Load balance to node in the same DC where VIP is active

Question

Hi,&nbsp;
We have following (simplified) scenario:&nbsp;
Two data centers: DC1, DC2.&nbsp;
Two F5 LTMs, one LTM in each DC, they run in active/standby mode and have one VIP configured.&nbsp;
Two application servers, one server in each DC, they both should serve the VIP.&nbsp;
Now the requirement is to send all traffic to just one server which lives in the same DC as where the VIP is currently active. So if the VIP is currently owned by DC1 LTM, all requests should be forwarded to server in DC1. Server in DC2 should be only used if server in DC1 becomes unavailable.&nbsp;
If there is VIP failover and it suddenly is listening on the LTM in DC2, all requests should be forwarded to server in DC2 (server in DC1 only as a backup in case of server DC1 failure).&nbsp;
What is the best way to achieve this? LTM policies, iRules? I don't know what the factor for the decision should be - something about the VIPs real IP, or the active/standby status of the LTM itself and somehow include it in the iRule?&nbsp;

farshad_249798 · Answer

You need to track a unique local id somehow and then use irule to select pool member based on that id. Haven’t tested this but I would use tcl_platform(machine) to get hostname assuming they are different.

simon_blakely · Answer

That isn't really an HA configuration, it is a DC failover design.&nbsp;
LTM HA requires that each LTM in the HA pair has the same view of the network, and treats all the pool member as equivalent. You want one pool member to be associated to one LTM in one DC, and the other pool member to be associated to the other LTM in the other DC. LTM HA cannot be configured to do this.&nbsp;
You also have the issue of moving an IP address (the virtual IP) from one DC to another - how are you planning to make that work if the DC's have different uplinks to the internet?&nbsp;
For a DC failover design, you would have a LTM (or LTM HA pair) and virtual in each DC, and use a F5 GTM/DNS to send traffic to whichever DC is preferred. If the GTM detects that a DC is down (pool member,virtual or upstream link failure), then it starts sending traffic using the wideIP to the other DC until service is restored.&nbsp;

martin_vlasko · Answer

I know it's a bit special setup, but that came as a requirement from the application team. It does not make much sense to me either, but I wanted to find out if something like that is even possible if I really have to implement it.
Thanks Farshadd for the tip, it is actually exactly what I need. I tried it and it works with this simple irule assigning one of two different pools:
when CLIENT_ACCEPTED {
    set f5 $static::tcl_platform(machine)
    if { $f5 equals "f5DC1.mydomain.com" } { 
        pool pool_APP_DC1_DC2
    } elseif { $f5 equals "f5DC2.mydomain.com" } {
        pool pool_APP_DC2_DC1
    } else {
        log local0. "Error: machine info invalid!"
        reject
    }
}

The pools will use priority group scheme:
pool_APP_DC1_DC2: server in DC1 higher priority than the server in DC2
pool_APP_DC2_DC1: server in DC2 higher priority than the server in DC1
With this setup I need only 1 VIP, the HA will be achieved because the VIP can still fail over to the other DC, and each pool will have the possibility to fail over to second pool member shall the higher priority member become unavailable. I agree this is not about balancing the load, but more about "same DC VIP to server stickyness" while keeping the HA in place.

simon_blakely · Answer

I hope the DC's have a low-latency interconnect for HA. I suspect that you will encounter unforseen issues with this implementation.
The only other recommendation I can make:
Shift the static variable declaration to RULE_INIT for efficiency
when RULE_INIT {
    set f5 $static::tcl_platform(machine)
}
when CLIENT_ACCEPTED {
    if { $f5 equals "f5DC1.mydomain.com" } { 
        pool pool_APP_DC1_DC2
    } elseif { $f5 equals "f5DC2.mydomain.com" } {
        pool pool_APP_DC2_DC1
    } else {
        log local0. "Error: machine info invalid!"
        reject
    }
}

martin_vlasko · Answer

Thanks for the tip with the RULE_INIT. 
Out of curiosity, why would the DC interconnect link latency matter in this exact situation?
The irule should actually keep the traffic within a single DC.&nbsp;

Forum Discussion

Load balance to node in the same DC where VIP is active

8 Replies

Recent Discussions

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

Ansible modules for F5OS

VPN fragmented IP packets dropped

Related Content

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Especial Load Balancing Active-Passive Scenario (I)

Especial Load Balancing Active-Passive Scenario (II)

Coordinated Vulnerability Disclosure: A Balanced Approach

NGINXaaS for Azure: Load Balancing