balance with 302 to a pool

Question

Hello,
coming from Cisco ACE to F5 BigIP.
On ACE, I could have a VIP, a pool and then when a client connects I could send back a 302 to the client, selecting the pool-member with least-connections. this was our way of solving NAT problems where x-forward was not an option and the client-IP was needed.
Can BigIP do the same? My wild guess is an "iRule", but I couldn't find a solution in the documentation.&nbsp;
thanks a lot
//sebastian&nbsp;

stephane_viau · Answer

Why would you send the client a 302? I'm a bit confused about the relationship between the 302, least connections algorithm and NAT problems.&nbsp;
Least connections can be selected as your default pool's algorithm.&nbsp;
As for NAT problems and X-Forwarded-For, you need to apply source NAT to your Virtual Server and use X-Forwarded-For to send the true client IP to your pool members if said pool members do not use the Big IP as default gateway. Otherwise you will end up with assymetrical routing and it will most likely break your application.&nbsp;

infrastructur11 · Answer

Hej,
thanks for your reply.
No, the destination will not understand the x-forward header.&nbsp;
So what happens in an ACE module is, you call 1.1.1.1
behind 1.1.1.1 you have a pool with server 2.2.2.2, 3.3.3.3 and 4.4.4.4&nbsp;
when client connects to 1.1.1.1, the LB checks this pool for the server with the least connections and sends a 302 with that server IP back to the client. the client understands the 302 and directly connects to the server - not through the LB. (and this way it is NOT asymetric)
This is a very efficient way to provide a) the original client-IP and b) do not sent heavy traffic-load through the LB. and still you have redundancy and load-sharing.&nbsp;
this must be possible with F5 as well?&nbsp;

stephane_viau · Answer

I see... can you try configuring your pool with least-connections algorithm, add it as default pool to your Virtual Server and then try this iRule on your Virtual Server :&nbsp;
when HTTP_REQUEST {&nbsp;
eval [LB::select]&nbsp;
HTTP::respond 302 Location http://[LB::server addr]:[LB::server port]&nbsp;
}&nbsp;
What this iRule should do is trigger the load balancing algorithm (set to least-connections on your pool) to select a server and then dynamically add the pool member's IP address and port to the 302 redirect sent to the client. Can't say I've seen this done before but I think it should work. You can replace http:// by https:// in the 302 response of course if your servers expect an encrypted connection.&nbsp;

stanislas_piro2 · Answer

least connection requires the connection is going through the bigIP.&nbsp;
if the connection is direct from the client to the server, least connection will never work.&nbsp;
this kind of method can provide load sharing but never redundancy, as if the server is not available, the client will continue to request the same server.&nbsp;

stephane_viau · Answer

That's a good point... the iRule should still work but the least-connections load balancing algorithm is pointless if the Big IP cannot track the active connections. Good catch :)&nbsp;

Forum Discussion

balance with 302 to a pool

Recent Discussions

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

Balance across LSN pools

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Load Balancing TCP TLS Encrypted Syslog Messages

Load Balancing Omnissa Unified Access Gateway with BIG-IP LTM

What is Load Balancing?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS