Forum Discussion

Stuart_Page_131's avatar
Stuart_Page_131
Icon for Nimbostratus rankNimbostratus
Aug 14, 2013
Solved

Question about Pools

I'm at a new job where I have inherited an existing F5 cluster to manage. I've never managed F5's before.

 

My understanding of pools based on my previous experience with Kemp HLB's is that they're primarily a collection of real servers. In the F5 environment I have inherited, many pool names include a portnumber or protocol name. This threw me off, because I always thought that the port/protocol only factors in at the Virtual Server level.

 

My question is: Do pools have any exposure to port number or protocol? Any good reasons why the previous admins might have named them in this way?

 

best practices
design
management
pools
  • Mark_Stradling_'s avatar
    Mark_Stradling_
    Aug 14, 2013

    There are reasons to create pools with the protocol listed. Here is why we use it on our environment.

     

    You can create a pool with a wildcard port of 0. This will cause incoming requests to be routed to the port specified on the client side of the request:

     

    If your pool were defined as pool_member:0

     

    client -----> VIP:443 -----> pool:443

     

    client -----> VIP:80 -----> pool:80

     

    This is all fine and dandy but what if you have multiple pools behind a VIP and not all need SSL all the way through.

     

    client -----> VIP:443 -----> pool:80

     

    In this case you would want to create a pool and define the port so that it does not just route to the port the client requested. (you would probably also want to issue an SSL::disable serverside if it SSL from F5 to the server was enabled)

     

4 Replies

Sort By
  • smp_86112's avatar
    smp_86112
    Icon for Cirrostratus rankCirrostratus
    Aug 14, 2013

    Do pools have any exposure to port number or protocol?

     

    Not exactly sure what you mean by that, but certainly Pool Members normally have an IP address and port number. So in that sense, I'd say they do have "exposure". Perhaps that's not what you meant though...

     

    Including port numbers or protocol names in Pool names may or may not make sense, depending on your naming conventions. I can understand developing a naming convention for Pools which includes a port and/or protocol to help associate that Pool with the particular VIP it's used on. In my environment, that doesn't make a lot of sense. We have waaaaay too many objects to try and correlate them based on their names - we have to put everything in a database and use SQL to correlate them.

     

  • Mark_Stradling_'s avatar
    Mark_Stradling_
    Icon for Cirrus rankCirrus
    Aug 14, 2013

    There are reasons to create pools with the protocol listed. Here is why we use it on our environment.

     

    You can create a pool with a wildcard port of 0. This will cause incoming requests to be routed to the port specified on the client side of the request:

     

    If your pool were defined as pool_member:0

     

    client -----> VIP:443 -----> pool:443

     

    client -----> VIP:80 -----> pool:80

     

    This is all fine and dandy but what if you have multiple pools behind a VIP and not all need SSL all the way through.

     

    client -----> VIP:443 -----> pool:80

     

    In this case you would want to create a pool and define the port so that it does not just route to the port the client requested. (you would probably also want to issue an SSL::disable serverside if it SSL from F5 to the server was enabled)