Helix load balancing on LTM

Question

Can anyone tell me if there is a sample config document that explains how to setup load balancing for a pair of Helix servers that use ports 554 and 6000-9000 ? 
&nbsp;  
&nbsp; I'm a bit of a newbie, so please excuse any ignorance on my part in subsequent replies. 
&nbsp;  
&nbsp; Thanks.

hooleylist · Answer

Hi, 
&nbsp;  
&nbsp; Based on this doc (Click here), I would guess you could configure a single Performance Layer4 virtual server on an IP and port 0, set to allow all protocols.  If the server must be able to initiate arbitrary connections back to the client you'll probably need to configure nPath routing (also called direct return routing).  To do this, you configure the servers with the LTM virtual server IP address on their loopback adapter.  You probably also need to also enable loose close on the FastL4 profile you associate with the LTM virtual server.  SOL4268 has details on using nPath (Click here). 
&nbsp;  
&nbsp; Aaron

hooleylist · Answer

I forgot to add, that once you get the configuration working, you can lock down the virtual server using an iRule or packet filters to limit which ports clients can make requests on.  You'll probably also need to use persistence (source address?) to ensure that the client gets sent back to the same server over the course of their session. 
&nbsp;  
&nbsp; Aaron

rob_79447 · Answer

Many thanks for the replies, Aaron. 
&nbsp;  
&nbsp; I'll review the info in the link that you've provided and see if I can work it out from there. 
&nbsp;  
&nbsp; I'm not too concerned about using the LTM to lockdown access to particular ports as I will be doing this at the firewall, so that shouldn't be an issue. 
&nbsp;  
&nbsp; Again, thanks for the help so far. 
&nbsp;  
&nbsp;  
&nbsp; Rob

rob_79447 · Answer

Aaron, 
&nbsp;  
&nbsp; One more question for you based on your replies. 
&nbsp;  
&nbsp; The cameras will be sending in streaming video to the VIP on the LTM. This is purely a one-way thing, with the live stream being sent direct from the Helix server to a webpage or mobile device, so I don't think we need to worry about the nPath routing in this situation. 
&nbsp;  
&nbsp; That being the case, would we also then not need to implement the loose close that you mention ? 
&nbsp;  
&nbsp;  
&nbsp; Rob

hooleylist · Answer

Hi Rob, 
&nbsp;  
&nbsp; You only need nPath if the server needs to initiate a connection back to the client.  If you don't think this is required, you could try without nPath on the servers and without loose close on the FastL4 profile. 
&nbsp;  
&nbsp; If it doesn't work on the first go, try testing with one client and one server while running tcpdumps filtering on the client and server IP's (tcpdump -ni0.0 -Xs0 host CLIENT_IP or host SERVER_IP) to determine who is trying to send what on which ports.  The 0.0 interface is an alias for all server ports.  You can check AskF5 SOL411 for details on using/interpreting tcpdump. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Helix load balancing on LTM

5 Replies

Recent Discussions

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

SMTP profile not visible & showing

About AWAF "Redirect URLs" in "Responses and Blocks"

F5 iRule to replace host to path

Related Content

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

NGINXaaS for Azure: Load Balancing

What is Load Balancing?

Deploying F5 BIG-IP with Azure Cross-region load balancer

NGINX Load balancing feature