Forum Discussion

Kishore_51265's avatar
Kishore_51265
Icon for Nimbostratus rankNimbostratus
Apr 04, 2008

load balancing ssh

-How to load balance around 50 ssh servers?

 

-How to avoid man-in-the-middle message by the ssh client?

 

-load balance on multiple criteria, like system load, of connections etc

 

7 Replies

  • Have you looked at the BIGIP Configuration Guide on F5's Support Site? There are examples of how to create different types of load balancing configurations

     

     

    Click here for the link to access the site and download the PDF. Remember you need a username and password to access the site.
  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    cmbhatt's suggestion is a good one. I'd look at that doc as well as poke around the forums and Wikis to see some examples of how other people have done the sort of thing you're looking for.

     

     

    If you have any specific questions, this is a great place to ask them.

     

     

    Colin
  • Ugh. I have that doc and have searched the Wiki and have come up dry.

     

     

    I'm trying to do the same thing, basically.

     

     

    From what I could gather, HTTP Profile="None" should pretty much do the trick. The target servers are using the F5 as the default gateway, so I don't need SNAT.
  • Actually, no, still having problems. Packets are arriving in the F5 but not leaving the F5 towards the target servers.
  • There shouldn't be anything particularly troublesome about load balancing ssh, a port 22 vip with members in a pool on port 22 should work fine with the default settings and source IP persistence.

     

     

    Can the LTM's ssh into the pool members directly from the command line? That would be the easiest way to check for connectivity on the back end. If that works, and the servers are passing whatever health check is configured in the pool (ie pool and virtual are green) then I would start looking at the configuration of the virtual itself, but again the basic default settings should suffice.

     

     

    You may need to create a persistence profile with a longer timeout than the default source IP settings (5 min) to ensure people don't get kicked out of their session as often though.

     

     

    Denny
  • Ah, I got it ironed out. Having "Address Translation" checked pretty much opened it up.

     

     

    I've deleted and re-created the VIP/pool/nodes a few times now with success.

     

     

    Thanks Denny!