Forum Discussion

JamesCrk's avatar
Icon for Cirrus rankCirrus
Nov 25, 2022

Does Big-IP forward layer 4 to pool servers?

In the scenario a 3rd party device is health checking an F5 virtual server (tcp port check) would that be forwarded to the backend server or would the F5 terminate that itself? if the pool members we...
  • Hi JamesCrk , 
    How are you , 
    I have tested your scenarios on my lab and found 2 different results. 
    ( My implementation) 
    > 2 F5 VEs , one for monitoring whereas the other for publishing virtual servers and serve user data. 

    I did my test in two differnet scenarios , I used ( Layer 4 TCP monitor " your demand" and http layer 7 monitor ) 

    FOR (Layer 4 TCP monitor ) : 
    > I found as long as the virtual server is up on F5 , external monitor is able to open 3 way-handshake with second F5 , but this 3 way handshake connection stopped outside and F5 doesn’t Forward it to backend server. 
    > which means that if this virtual server become down for any reason , external monitor will not be able to open a 3 way-handshake with your F5 and it will mark this virtual server as down. 

    According that , no TCP traffic related to external monitor forwarded to the backend , it is only between External monitor and F5 from outside. 

    FOR ( Layer 7 http monitor ) 
    > I have configured a custom http monitor to check periodically for a specific resource on web server. 
    > I found Extenal monitor opens ( TCP 3 way handshake first with F5 and send a piece of http traffic " GET /custom_Path " ) to F5 and F5 by its role recieves this traffic and opened a ( TCP 3 way handshake first with F5 and send a piece of http traffic " GET /custom_Path " ) and send it to servers. 
    > when server replied by ( 200 OK ) to F5 , F5 sent this responce back to External monitor , and here external monitor marked it as UP/available after getting the specified resource exactly. 

    I want to say now , 
    Application Layer 7 health monitors from external monitors , F5 deals with these monitors as a users data traffic , take request and give them replay. 
    but with Layer 4 health monitors {TCP} , external monitor and F5 opens only ( a tcp 3 way handshake ) with each other if the virtual server is UP on F5 , and no traffic forwarded to web servers  again related to (tcp 3 way handshake ) 

    That was my analysis for your case After labing it and do all above test scenarios.