Networking-fu query? (ASA, BigIP)
If you don't recognize the hardware mentioned in the subject, you don't want to bother looking back here.
So.
I have an existing production network.
ColoNet->Old Pix->Old BigIP->(lots of NAT rules)->All my machines, load balanced and not.
I have a pile of new (and newer) networking hardware:
48 port gig switch
2x Cisco ASA 5520
2x F5 BigIP 1500
I want to redo my production network. Of course, I want almost no
downtime, but I /think/ I've got that set, if I can get through the rest
of it.
IP Space is a /26 and a /28. Servers are, pretty much, randomly
distributed within this space. A (external-facing) renumber is really
undesirable. I'm using most of my space.
What I want:
ColoNet->(Switch, VLAN10)(Switch, Trunked to other switches)
|
v
Pair of ASA - probably handling the nating?
| \-(e2)---->(Switch, VLAN 100)
(e1) \------------>Various stuff, like
| mail senders and the like
V
(Switch, VLAN150)
|
V
Pair of BigIP
|
v
Web Servers, MySQL-Read servers
The problem I can't figure out is how to not have to renumber everthing.
If I had an extra clear IP block, I could set up e2 to have that block,
and then go through the painful renumbering process a bit less
painfully.
If it's possible to avoid the renumber, how do I do it? I can't for the
life of me figure out how it should go.
Also, is it just me, or does a failover pair of ASAs present as
indistiguishable from each other unless you know their MACs? The
hostname gets set the same and all IPs seem to transition. BigIP seems
to keep some IPs the same (private) across failover, and if Cisco does
this, I can't see where.
I'm probably skipping over big hunks of understanding. Hell, this is the
1st time I've dealt with VLANs. :/
Thanks for any help you can give.
So.
I have an existing production network.
ColoNet->Old Pix->Old BigIP->(lots of NAT rules)->All my machines, load balanced and not.
I have a pile of new (and newer) networking hardware:
48 port gig switch
2x Cisco ASA 5520
2x F5 BigIP 1500
I want to redo my production network. Of course, I want almost no
downtime, but I /think/ I've got that set, if I can get through the rest
of it.
IP Space is a /26 and a /28. Servers are, pretty much, randomly
distributed within this space. A (external-facing) renumber is really
undesirable. I'm using most of my space.
What I want:
ColoNet->(Switch, VLAN10)(Switch, Trunked to other switches)
|
v
Pair of ASA - probably handling the nating?
| \-(e2)---->(Switch, VLAN 100)
(e1) \------------>Various stuff, like
| mail senders and the like
V
(Switch, VLAN150)
|
V
Pair of BigIP
|
v
Web Servers, MySQL-Read servers
The problem I can't figure out is how to not have to renumber everthing.
If I had an extra clear IP block, I could set up e2 to have that block,
and then go through the painful renumbering process a bit less
painfully.
If it's possible to avoid the renumber, how do I do it? I can't for the
life of me figure out how it should go.
Also, is it just me, or does a failover pair of ASAs present as
indistiguishable from each other unless you know their MACs? The
hostname gets set the same and all IPs seem to transition. BigIP seems
to keep some IPs the same (private) across failover, and if Cisco does
this, I can't see where.
I'm probably skipping over big hunks of understanding. Hell, this is the
1st time I've dealt with VLANs. :/
Thanks for any help you can give.