Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Load Balancer to web servers

Hi, I would well balance workload on two different web servers listening on https

  1. Web Server 1 : https://A.B.C.D.E:9343 2: Web Server 2 : https://A.B.C.D.F:9343

I was thinking to use a Load Balancer that is running on an host A.B.C.D.X and listening on a https, so it well distribute the load on https://A.B.C.D.E:9343 and https://A.B.C.D.E:9343 using the Round Robin method.

I would use F5 Big-IP LTM to deploy this configuration.

I installed Big-IP F5 on a system that has two network adapter with these IPs:

10.10.10.X A.B.C.X I launched 10.10.10.X in browser to configure the Balancer-

I have crated a Pool on F5 BIG-IP : "my_pool" with two members:

M1: NODE1 with address A.B.C.D.E and Service Port 9343 M2: NODE2 with address A.B.C.D.F and Service Port 9343

Then I have created a Virtual Server: my_VirtualServer (Type Standard) to distribute load to the above two web servers (assigning it the "my_pool" pool)

I have set : Source Address 0.0.0.0/0 , Destination Address A.B.C.X:443 https

but this configuration doesn't work, At each test : connect to https:A.B.C.X:443 by the browser, the browser opens the Management F5 BIG-IP application instead of to connect one of the two above WebServers.

How can be managed this type of configuration ?

0
Rate this Question
Comments on this Question
Comment made 28-Aug-2017 by PK 681

Can you post output of browser when you connect to https://A.B.C.X ?

0
Comment made 28-Aug-2017 by tocotti 18

![Image Text](/Portals/0/Users/051/71/331571/Browser.jpg?ver=2017-08-28-121152-503)

0
Comment made 28-Aug-2017 by tocotti 18

Image Text

0
Comment made 28-Aug-2017 by tocotti 18

Added the logon that I see and the page after the logon Thanks

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

your virtual server shouldn't be on the same IP as the self IP, give it another IP in the range of one of the self IPs.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

As boneyard said, please use a different IP for your VS with-in same subnet of your self IP. Let us know if you have any questions

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You need to use a different IP address for your virtual server. If the two web servers are in the same subnet as the IP address you use for the virtual server you'll need to activate SNAT Automap. If your not doing ssl offloading on the F5 that should be enough. If you are doing ssl offloading you'll need to create a client ssl profile with the certificate and private key for the website. You'll need to activate both the client-ssl profile and a server-ssl profile on your virtual server. You might also want to use an https health monitor for your pool.

Hope this helps!

0
Comments on this Answer
Comment made 29-Aug-2017 by tocotti 18

Hi, Following above suggestions, I have applied these changes:

  • WebServer1 is on 10.10.10.56 listening on https 9343
  • WebServer1 is on 10.10.10.58 listening on https 9343

On linux system hosting the F5 BIG IP, I configured : - a network interface with ip 10.10.10.54 communicating with 10.10.10.56 and 10.10.10.58; - F5 management interface is on IP 1.1.1.54; - Defined Virtual Server , with Destination address 9.A.B.54 , port 443 - https;
with Source addresses 0.0.0.0/0, with Client and Server SSL profiles;
with node members associated to the web servers 10.10.10.56 and 10.10.10.56 (up and running OK);

But if I launch from external client browser : https://9.A.B.54:443 it opens the F5 Management Interface instead of redirect to one of web servers

I see only for less than 1 second a string "redirect" in the middle of browser page, but it returns to the F5 management interface

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi, Following above suggestions, I have applied these changes:

  • WebServer1 is on 10.10.10.56 listening on https 9343
  • WebServer1 is on 10.10.10.58 listening on https 9343

On linux system hosting the F5 BIG IP, I configured : - a network interface with ip 10.10.10.54 communicating with 10.10.10.56 and 10.10.10.58; - F5 management interface is on IP 1.1.1.54; - Defined Virtual Server , with Destination address 9.A.B.54 , port 443 - https;
with Source addresses 0.0.0.0/0, with Client and Server SSL profiles;
with node members associated to the web servers 10.10.10.56 and 10.10.10.56 (up and running OK);

But if I launch from external client browser : https://9.A.B.54:443 it opens the F5 Management Interface instead of redirect to one of web servers

I see only for less than 1 second a string "redirect" in the middle of browser page, but it returns to the F5 management interface

0
Comments on this Answer
Comment made 29-Aug-2017 by PK 681

Try VS destination IP from same subnet as your self IP or your back-end servers instead of 9.A.B.54.

0
Comment made 29-Aug-2017 by boneyard 5579

why show all IPs and then do 9.a.b.54, it feels like you are trying to hide things which make it difficult for us to trouble shoot and really don't matter as this is test any way right?

should us some configuration snippets of what you created.

0
Comment made 29-Aug-2017 by tocotti 18

Image Text

I followed this configuration got in a demo video of F5 , and I applied the ip in green, red and blue. I would not hide things . Actually A is 49 and B is 35 . Then consider the network 9.49.35.x

0
Comment made 30-Aug-2017 by tocotti 18

The linux system hosting F5 has three network interfaces : eth0: 1.1.1.54;
eth1: 10.10.10.54; eth2: 9.A.B.54;

1.1.1.54 planned for F5 local management;
10.10.10.54 planned to communicate internally with web servers: 10.10.10.56 and 10.10.10.58;
9.A.B.54 planned to be Destination Address.

0
Comment made 30-Aug-2017 by tocotti 18

So my scope is : user connects to https://9.A.B.54:5343 and then the F5 should load balance the connection to https://10.10.10.56:9343 and https://10.10.10.58:9343

0
Comment made 30-Aug-2017 by preslav.ilevski 283

Hi toccoti,

Can you provide log from /var/log/ltm from the time of request?

Regards,

Preslav

0
Comment made 30-Aug-2017 by tocotti 18

I see only these few tracks: 9.A.C.27 is the source form where I tried https://9.A.B.54:443

Aug 30 05:21:05 nc135054 err mcpd[7474]: 0107028a:3: The source address (9.A.C.27) for virtual server (/Common/nc135054_vs) must have a prefix length. Aug 30 06:08:36 nc135054 notice mcpd[7474]: 010719e7:5: Virtual Address /Common/10.10.10.54 general status changed from BLUE to RED. Aug 30 06:08:36 nc135054 notice mcpd[7474]: 010719e8:5: Virtual Address /Common/10.10.10.54 monitor status changed from UNCHECKED to DOWN.

0