I would well balance workload on two different web servers listening on https
I was thinking to use a Load Balancer that is running on an host A.B.C.D.X and listening on a https, so it well distribute the load on https://A.B.C.D.E:9343 and https://A.B.C.D.E:9343 using the Round Robin method.
I would use F5 Big-IP LTM to deploy this configuration.
I installed Big-IP F5 on a system that has two network adapter with these IPs:
I launched 10.10.10.X in browser to configure the Balancer-
I have crated a Pool on F5 BIG-IP : "my_pool" with two members:
M1: NODE1 with address A.B.C.D.E and Service Port 9343
M2: NODE2 with address A.B.C.D.F and Service Port 9343
Then I have created a Virtual Server: my_VirtualServer
(Type Standard) to distribute load to the above two web servers (assigning it the "my_pool" pool)
I have set : Source Address 0.0.0.0/0 , Destination Address A.B.C.X:443 https
but this configuration doesn't work,
At each test : connect to https:A.B.C.X:443 by the browser,
the browser opens the Management F5 BIG-IP application instead of to connect one of the two above WebServers.
How can be managed this type of configuration ?
Can you post output of browser when you connect to https://A.B.C.X ?
Added the logon that I see and the page after the logon
your virtual server shouldn't be on the same IP as the self IP, give it another IP in the range of one of the self IPs.
As boneyard said, please use a different IP for your VS with-in same subnet of your self IP. Let us know if you have any questions
You need to use a different IP address for your virtual server.
If the two web servers are in the same subnet as the IP address you use for the virtual server you'll need to activate SNAT Automap.
If your not doing ssl offloading on the F5 that should be enough.
If you are doing ssl offloading you'll need to create a client ssl profile with the certificate and private key for the website.
You'll need to activate both the client-ssl profile and a server-ssl profile on your virtual server.
You might also want to use an https health monitor for your pool.
Hope this helps!
Following above suggestions, I have applied these changes:
On linux system hosting the F5 BIG IP, I configured :
- a network interface with ip 10.10.10.54 communicating with 10.10.10.56 and 10.10.10.58;
- F5 management interface is on IP 22.214.171.124;
- Defined Virtual Server , with Destination address 9.A.B.54 , port 443 - https;
with Source addresses 0.0.0.0/0, with Client and Server SSL profiles;
with node members associated to the web servers 10.10.10.56 and 10.10.10.56 (up and running OK);
But if I launch from external client browser : https://9.A.B.54:443 it opens the F5 Management Interface instead of redirect to one of web servers
I see only for less than 1 second a string "redirect" in the middle of browser page, but it returns to the F5 management interface
Try VS destination IP from same subnet as your self IP or your back-end servers instead of 9.A.B.54.
why show all IPs and then do 9.a.b.54, it feels like you are trying to hide things which make it difficult for us to trouble shoot and really don't matter as this is test any way right?
should us some configuration snippets of what you created.
I followed this configuration got in a demo video of F5 , and I applied the ip in green, red and blue. I would not hide things . Actually A is 49 and B is 35 . Then consider the network 9.49.35.x
The linux system hosting F5 has three network interfaces :
126.96.36.199 planned for F5 local management;
10.10.10.54 planned to communicate internally with web servers: 10.10.10.56 and 10.10.10.58;
9.A.B.54 planned to be Destination Address.
So my scope is : user connects to https://9.A.B.54:5343 and then the F5 should load balance the connection to https://10.10.10.56:9343 and https://10.10.10.58:9343
Can you provide log from /var/log/ltm from the time of request?
I see only these few tracks:
9.A.C.27 is the source form where I tried https://9.A.B.54:443
Aug 30 05:21:05 nc135054 err mcpd: 0107028a:3: The source address (9.A.C.27) for virtual server (/Common/nc135054_vs) must have a prefix length.
Aug 30 06:08:36 nc135054 notice mcpd: 010719e7:5: Virtual Address /Common/10.10.10.54 general status changed from BLUE to RED.
Aug 30 06:08:36 nc135054 notice mcpd: 010719e8:5: Virtual Address /Common/10.10.10.54 monitor status changed from UNCHECKED to DOWN.