Design Strategies in F5 LTM–Part 1

A key to an effective, resilient and robust network is a good design. Big IP design is a key for faster and more effective failover leading to greater availability and lesser convergence time. This blog is written with the deployment considerations that are done.
A Big IP works like a switch, having VLAN’s and Spanning Tree Protocol. This enables the Big IP to fit right into your LAN design. You are offered with choices of Active/Standby (Failover) pair or Active/Active or as I like to call it, the “load balance your load balancer” pair, which doubles up on covering for each other. All this is feasible with the concept of “Floating IP”, “Gratuitous ARP” or “Mac Masquerading”.
When the initial configuration of Big IP is done, these are things you need to consider,
  1. What business purpose will this need to serve?
  2. How many businesses are going to be using it?
  3. Where is the load balancer going to be located physically?
  4. Where are the Servers that need to be load balanced going to be located?
Well I have assumed that the Big IP is rightly sized based on the Capacity Planning and licensed as per needs. The above questions will lead us to the answers for one of the most critical things in design, (i.e.) The number of VLAN’s that will be on the Big IP.
We have the following options when designing the Big IP deployments
  1. One Arm Mode
  2. Two Arm Mode
  3. Multi Arm Mode
The number of Arm’s are nothing more but the number of VLAN’s that are created and active on the Big IP. We in this blog will only detail the One Arm Mode:
One Arm Mode is the most common kind of deployment seen nowadays. This is very easy to achieve, this means, creating just one VLAN on the Load Balancer, both the physical servers to be load balanced and the Clients that are try to reach the servers use the same VLAN. So if the Load balancer can reach the clients and servers using that VLAN, we are all set.
This causes the minimum impact on the existing LAN / WAN Design. But it is to be noted that for this to work, we need to enable SNAT (Source NAT) settings on our load balancer.
The below diagram shows the functioning of the One Arm Mode and traffic flow with and without SNAT.
One ARM Mode – Physical Connection
Traffic Flow (Without SNAT)
As you can see without SNAT the traffic flow will be asymmetric and the F5 will block the next packet and so the above will not work. (There is a way to make this setup work as well, that is called n-path in F5 terminology and DR mode (Direct Routing Mode) load balancing in general terms. More on that later.
With SNAT:
As you can see with SNAT the traffic flow Normalizes and the connection starts working again.
Thus this is one of the most commonly deployed scenarios in the Load Balancer world, I will be detailing the other modes in my future blog posts, so till then, take care …


  1. very informative, when can we expect part-2

  2. sure sidd ... if you are interested in some thing, I can detail on that first ...

  3. Hi - where can I find this icons you have used in your diagram ? Cheers

    1. Visio 2010 and F5 stencils that you can download of devcentral

  4. Hi
    Is this design still hold for LTM in 2014 ? Thanks !

    1. May be ... It really depends in what you want to do. The designs could be made a little better due to Viprions and what not, but the basic construct is pretty much the same

  5. This comment has been removed by a blog administrator.


Post a Comment

Popular posts from this blog

Juniper Aggregate Interfaces (LACP/No LACP)

HA Proxy for Exchange 2010 Deployment & SMTP Restriction