RE: [load balancing] F5 BigIP HA Questions

From: Winter, R. Stephen (SWinterIZZATbecu.org)
Date: Tue Jan 06 2004 - 15:30:00 EST

Next message: Brant Stevens: "RE: [load balancing] F5 BigIP HA Questions"

Previous message: Michael Ferraro: "RE: [load balancing] F5 BigIP HA Questions"
Maybe in reply to: Michael Ferraro: "[load balancing] F5 BigIP HA Questions"
Next in thread: Brant Stevens: "RE: [load balancing] F5 BigIP HA Questions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Mike,

>If I have the F5 performing NAT to get the client traffic to a pool
>member, then I shouldn't need to have the internal IP of the F5 be the
>default gateway for the pool members, right? That's what I'm trying to
>avoid, because I plan to have the F5 and pool members on different
>VLANS, and it'd be a shame to have, for example, SSH traffic destined
>for the pool members have to go through the F5 in the DMZ to get back to
>me.

That should be Ok. You would just setup a default SNAT and the BigIP will deliver the packet with a source address of it's own, not the real source.

>If I'm NAT'ing the incoming HTTPS traffic, I'm going to lose the
>original client IP address, so there's no way I can have Apache log that
>info. How is the logging on the F5 itself? Can it log to a syslogd
>server? That'd be really helpful for reconciling the logs between (1)
>the F5, (2) Apache, and (3) my application server.

I'm not sure if the BigIP can log session/connection traffic like that. It might not be very useful anyway. If you have a site that gets alot of traffic, you might have pages of logs that all have the same timestamp all with a source of the BigIP.

________________________
RStephen Winter
IT Network & Security, BECU
swinterIZZATbecu.org
(206)439-5908

NOTICE: This communication and any attachments may contain privileged or otherwise confidential information. If you are not the intended recipient or believe that you may have received this communication in error, please reply to the sender indicating that fact and delete the copy you received without printing, copying, retransmitting, disseminating, or otherwise using the information. Thank you.

____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com

Next message: Brant Stevens: "RE: [load balancing] F5 BigIP HA Questions"
Previous message: Michael Ferraro: "RE: [load balancing] F5 BigIP HA Questions"
Maybe in reply to: Michael Ferraro: "[load balancing] F5 BigIP HA Questions"
Next in thread: Brant Stevens: "RE: [load balancing] F5 BigIP HA Questions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 06 2004 - 15:44:46 EST