What is a Load BalancerBeyond making routing decisions a load balancer inspects application traffic rather than just routing information to make forwarding decisions.
Will look at the connection loads of all nodes behind and make an educated choice as to where to forward the packet
FeaturesIntercept and redirect incoming traffic
ex. redirect www.domain.com to https://www.domain.com/test
Provides SSL certification-based authentication and termination
Has an SSL module installed to encrypt and re-encrypt traffic.
This allows some migration of load from the web servers performing the encryption to the F5 load balancer.
Inspect application data and make routing decisions based off of iRules.
Example: You can make it so that all iPad users are redirected to a specific site.
Has packet filters which are similar to access control lists
What is load balancingWhen you have multiple network servers as resources responding to client requests made to a virtual IP.
VIP - Primary IP Address for the site POOL - Pool is a VIPs resource and has a load balancing algorithm applied MEMBER1 MEMBER2 MEMBER3
Health checks are applied to pool members to ensure the pool members are in a safe state to redirect traffic to them.
Local Traffic Objects
Network Map - Shows how the VIPs are tied to pools and resources Virtual Servers - Where all your configuration for your VIPs are stored Profiles - If you want to configure persistence or SSL termination iRules - To configure manipulation of application data or payload requests traveling through the LTM Pools - The resources for VIPs to group members together Nodes - Are the IP addresses of the servers you are going to use Monitors - Health Checks of Big IP LTM used to determine if a host is in a healthy state Traffic Class - Allow you to classify traffic based off multitude of criteria Address Translation - Allows you to connect to devices not in the same IP space using SNAT
Connection TableUsed to store and manage all of its connections
Two different types of connections: Client Side and Server Side
Client side is external to the Big IP (also referred to the front side or internet facing side or connection initiating side)
Server side is internal
Every connection uses resources and inactive connection purging happens to save system resources
iRulesAllows manipulation of server side and client traffic all the way up to the application layer
Parses through the client server headers and looking at payload data to make decisions
A main use of iRules is to perform a redirect whether its a plain URL redirect redirecting one site to another or performing an HTTP to HTTPS redirect.
Event Declaration - Defines the state the connection is currently in
Tcl Code - is executed when the event is matched
SSL TerminationNot only does it relieve some performance of the web servers it also gives the load balancer the ability to see the actual traffic and make routing decisions
SSL Cert and Key are required to terminate SSL connections - added to the load balancer in the form of a profile
Occasionally if policy does not allow server side data to be decrypted the F5 has the ability to re-encrypt data after decryption and inspection