F5 Big-IP LTM Setup of Virtual Server , Pool and SNATs Configuration Overview.
Image Source – www.techmusa.com – virtual server with IP 184.108.40.206/32 that will enable us to utilize the LB functionality of the F5 Big-IP
This article provides guidance in setting up VIP (Virtual Server) and Pool on F5 Big-IP LTM. It provides general best practices in setting up F5 Big-IP Load balancer to provide proper configuration. Some configurations will vary depending on the environment and use case. This is a general guideline and not to be used as a definitive guide.
In this article, we will use the following example, where node1 and node2 both runs only HTTP and Https services.
The assumption is that the F5 Big-IP LTM is setup properly and licensed accordingly to provide the functionality needed for New setup as per Example.
Virtual Server (VIP) – 220.127.116.11 (https://www.techmusa.com)
Enterprise Server IP address:
Node 1 – 192.168.0.10 :80/443
Node 2 – 192.168.0.11 :80/443
Http and Https (80 and 443)
F5 virtual server VIP –
A virtual server is a traffic-management object on the BIG-IP F5 LBR system which represents by an IP address and associated applications Port (Such as 80 for http and 443 for Https). virtual IP address exposed to the external users who can send application traffic on virtual server. Virtual server receives the request from external users and then directs the traffic to virtual nodes behind the F5 Load Balancer according to the configuration instructions.
Below are lists of common VIP Type-:
- Standard VIP – A Standard virtual server directs client traffic to a load balancing pool and is the most basic type of virtual server. It is a general purpose virtual server that does everything not expressly provided by the other type of virtual servers.
- Forwarding (Layer 2) – A Forwarding (Layer 2) virtual server typically shares the same IP address as a node in an associated VLAN. A Forwarding (Layer 2) virtual server is used in conjunction with a VLAN group.
- Forwarding (IP) – A Forwarding (IP) virtual server forwards packets directly to the destination IP address specified in the client request. A Forwarding (IP) virtual server has no pool members to load balance.
- Performance (Layer 4) – A Performance (Layer 4) virtual server has a FastL4 profile associated with it. A Performance (Layer 4) virtual server increases the speed at which the virtual server processes packets.
Pool and pool Members
A Pool is a set of virtual servers or Nodes with running same application and services such as web services. Pool is configured and integrated with Virtual server on F5 Load Balancer. So, any request come to virtual servers, F5 BIG-IP then serves that request to servers that are members of that pool as per load balancing method.
Secure Network Address Translation (SNAT)
When you need to ensure that server responses always return through the BIG-IP system, or when you want to hide the source addresses of server-initiated requests from external devices, you can implement a SNAT.
A secure network address translation (SNAT) is a BIG-IP Local Traffic Manager feature that translates the source IP address within a connection to a BIG-IP system IP address that you define. The destination node then uses that new source address as its destination address when responding to the request.
For inbound connections, that is, connections initiated by a client node, SNATs ensure that server nodes always send responses back through the BIG-IP system, when the server’s default route would not normally do so. Because a SNAT causes the server to send the response back through the BIG-IP system, the client sees that the response came from the address to which the client sent the request, and consequently accepts the response.
For outbound connections, that is, connections initiated by a server node, SNATs ensure that the internal IP address of the server node remains hidden to an external host when the server initiates a connection to that host
- Client sends request to BIG-IP system Destination address 18.104.22.168
- BIG-IP system sends request to server translates source address 22.214.171.124 to SNAT address 126.96.36.199
- Server Processes request and sends response back to SNAT address 188.8.131.52 source address = 192.168.0.10
- BIG-IP system translates source address 192.168.0.10 back to 184.108.40.206 and sends response to client 220.127.116.11
- Client accepts the response.
- Client accepts response due to matching destination and source IP addresses
Note -: If the server processes request and sends response to default gateway bypassing BIG-IP system. client reject the response
Creating http and https Pool and Virtual Server
Create a http and https Pool containing the three web servers one for http and https. Open the Local Traffic > Pool > Pool List Page, and then click Create. Fill in the appropriate fields with the following
Load Balancing Method
Priority Group Activation
(Click Add for each entry)
Create TCP based Virtual Servers that Uses the http/https Pool
|SSL Profile (Client)||Client SSL (default)/Select the HTTPS client SSL Profile.|
|Source Address Translation||Automap/snat|
|Select the Pool you created (Pool_name)|
|Default Persistence Profile||cookie|
This is a simple way to set up F5 Big-IP Load Balancer to setup and configure new VIP and servers as load balancing. This Article have described the overview of Virtual Server , Pool and SNATs with diagrams.