Outbound https virtual server

Question

Hello, 
&nbsp;  
&nbsp; I am running F5-Link Controllers 9.4.6, I am trying to configure an outbound virtual server with https persistence. I have some external sites that I access via https and cannot load balance between the external links once a connection is established.   
&nbsp;  
&nbsp; So far I have created 2 Virtual servers: 
&nbsp;  
&nbsp; VS: outbound_gateway, service: 0 (for all outbound non-https traffic) 
&nbsp; Pool:  outbound_pool, members: 10.10.10.10:0, 10.10.10.20:0 
&nbsp;  
&nbsp; VS: outbound_gateway_https, service: 443 (for all outbound https traffic) 
&nbsp; Pool:  outbound_pool, members: 10.10.10.10:0, 10.10.10.20:0 
&nbsp;  
&nbsp; The network Route is set to:  outbound_pool 
&nbsp;  
&nbsp; I am not sure how to setup the persistence for the outbound_gateway_https virtual server. I was thinking of adding a persistence profile based on: 
&nbsp; - Destination address affinity 
&nbsp; - Match Across Services 
&nbsp; - Match Across Pools 
&nbsp;  
&nbsp; Any advise would be great….Thanks … 
&nbsp;

hooleylist · Answer

Why do you want to break out the HTTPS traffic?  I'd think you could use a single port 0 virtual server pointing to a pool of gateways.  You could use destination address persistence without the "match across..." functionality enabled. 
&nbsp;  
&nbsp; Aaron

robert_blair_75 · Answer

My thoughts were to setup persistence only where needed. If I setup persistence for all outbound traffic this would not truly load balance the links for outbound traffic. Also wouldn't I run into a problem of running out of entries in the persistence table? 
&nbsp;  
&nbsp; Thanks … &nbsp;

dennypayne · Answer

Hi, 
&nbsp;  
&nbsp; Your initial thought is what I have usually done with LC for HTTPS (destination address affinity).  But you shouldn't need the "match across" options in the profile.  Those are useful for making sure a client goes to the same server on 443 as they did on 80, for example, but for LC going outbound with wildcard addresses that shouldn't be necessary.  
&nbsp;  
&nbsp; Denny

robert_blair_75 · Answer

Thank you for the help...

Forum Discussion

Outbound https virtual server

4 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Check a Virtual Server's SSL Status

Virtual Server graphical App for F5 LTM

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

virtual server config

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire