What is a Load Balancer
Beyond making routing decisions a load balancer inspects application traffic rather than just routing information to make forwarding decisions.
Will look at the connection loads of all nodes behind and make an educated choice as to where to forward the packet
Features
Intercept and redirect incoming traffic
ex. redirect www.domain.com to https://www.domain.com/test
Provides SSL certification-based authentication and termination
Has an SSL module installed to encrypt and re-encrypt traffic.
This allows some migration of load from the web servers performing the encryption to the F5 load balancer.
Inspect application data and make routing decisions based off of iRules.
Example: You can make it so that all iPad users are redirected to a specific site.
Has packet filters which are similar to access control lists
What is load balancing
When you have multiple network servers as resources responding to client requests made to a virtual IP.
Structure
VIP - Primary IP Address for the site
POOL - Pool is a VIPs resource and has a load balancing algorithm applied
MEMBER1
MEMBER2
MEMBER3
Health checks are applied to pool members to ensure the pool members are in a safe state to redirect traffic to them.
Local Traffic Objects
Network Map - Shows how the VIPs are tied to pools and resources
Virtual Servers - Where all your configuration for your VIPs are stored
Profiles - If you want to configure persistence or SSL termination
iRules - To configure manipulation of application data or payload requests traveling through the LTM
Pools - The resources for VIPs to group members together
Nodes - Are the IP addresses of the servers you are going to use
Monitors - Health Checks of Big IP LTM used to determine if a host is in a healthy state
Traffic Class - Allow you to classify traffic based off multitude of criteria
Address Translation - Allows you to connect to devices not in the same IP space using SNAT
Connection Table
Used to store and manage all of its connections
Two different types of connections: Client Side and Server Side
Client side is external to the Big IP (also referred to the front side or internet facing side or connection initiating side)
Server side is internal
Every connection uses resources and inactive connection purging happens to save system resources
iRules
Allows manipulation of server side and client traffic all the way up to the application layer
Parses through the client server headers and looking at payload data to make decisions
A main use of iRules is to perform a redirect whether its a plain URL redirect redirecting one site to another or performing an HTTP to HTTPS redirect.
Event Declaration - Defines the state the connection is currently in
Tcl Code - is executed when the event is matched
SSL Termination
Not only does it relieve some performance of the web servers it also gives the load balancer the ability to see the actual traffic and make routing decisions
SSL Cert and Key are required to terminate SSL connections - added to the load balancer in the form of a profile
Occasionally if policy does not allow server side data to be decrypted the F5 has the ability to re-encrypt data after decryption and inspection
