F5 Big IP LTM Setup of Virtual Interface Profile and Pool

F5 Big-IP LTM Setup of Virtual Server , Pool and SNATs Configuration Overview.

 

Image Source – www.techmusa.com – virtual server with IP 200.100.0.1/32 that will enable us to utilize the LB functionality of the F5 Big-IP

 Overview

This article provides guidance in setting up VIP (Virtual Server) and Pool on F5 Big-IP LTM. It provides general best practices in setting up F5 Big-IP Load balancer to provide proper configuration. Some configurations will vary depending on the environment and use case. This is a general guideline and not to be used as a definitive guide.

In this article, we will use the following example, where node1 and node2 both runs only HTTP and Https services.

The assumption is that the F5 Big-IP LTM is setup properly and licensed accordingly to provide the functionality needed for New setup as per Example.

Virtual Server (VIP) –  200.100.0.1 (https://www.techmusa.com)

Enterprise Server IP address:
Node 1 – 192.168.0.10 :80/443
Node 2 – 192.168.0.11 :80/443

Services –
Http and Https (80 and 443)

 

F5 virtual server VIP

A virtual server is a traffic-management object on the BIG-IP F5 LBR system which represents by an IP address and associated applications Port (Such as 80 for http and 443 for Https). virtual IP address exposed to the external users who can send application traffic on virtual server. Virtual server receives the request from external users and then directs the traffic to virtual nodes behind the F5 Load Balancer according to the configuration instructions.

Below are lists of common VIP Type-:

  1. Standard VIP – A Standard virtual server directs client traffic to a load balancing pool and is the most basic type of virtual server. It is a general purpose virtual server that does everything not expressly provided by the other type of virtual servers.
  2. Forwarding (Layer 2) – A Forwarding (Layer 2) virtual server typically shares the same IP address as a node in an associated VLAN. A Forwarding (Layer 2) virtual server is used in conjunction with a VLAN group.
  3. Forwarding (IP) –  A Forwarding (IP) virtual server forwards packets directly to the destination IP address specified in the client request. A Forwarding (IP) virtual server has no pool members to load balance.
  4. Performance (Layer 4) – A Performance (Layer 4) virtual server has a FastL4 profile associated with it. A Performance (Layer 4) virtual server increases the speed at which the virtual server processes packets.

Pool and pool Members

A Pool is a set of virtual servers or Nodes with running same application and services such as web services. Pool is configured and integrated with Virtual server on F5 Load Balancer. So, any request come to virtual servers, F5 BIG-IP then serves that request to servers that are members of that pool as per load balancing method.

 

Secure Network Address Translation (SNAT)

When you need to ensure that server responses always return through the BIG-IP system, or when you want to hide the source addresses of server-initiated requests from external devices, you can implement a SNAT.

A secure network address translation (SNAT) is a BIG-IP Local Traffic Manager feature that translates the source IP address within a connection to a BIG-IP system IP address that you define. The destination node then uses that new source address as its destination address when responding to the request.

For inbound connections, that is, connections initiated by a client node, SNATs ensure that server nodes always send responses back through the BIG-IP system, when the server’s default route would not normally do so. Because a SNAT causes the server to send the response back through the BIG-IP system, the client sees that the response came from the address to which the client sent the request, and consequently accepts the response.

For outbound connections, that is, connections initiated by a server node, SNATs ensure that the internal IP address of the server node remains hidden to an external host when the server initiates a connection to that host

 

 

  1. Client sends request to BIG-IP system Destination address 200.100.0.1
  2. BIG-IP system sends request to server translates source address 40.1.1.1 to SNAT address 200.100.0.1
  3. Server Processes request and sends response back to SNAT address 200.100.0.1 source address = 192.168.0.10
  4. BIG-IP system translates source address 192.168.0.10 back to 200.100.0.1 and sends response to client 40.1.1.1
  5. Client accepts the response.
  6. Client accepts response due to matching destination and source IP addresses

 

Note -: If the server processes request and sends response to default gateway bypassing BIG-IP system. client reject the response

 

Creating http and https Pool and Virtual Server

Create a http and https Pool containing the three web servers one for http and https. Open the Local Traffic > Pool > Pool List Page, and then click Create. Fill in the appropriate fields with the following

Local Traffic  ››  Pools : Pool List  ››  New Pool…

 

NamePool_name

Health Monitor

TCP

Load Balancing Method

Round Robin

Priority Group Activation

Disable
 

Node Name

Address

Service Port

New Members

(Click Add for each entry)

Leave empty

192.168.0.10

80 /443

 

Leave empty

192.168.0.11

80 /443

 

Leave empty

192.168.0.12

80 /443

 

Local Traffic  ››  Pools : Pool List  ››  New Pool…

Illustrate 1.0

Create TCP based Virtual Servers that Uses the http/https Pool

Open the Local Traffic  ››  Virtual Servers : Virtual Server List  ››  New Virtual Server… , and then click Create. Fill in the appropriate fields with the following:

Namevipname_http/vipname_https
TypeStandard
Destination Address200.100.0.1
Service Port80/443
StateEnabled
ProtocolTCP
Protocol Profiletcp
HTTP Profilehttp
SSL Profile (Client)Client SSL (default)/Select the HTTPS client SSL Profile.
Source Address TranslationAutomap/snat

Default Pool

Select the Pool you created (Pool_name)
Default Persistence Profilecookie

 

Local Traffic  ››  Virtual Servers : Virtual Server List  ››  New Virtual Server…

 

 

Summary

This is a simple way to set up F5 Big-IP Load Balancer to setup and configure new VIP and servers as load balancing. This Article have described the overview of Virtual Server , Pool and SNATs with diagrams.

 

Author: Ronnie Singh

Leave a Reply