LTLnetworker | IT hálózatok, biztonság, Cisco

               IT networks, security, Cisco

Posts Tagged ‘BIG-IP’

Management network topology and asymmetric routing

Posted by ltlnetworker on August 16, 2015

We all want a management network or at least a management VLAN. Regarding those who say they have none, actually they do have a VLAN for management, it is probably just shared with ordinary users (i. e. it is not dedicated). But most IT people prefer a dedicated VLAN that is not used for other kind of traffic and preferably not reachable for users.

In this article we use this definition:
a management VLAN or management network is a dedicated segment for network management traffic which can be used for:

  • administering your network devices (aka device access: switches, routers, firewalls via telnet, ssh, https etc.)
  • collecting monitoring information (syslog, SNMP etc.)
  • hosting syslog, monitoring and management servers (Nagios, Tivoli, Cisco Prime etc.)
  • AAA traffic (RADIUS or TACACS+ to Cisco ACS/ISE)

Read the rest of this entry »

Posted in ASA, Check Point, Cisco, F5, Fortinet, routing, switch | Tagged: , , , , , | 3 Comments »

Load balancer topology design (Cisco ACE, F5 BIG-IP LTM)

Posted by ltlnetworker on April 12, 2014

Adding a load balancer to an existing network is easy. You just open the vendor’s quick start guide, connect some cables to the server segment, maybe some to the core network. Load balancer configuration includes assigning IP addresses, defining virtual servers and adding server pools. Practically you are done, all the rest you need to do is adding some static routes to some servers or tweaking some NAT setting on the load balancer.

Actually, I don’t say this is evil. Such setups can work for long times with moderate risks and operation principles may be well defined and documented. Even if it can cause problems for network redesign or firewall projects and I estimate slightly higher opex as the tricky load balancer topology most be considered at all changes, still, I can accept such a method in some cases.

However, I am a networker and I prefer creating a design that reflects general best practice of networking.
Read the rest of this entry »

Posted in Cisco, load balancer | Tagged: , , , | 2 Comments »