RE: [load balancing] F5 BigIP HA Questions

From: Winter, R. Stephen (SWinterIZZATbecu.org)
Date: Tue Jan 06 2004 - 15:30:00 EST

  • Next message: Brant Stevens: "RE: [load balancing] F5 BigIP HA Questions"

    Mike,

    >If I have the F5 performing NAT to get the client traffic to a pool
    >member, then I shouldn't need to have the internal IP of the F5 be the
    >default gateway for the pool members, right? That's what I'm trying to
    >avoid, because I plan to have the F5 and pool members on different
    >VLANS, and it'd be a shame to have, for example, SSH traffic destined
    >for the pool members have to go through the F5 in the DMZ to get back to
    >me.

    That should be Ok. You would just setup a default SNAT and the BigIP will deliver the packet with a source address of it's own, not the real source.

    >If I'm NAT'ing the incoming HTTPS traffic, I'm going to lose the
    >original client IP address, so there's no way I can have Apache log that
    >info. How is the logging on the F5 itself? Can it log to a syslogd
    >server? That'd be really helpful for reconciling the logs between (1)
    >the F5, (2) Apache, and (3) my application server.

    I'm not sure if the BigIP can log session/connection traffic like that. It might not be very useful anyway. If you have a site that gets alot of traffic, you might have pages of logs that all have the same timestamp all with a source of the BigIP.

    ________________________
    RStephen Winter
    IT Network & Security, BECU
    swinterIZZATbecu.org
    (206)439-5908

    NOTICE: This communication and any attachments may contain privileged or otherwise confidential information. If you are not the intended recipient or believe that you may have received this communication in error, please reply to the sender indicating that fact and delete the copy you received without printing, copying, retransmitting, disseminating, or otherwise using the information. Thank you.

    ____________________
    The Load Balancing Mailing List
    Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
    Archive: http://vegan.net/lb/archive
    LBDigest: http://lbdigest.com
    MRTG with SLB: http://vegan.net/MRTG
    Hosted by: http://www.tokkisystems.com



    This archive was generated by hypermail 2.1.4 : Tue Jan 06 2004 - 15:44:46 EST