Forum Discussion

DukeNukem_17783's avatar
DukeNukem_17783
Icon for Nimbostratus rankNimbostratus
Nov 19, 2014

Load Balancing VPN Connection

Hi,

 

I have a client who wishes to load balance an IPSEC VPN connection from an external computer two one of two servers behind an F5 LTM. The client wants the connection to connect to the primary server and when that fails redirect all new attempts to the backup until the primary recovers, if possible this should be done without interruption to the connection but i appreciate the backup will have no idea of the connection before it is switched and so a new tunnel would have to be established.

 

I've looked on the knowledgebase and can see there are options to use the F5 as the tunnel termination point and also the F5 can act as just an IP Forwarder. The client wants encryption to the servers but doesn't mind if the F5 is the endpoint and then establishes another tunnel to the backend servers.

 

My questions are :

 

  1. Has anyone done this before and if so what is the best approach ?
  2. How does the load balancing work between the servers (is this just persistence with a health monitor ) ?

Thanks.

 

2 Replies

  • Riley_Schuit_82's avatar
    Riley_Schuit_82
    Historic F5 Account

    A standard virtual server will keep track of the state of it's sessions. You are not going to get around needing to re-establish a session to the new server when it is used. You can set priority groups to your pool to allow new sessions to go back to the pool member with higher priority.

     

    Manual Chapter: Pools https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-concepts-11-2-0/ltm_pools.html

     

    tl;dr: If the number of available members assigned to the highest priority group drops below the number that you specify, Local Traffic Manager distributes traffic to the next highest priority group, and so on.

     

  • hi guys just wanted to ask can i download somewhere the tools of load balancing where i can practice on my macbook.

     

    thanks.