Forum Discussion

Erik's avatar
Erik
Icon for Nimbostratus rankNimbostratus
Oct 10, 2018

Best practices using front-VS and back-VS solutions

Hi, tries to find some best practices how to use a front-end VS (LTM) and back-end VS (LTM+APM) on same BigIP. The front VS represent the host and the path different applications. In my configuration the front VS calling the back VS using irule command "virtual vs-name". The front-end VS also have pool select for applications that does not need to be handled by APM (back-end VS). The front-end VS has both client SSL-profile and server SSL-profile enabled. The back-end VS has only server SSL-profile. I use "SSL::disable" and "SSL::enable" depending on what kind of pools that will be selected. For all applications that need to go through an APM Policy the front-end VS send this to the back-end VS. I do not use OneConnect profile.

 

The front-end VS has public IP addresses but the back-end VS has private addresses that is not a part of a Self-IP.

 

The solution is working fine but I am looking for improvements or to hear other experiences.

 

Regards Erik

 

  • This is a reasonable solution, and I believe you can also do this in a CPM policy.