Connect F5 Load balancer to ACI fabric without integrating (Just need to provide network connectivit...

Thushan Pramod · ‎01-22-2018

I need to attach F5 load balancer to ACI fabric without integrating, Customer need to attach it as access ports. Can I use the same procedure which we use for BM server attachment to ACI fabric via access ports.? Please assist me.

Rick1776 · ‎01-22-2018

Correct, if you aren't going to use the device package you would install it the same as a BM and or connecting a Switch with the Physical and external domains.

This is a pretty great configuration
guide.https://www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/aci-f5-deployment-guide-iworkflow.pdf

Thushan Pramod · ‎02-03-2018

Hi Rick1776,
It was really helpful and thanks a lot for the information provided.

Rick1776 · ‎02-03-2018

No problem have a great day.

alfafa973 · ‎09-03-2019

Good morning,

How can I download the guide you mentioned? I t doesn't seem to be available anymore on the Cisco public website.

https://www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/aci-f5-deployment-guide-iworkflow.pdf

Thank you.

Thushan Pramod · ‎09-03-2019

Here is the file you requested.

alfafa973 · ‎09-03-2019

Thank you very much.

alfafa973 · ‎09-03-2019

Good afternoon,

One more question if you don't mind me asking:

In my case, I can't use unmanaged/managed service graph because I need to have the VIP in a different subnet (the self-ip subnet not the same as VIP/Pool subnet).

I use as well the GTM to check whick LTM is actually available.

Therefore, I have to use EPG mode (At least, it is my understanding). Is there a deployment guide related to EPG mode? I did my configuration and I found a way to advertise the VIP (subnet under the EPG as per screenshot below but every VIP has to be advertise individually, only /32 are allowed). Is there a different way of doing this configuration in EPG mode?

Kind regards.

Thushan Pramod · ‎09-03-2019

Are you providing only the networking for F5 through ACI?, Then you have to go as BM server on-boarding to ACI fabric. I have not got your concern clearly. If you need to advertise the subnets can do it in BD level easily as well.

alfafa973 · ‎09-03-2019

Hi Thushan,

If I advertise the VIP subnet under the BD (BD with two subnets, one for the self-ip and one for the VIP). It does work fine in term of routing advertisement.

However, the LTM will not respond to any ARP request sent to the VIP subnet unless the traffic is routed to it.

For example, if my self-IP subnet is 192.168.1.0/24 and my VIP is 10.10.10.0/24, I can have a BD with these two subnets. they are advertised fine.

But, if a client let say 172.16.16.1 try to access a group of servers from the VIP 10.10.10.1, the traffic goes up to the BD but the LTM will not respond to the arp asking for the mac-address of 10.10.10.1.

Therefore, it doesn't work. I cannot reach the virtual servers (VIP subnet) just by advertising the VIP subnet from the BD.

I have to route the traffic to the LTM. To expect the LTM to deal with the traffic, I need to route to the VIP through the self-ip hence the screenshot I sent.

However, with this form of static routing, I can only advertise /32 not a /24 ( if i have 15 VIP, I need to do it 15 times) so I was wondering if there was another option to achieve the same result.

Please let me know if it does make more sense now. I'm conscious my first message was surely not clear enough.

Thank you.

Connect F5 Load balancer to ACI fabric without integrating (Just need to provide network connectivity)