HTTPS load balancing

Question

Hi there and thanks in advancing.&nbsp;
I'm trying to enable a load balacing including two server that use https and the access is by port 8443.&nbsp;
https://server01.myco.net:8443/SSFservice/SSFservice
https://server02.myco.net:8443/SSFservice/SSFservice&nbsp;
That servers are configured in a Pool:&nbsp;
server01.myco.net:8443 172.16.57.32 1 0  (Active) 0 Common
server02.myco.net:8443 172.16.57.34 1 0  (Active) 0 Common&nbsp;
Also I've configured a Virtual Server for load balancing:&nbsp;
General Properties&nbsp;
Name VS_SX32
Partition / Path Common
Type Standard 
Source 0.0.0.0%1/0
Destination: 192.168.223.164%1
Type: Host
Address: 
Service Port: 8443
Link None&nbsp;
Syncookie Status Off
State 
inside Resources of the Virtual Server, the Default Pool is pointed OK.&nbsp;
Inside the generic policy I have configured :
required -&gt; http - tcp
controls -&gt; forwarding&nbsp;
And the rule on the next way:&nbsp;
NAME                     CONDITIONS                                    RULE
servers.myco.net:8443  http-host host equals servers.myco.net:8443   forward select pool /Common/Pool_SX32_8443&nbsp;
Alredy added a DNS record to name 192.168.223.164 with servers.myco.net&nbsp;
All seems to be OK, but when i try to load https://servers.myco.net:8443/SSFservice/SSFservice I get no response, nothing loads..&nbsp;
What I'm doing wrong?&nbsp;

pete_71470 · Answer

Is source-address-translation for VS_SX32 set to automap or a snatpool?  If not, nodes will return traffic directly to the client instead of the F5.&nbsp;

carlos2tone_240 · Answer

Thanks for you answer Pete&nbsp;
I've tried to set it on Automap but having the same result. Maybe SNAT is required ? Have no Pools configured.&nbsp;

brad_parker · Answer

If you have an http profile assigned, you will be require to have a client ssl profile attached and since you are doing https to the pool members you will also need a server ssl profile to re-encrypt the traffic. When you assign an http profile to an https VS without a client ssl profile it will always issue a RST to the client.

amine_kadimi · Answer

Hi,&nbsp;
As mentioned in the previous answers, you'll need client ssl and server ssl profiles added to the VS, and the SNAT configured correctly. I have a small remark, though it has no impact apparently, why aren't you using Pool_SX32_8443 as the VS default pool, do you really need a traffic policy?&nbsp;

carlos2tone_240 · Answer

Hi guys and many thanks for the replies.&nbsp;
Did not configure any ssl client/server certificate for this VS.
In this case, the certificates on Pool servers were installed by a 3rd partner (it's requested by the way)&nbsp;
Do I have to set up client, server or both? &nbsp;
Do I have to configure SNAT Pool ?&nbsp;
I have a small remark, though it has no impact apparently, why aren't you using Pool_SX32_8443 as the VS default pool, do you really need a traffic policy?
Don't need traffic policy, but I configured it for testing purposes.&nbsp;
Cheers&nbsp;

Forum Discussion

HTTPS load balancing

8 Replies

Recent Discussions

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Enabling AVR and creating Profiles

Related Content

Re: NGINX for Azure: Load Balancing

Deploying F5 BIG-IP with Azure Cross-region load balancer

NGINX Load balancing feature

Using F5 Distributed Cloud DNS Load Balancer health checks and DNS observability

Http server node receives partial http request big-ip load balancer