For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

khansafdarali1_'s avatar
khansafdarali1_
Icon for Nimbostratus rankNimbostratus
Nov 03, 2016

Can I send packets received on LTM VIP to 2 Nodes at the same time?

Can I send packets received on LTM VIP to 2 Nodes? Do I need to use an Irule

 

application delivery
iRules
LTM

5 Replies

  • VernonWells's avatar
    VernonWells
    Icon for Employee rankEmployee
    Nov 03, 2016

    Yes, but there are many nuances. In brief, for TCP, you can use a Sideband Connection to replicate the data in the CLIENT_DATA event. As a best practice, Sideband Connections should always go through a Virtual Server to reach the destination because a VS provides more fine-grained control. However, you must consider things like: what do I do if the backup node goes down? Do I store-and-forward (which is very complicated)? What do I do if the primary path fails (you can arrange your pool -- using priority group activation -- to handle this, but must then, in the iRule, make sure you don't replicate to yourself)?

     

    Keep in mind that I'm talking about the TCP case here. If you are replicating UDP, things become somewhat easier, because, as long as you don't need fine-grained control, you can just use High Speed Logging.

     

    • khansafdarali1_'s avatar
      khansafdarali1_
      Icon for Nimbostratus rankNimbostratus
      Nov 03, 2016

      Can I use clone pool? Do clone pool do traffic replication for traffic traveling to one VIP and then getting replicated on 2 nodes?

       

  • Vernon_97235's avatar
    Vernon_97235
    Historic F5 Account
    Nov 03, 2016

    Yes, but there are many nuances. In brief, for TCP, you can use a Sideband Connection to replicate the data in the CLIENT_DATA event. As a best practice, Sideband Connections should always go through a Virtual Server to reach the destination because a VS provides more fine-grained control. However, you must consider things like: what do I do if the backup node goes down? Do I store-and-forward (which is very complicated)? What do I do if the primary path fails (you can arrange your pool -- using priority group activation -- to handle this, but must then, in the iRule, make sure you don't replicate to yourself)?

     

    Keep in mind that I'm talking about the TCP case here. If you are replicating UDP, things become somewhat easier, because, as long as you don't need fine-grained control, you can just use High Speed Logging.

     

    • khansafdarali1_'s avatar
      khansafdarali1_
      Icon for Nimbostratus rankNimbostratus
      Nov 03, 2016

      Can I use clone pool? Do clone pool do traffic replication for traffic traveling to one VIP and then getting replicated on 2 nodes?

       

  • VernonWells's avatar
    VernonWells
    Icon for Employee rankEmployee
    Nov 03, 2016

    A clone pool receives an exact copy of the packet (starting at L3), so there is no destination IP/port translation. It is typically used for something like an IDS. If that works for you, then a clone pool is a much simpler way to go. However, if you need to essentially "load-balance" to two different nodes simultaneously, then you must use an iRule.