Forum Discussion

JamesCrk's avatar
JamesCrk
Icon for Cirrus rankCirrus
Nov 25, 2022

Does Big-IP forward layer 4 to pool servers?

In the scenario a 3rd party device is health checking an F5 virtual server (tcp port check) would that be forwarded to the backend server or would the F5 terminate that itself? if the pool members we...
application delivery
  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Nov 29, 2022

    Hi JamesCrk , 
    How are you , 
    I have tested your scenarios on my lab and found 2 different results. 
    ( My implementation) 
    > 2 F5 VEs , one for monitoring whereas the other for publishing virtual servers and serve user data. 

    I did my test in two differnet scenarios , I used ( Layer 4 TCP monitor " your demand" and http layer 7 monitor ) 

    FOR (Layer 4 TCP monitor ) : 
    > I found as long as the virtual server is up on F5 , external monitor is able to open 3 way-handshake with second F5 , but this 3 way handshake connection stopped outside and F5 doesn’t Forward it to backend server. 
    > which means that if this virtual server become down for any reason , external monitor will not be able to open a 3 way-handshake with your F5 and it will mark this virtual server as down. 

    According that , no TCP traffic related to external monitor forwarded to the backend , it is only between External monitor and F5 from outside. 

    FOR ( Layer 7 http monitor ) 
    > I have configured a custom http monitor to check periodically for a specific resource on web server. 
    > I found Extenal monitor opens ( TCP 3 way handshake first with F5 and send a piece of http traffic " GET /custom_Path " ) to F5 and F5 by its role recieves this traffic and opened a ( TCP 3 way handshake first with F5 and send a piece of http traffic " GET /custom_Path " ) and send it to servers. 
    > when server replied by ( 200 OK ) to F5 , F5 sent this responce back to External monitor , and here external monitor marked it as UP/available after getting the specified resource exactly. 

    I want to say now , 
    Application Layer 7 health monitors from external monitors , F5 deals with these monitors as a users data traffic , take request and give them replay. 
    but with Layer 4 health monitors {TCP} , external monitor and F5 opens only ( a tcp 3 way handshake ) with each other if the virtual server is UP on F5 , and no traffic forwarded to web servers  again related to (tcp 3 way handshake ) 

    That was my analysis for your case After labing it and do all above test scenarios. 


    Regards 


JamesCrk's avatar
JamesCrk
Icon for Cirrus rankCirrus

thanks for the reply, as we are also doing snat its a bit difficult to see using those methods, but it apepars to go all the way through to pool member

Mohamed_Ahmed_Kansoh's avatar
Mohamed_Ahmed_Kansoh
Icon for MVP rankMVP
Nov 25, 2022

RajaShajeelAhmed 

No , even if you use SNAT you are able to see all tcp conversation between external monitor and f5 and from f5 to servers. 

Do this task I'm sure you will see these sessions. 

> you can take this packet capture and send it to me , and give me these ips ( external monitor , f5 virtual server , snat ips "auto mapped or SNAT pool range" and ips of backend servers )  if this available with you.

I will expose you these streams exactly. 

Regards 

  • JamesCrk's avatar
    JamesCrk
    Icon for Cirrus rankCirrus
    Nov 27, 2022

    Thanks have sent you cap file!