Forum Discussion
Does Big-IP forward layer 4 to pool servers?
- Nov 29, 2022
Hi JamesCrk ,
How are you ,
I have tested your scenarios on my lab and found 2 different results.
( My implementation)
> 2 F5 VEs , one for monitoring whereas the other for publishing virtual servers and serve user data.I did my test in two differnet scenarios , I used ( Layer 4 TCP monitor " your demand" and http layer 7 monitor )
FOR (Layer 4 TCP monitor ) :
> I found as long as the virtual server is up on F5 , external monitor is able to open 3 way-handshake with second F5 , but this 3 way handshake connection stopped outside and F5 doesn’t Forward it to backend server.
> which means that if this virtual server become down for any reason , external monitor will not be able to open a 3 way-handshake with your F5 and it will mark this virtual server as down.
According that , no TCP traffic related to external monitor forwarded to the backend , it is only between External monitor and F5 from outside.
FOR ( Layer 7 http monitor )
> I have configured a custom http monitor to check periodically for a specific resource on web server.
> I found Extenal monitor opens ( TCP 3 way handshake first with F5 and send a piece of http traffic " GET /custom_Path " ) to F5 and F5 by its role recieves this traffic and opened a ( TCP 3 way handshake first with F5 and send a piece of http traffic " GET /custom_Path " ) and send it to servers.
> when server replied by ( 200 OK ) to F5 , F5 sent this responce back to External monitor , and here external monitor marked it as UP/available after getting the specified resource exactly.
I want to say now ,
Application Layer 7 health monitors from external monitors , F5 deals with these monitors as a users data traffic , take request and give them replay.
but with Layer 4 health monitors {TCP} , external monitor and F5 opens only ( a tcp 3 way handshake ) with each other if the virtual server is UP on F5 , and no traffic forwarded to web servers again related to (tcp 3 way handshake )
That was my analysis for your case After labing it and do all above test scenarios.
Regards
If Pool memebers are down and using health monitor then VIP will be down on F5 and it will not respond to any TCP connection.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com