[load balancing] F5 BigIP HA Questions

From: Michael Ferraro (mikeIZZATmyvest.com)
Date: Mon Jan 05 2004 - 18:54:50 EST

  • Next message: Chris Kirby: "RE: [load balancing] F5 BigIP HA Questions"

    Hi,

    We're about to buy a pair of F5 BigIPs in the secondary market and I had
    a few questions I was hoping somebody could help us with. Since we're
    not looking to buy new, we can't really have the F5 sales engineers
    helping us out too much...

    If the BigIP doesn't have an SSL accelerator, what functionality do we
    lose aside from rapid decryption/re-encryption of traffic? Can a BigIP
    still function as an SSL endpoint without the card? My impression is
    no.

    If the BigIP can't be an SSL endpoint w/out an SSL Accelerator card, how
    would it function to load-balance HTTPS traffic? My assumption is that
    it can read the SSL session ID w/out decrypting the packets, use round
    robin (or another method) to distribute the connections among pool
    members, and use that SSL session ID to route future requests for that
    session to the same pool member. If that's true, what about IE 5.5+'s
    habit of changing (renegotiating) SSL IDs periodicially? Can BigIP
    v4.2.6 account for that?

    When NAT'ing traffic to pool members, is the source IP address unchanged
    by the BigIP? If not, I'm assuming that I have to have the BigIP's IP
    be the default router for my pool members. Yuck. If the BigIP is the
    default router, what about non-HTTPS traffic (e.g., SSH) originating
    from the pool members -- will it simply forward that traffic, too?

    Thanks in advance!

    Regards,
    Mike

    ____________________
    The Load Balancing Mailing List
    Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
    Archive: http://vegan.net/lb/archive
    LBDigest: http://lbdigest.com
    MRTG with SLB: http://vegan.net/MRTG
    Hosted by: http://www.tokkisystems.com



    This archive was generated by hypermail 2.1.4 : Mon Jan 05 2004 - 19:11:56 EST