Forum Discussion
Nimbostratusbalance with 302 to a pool
EmployeeSo what happens in an ACE module is, you call 1.1.1.1 behind 1.1.1.1 you have a pool with server 2.2.2.2, 3.3.3.3 and 4.4.4.4
...
this must be possible with F5 as well?
Not really.
How do you determine the number of connections to a pool member when the clients can directly connect to the pool members.
You can count the redirects, but how do you determine that a connection has ended?
Or does the ACE count the active connections to 2.2.2.2 port X through a forwarding route to 2.2.2.2?
And an extra connection per request introduces significant additional latency that makes no sense to me.
Your F5 Load balancer is the heavy network lifter and is expected to manage all the traffic to and from the pool members. It also isolates the pool members from the internet by providing the single IP (vip) for clients to connect to. This hides the internal details of your network implementation, and prevents attackers from identifying and targeting specific pool members.
You do not need to SNAT traffic to your pool members - if you can configure your pool members to route back out through the load balancer, then you can use a Standard virtual. If not, then you need to use n-Path (asymmetric) routing with a Performance Layer-4 virtual.
Implementing an irule to mimic the ACE behaviour would be possible, but isn't really the way to do things - work out how to implement the desired solution with the tools the LTM provides, as it will be more efficient and faster.
