Forum Discussion

tocotti_331571's avatar
tocotti_331571
Icon for Nimbostratus rankNimbostratus
Aug 28, 2017

Load Balancer to web servers

Hi, I would well balance workload on two different web servers listening on https

 

  1. Web Server 1 : 2: Web Server 2 :

I was thinking to use a Load Balancer that is running on an host A.B.C.D.X and listening on a https, so it well distribute the load on and using the Round Robin method.

 

I would use F5 Big-IP LTM to deploy this configuration.

 

I installed Big-IP F5 on a system that has two network adapter with these IPs:

 

10.10.10.X A.B.C.X I launched 10.10.10.X in browser to configure the Balancer-

 

I have crated a Pool on F5 BIG-IP : "my_pool" with two members:

 

M1: NODE1 with address A.B.C.D.E and Service Port 9343 M2: NODE2 with address A.B.C.D.F and Service Port 9343

 

Then I have created a Virtual Server: my_VirtualServer (Type Standard) to distribute load to the above two web servers (assigning it the "my_pool" pool)

 

I have set : Source Address 0.0.0.0/0 , Destination Address A.B.C.X:443 https

 

but this configuration doesn't work, At each test : connect to https:A.B.C.X:443 by the browser, the browser opens the Management F5 BIG-IP application instead of to connect one of the two above WebServers.

 

How can be managed this type of configuration ?

 

application delivery
BIG-IP
LTM
security

18 Replies

Sort By
  • P_K's avatar
    P_K
    Icon for Altostratus rankAltostratus
    Aug 28, 2017

    Can you post output of browser when you connect to ?

     

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Aug 28, 2017

    your virtual server shouldn't be on the same IP as the self IP, give it another IP in the range of one of the self IPs.

     

  • P_K's avatar
    P_K
    Icon for Altostratus rankAltostratus
    Aug 28, 2017

    As boneyard said, please use a different IP for your VS with-in same subnet of your self IP. Let us know if you have any questions

     

  • wlopez's avatar
    wlopez
    Icon for Cirrocumulus rankCirrocumulus
    Aug 28, 2017

    You need to use a different IP address for your virtual server. If the two web servers are in the same subnet as the IP address you use for the virtual server you'll need to activate SNAT Automap. If your not doing ssl offloading on the F5 that should be enough. If you are doing ssl offloading you'll need to create a client ssl profile with the certificate and private key for the website. You'll need to activate both the client-ssl profile and a server-ssl profile on your virtual server. You might also want to use an https health monitor for your pool.

     

    Hope this helps!

     

    • tocotti_331571's avatar
      tocotti_331571
      Icon for Nimbostratus rankNimbostratus
      Aug 29, 2017

      Hi, Following above suggestions, I have applied these changes:

       

      • WebServer1 is on 10.10.10.56 listening on https 9343
      • WebServer1 is on 10.10.10.58 listening on https 9343

      On linux system hosting the F5 BIG IP, I configured : - a network interface with ip 10.10.10.54 communicating with 10.10.10.56 and 10.10.10.58; - F5 management interface is on IP 1.1.1.54; - Defined Virtual Server , with Destination address 9.A.B.54 , port 443 - https;

       

      with Source addresses 0.0.0.0/0, with Client and Server SSL profiles;

       

      with node members associated to the web servers 10.10.10.56 and 10.10.10.56 (up and running OK);

       

      But if I launch from external client browser : it opens the F5 Management Interface instead of redirect to one of web servers

       

      I see only for less than 1 second a string "redirect" in the middle of browser page, but it returns to the F5 management interface

       

  • wlopez_98779's avatar
    wlopez_98779
    Icon for Nimbostratus rankNimbostratus
    Aug 28, 2017

    You need to use a different IP address for your virtual server. If the two web servers are in the same subnet as the IP address you use for the virtual server you'll need to activate SNAT Automap. If your not doing ssl offloading on the F5 that should be enough. If you are doing ssl offloading you'll need to create a client ssl profile with the certificate and private key for the website. You'll need to activate both the client-ssl profile and a server-ssl profile on your virtual server. You might also want to use an https health monitor for your pool.

     

    Hope this helps!

     

    • tocotti_331571's avatar
      tocotti_331571
      Icon for Nimbostratus rankNimbostratus
      Aug 29, 2017

      Hi, Following above suggestions, I have applied these changes:

       

      • WebServer1 is on 10.10.10.56 listening on https 9343
      • WebServer1 is on 10.10.10.58 listening on https 9343

      On linux system hosting the F5 BIG IP, I configured : - a network interface with ip 10.10.10.54 communicating with 10.10.10.56 and 10.10.10.58; - F5 management interface is on IP 1.1.1.54; - Defined Virtual Server , with Destination address 9.A.B.54 , port 443 - https;

       

      with Source addresses 0.0.0.0/0, with Client and Server SSL profiles;

       

      with node members associated to the web servers 10.10.10.56 and 10.10.10.56 (up and running OK);

       

      But if I launch from external client browser : it opens the F5 Management Interface instead of redirect to one of web servers

       

      I see only for less than 1 second a string "redirect" in the middle of browser page, but it returns to the F5 management interface

       

  • tocotti_331571's avatar
    tocotti_331571
    Icon for Nimbostratus rankNimbostratus
    Aug 29, 2017

    Hi, Following above suggestions, I have applied these changes:

     

    • WebServer1 is on 10.10.10.56 listening on https 9343
    • WebServer1 is on 10.10.10.58 listening on https 9343

    On linux system hosting the F5 BIG IP, I configured : - a network interface with ip 10.10.10.54 communicating with 10.10.10.56 and 10.10.10.58; - F5 management interface is on IP 1.1.1.54; - Defined Virtual Server , with Destination address 9.A.B.54 , port 443 - https;

     

    with Source addresses 0.0.0.0/0, with Client and Server SSL profiles;

     

    with node members associated to the web servers 10.10.10.56 and 10.10.10.56 (up and running OK);

     

    But if I launch from external client browser : it opens the F5 Management Interface instead of redirect to one of web servers

     

    I see only for less than 1 second a string "redirect" in the middle of browser page, but it returns to the F5 management interface

     

    • P_K's avatar
      P_K
      Icon for Altostratus rankAltostratus
      Aug 29, 2017

      Try VS destination IP from same subnet as your self IP or your back-end servers instead of 9.A.B.54.

       

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP
      Aug 29, 2017

      why show all IPs and then do 9.a.b.54, it feels like you are trying to hide things which make it difficult for us to trouble shoot and really don't matter as this is test any way right?

       

      should us some configuration snippets of what you created.

       

    • tocotti_331571's avatar
      tocotti_331571
      Icon for Nimbostratus rankNimbostratus
      Aug 29, 2017

       

      I followed this configuration got in a demo video of F5 , and I applied the ip in green, red and blue. I would not hide things . Actually A is 49 and B is 35 . Then consider the network 9.49.35.x