load balancing and persistence method

Question

Hey community,
just wonder if there is solution for specific scenario,
i need to find the most efficient method for load balancing and keep the persistence connection between 2 nodes and it will scale up to 8 at future.
those nodes have same vlan stretch to F5 for "LAN" connectivity.
also i implement VS and configure SSL certificate , http profile and persistence based cookies.
but the traffic come from the internet to the VS passes through WAF that not under my control and that make 2 issues.
1) that hide the most client side IP addresses and the F5 able to see up to 2-4 source ip address at origin packet before the load balancing decision occur.&nbsp;
2) when i tried to test the persistence i figure it out that the client browser does not have the cookies allocated by F5 and that make sense because the connection between the client to the VS terminated by the WAF services, and it has to fallback to source IP address base persistence which is not efficient.&nbsp;
there is any config for keeping the WAF  and still get proper load balancing and persistence?&nbsp;
Eliran &nbsp;

jad_tabbara__j1 · Answer

Hello, could you clarify more please ?&nbsp;
From your description I understand the following :&nbsp;
client --&gt; WAF --&gt; VS (F5) ---&gt; Backend Server&nbsp;
Could you tell us more about the WAF (an F5 ? or another editor ?), what kind of VS (F5) you configured (a standard VS ?), and which backend server is used...&nbsp;
If the WAF is an F5, then you can insert the XFF (X-Forwarded-For) to know the client IP address and make persistance on the "source_ip" / also if your clients supports cookies, you can make "cookie" persistence...&nbsp;
You have many options, but we need to have more info. &nbsp;
For the LB method, you can use the "least connection member" if backends have same ressources (CPU RAM)&nbsp;
Regards&nbsp;

Forum Discussion

load balancing and persistence method

1 Reply

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

Load balancing method specific decision

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Difference between Ratio and Ratio Least Connection Load Balancing Method

Secondary persist method

Persistence Across HTTP Methods