you can't perform any manipulation of traffic from server back to client.
There's two methods of having the return traffic pass via the F5. SNAT (Where the F5 actually looks like the proxy it really is :) that you're already using, and routed where the return path to the client from the server is via the F5. (The return traffic usually has to return via the same interface that the F5 sent it to the server on BTW, returning to the F5 via a separate interface doesn't work (Or didn't used to. It may have been fixed, but I don't think it has)). The routed method means that the server sees the connection as coming from the original client IP. Very useful for debugging, especially where protocols don't support the equivalent of X-ForwardFor headers like in HTTP (Because you can tcpdump on the clients IP at the server).
Now. Your questions.
1. If you configure an additional VLAN, I'd doit as a separate subnet. Not the same address space. Same address space implies bridging. Which is seldom conducive to scaling. To create a new subnet you don't have to change your addressing scheme. Just allocate another /24 network and use that.
2. If you create a new subnet and slit services over them, you'll reduce your traffic on your VLAN interface by whatever amount. If you're concerned about traffic across your VS VLAN, you could create two of them too. Or more. But ideally etherchannels (F5 calls them trunks, but they're not the same as a cisco trunk) or link aggregation (Using LACP) is best for scaling traffic without subnetting your network and trying to split traffic that way).
H