Search This Blog

2016-12-22

F5 Load Balancing

What is a Load Balancer

Beyond making routing decisions a load balancer inspects application traffic rather than just routing information to make forwarding decisions.
Will look at the connection loads of all nodes behind and make an educated choice as to where to forward the packet

Features

Intercept and redirect incoming traffic
ex. redirect www.domain.com to https://www.domain.com/test

Provides SSL certification-based authentication and termination
Has an SSL module installed to encrypt and re-encrypt traffic.
This allows some migration of load from the web servers performing the encryption to the F5 load balancer.

Inspect application data and make routing decisions based off of iRules.
Example: You can make it so that all iPad users are redirected to a specific site.

Has packet filters which are similar to access control lists

What is load balancing

When you have multiple network servers as resources responding to client requests made to a virtual IP.

Structure
VIP - Primary IP Address for the site
 POOL - Pool is a VIPs resource and has a load balancing algorithm applied
  MEMBER1
  MEMBER2
  MEMBER3

Health checks are applied to pool members to ensure the pool members are in a safe state to redirect traffic to them.

Local Traffic Objects

Network Map - Shows how the VIPs are tied to pools and resources
Virtual Servers - Where all your configuration for your VIPs are stored 
 Profiles - If you want to configure persistence or SSL termination
 iRules - To configure manipulation of application data or payload requests traveling through the LTM
 Pools - The resources for VIPs to group members together
 Nodes - Are the IP addresses of the servers you are going to use
Monitors - Health Checks of Big IP LTM used to determine if a host is in a healthy state
Traffic Class - Allow you to classify traffic based off multitude of criteria 
Address Translation - Allows you to connect to devices not in the same IP space using SNAT

Connection Table

Used to store and manage all of its connections

Two different types of connections: Client Side and Server Side
Client side is external to the Big IP (also referred to the front side or internet facing side or connection initiating side)
Server side is internal

Every connection uses resources and inactive connection purging happens to save system resources

iRules

Allows manipulation of server side and client traffic all the way up to the application layer
Parses through the client server headers and looking at payload data to make decisions

A main use of iRules is to perform a redirect whether its a plain URL redirect redirecting one site to another or performing an HTTP to HTTPS redirect.

Event Declaration - Defines the state the connection is currently in
Tcl Code - is executed when the event is matched

SSL Termination

Not only does it relieve some performance of the web servers it also gives the load balancer the ability to see the actual traffic and make routing decisions
SSL Cert and Key are required to terminate SSL connections - added to the load balancer in the form of a profile
Occasionally if policy does not allow server side data to be decrypted the F5 has the ability to re-encrypt data after decryption and inspection









No comments:

Post a Comment