Forum Discussion
Does Big-IP forward layer 4 to pool servers?
- Nov 29, 2022
Hi JamesCrk ,
How are you ,
I have tested your scenarios on my lab and found 2 different results.
( My implementation)
> 2 F5 VEs , one for monitoring whereas the other for publishing virtual servers and serve user data.I did my test in two differnet scenarios , I used ( Layer 4 TCP monitor " your demand" and http layer 7 monitor )
FOR (Layer 4 TCP monitor ) :
> I found as long as the virtual server is up on F5 , external monitor is able to open 3 way-handshake with second F5 , but this 3 way handshake connection stopped outside and F5 doesn’t Forward it to backend server.
> which means that if this virtual server become down for any reason , external monitor will not be able to open a 3 way-handshake with your F5 and it will mark this virtual server as down.
According that , no TCP traffic related to external monitor forwarded to the backend , it is only between External monitor and F5 from outside.
FOR ( Layer 7 http monitor )
> I have configured a custom http monitor to check periodically for a specific resource on web server.
> I found Extenal monitor opens ( TCP 3 way handshake first with F5 and send a piece of http traffic " GET /custom_Path " ) to F5 and F5 by its role recieves this traffic and opened a ( TCP 3 way handshake first with F5 and send a piece of http traffic " GET /custom_Path " ) and send it to servers.
> when server replied by ( 200 OK ) to F5 , F5 sent this responce back to External monitor , and here external monitor marked it as UP/available after getting the specified resource exactly.
I want to say now ,
Application Layer 7 health monitors from external monitors , F5 deals with these monitors as a users data traffic , take request and give them replay.
but with Layer 4 health monitors {TCP} , external monitor and F5 opens only ( a tcp 3 way handshake ) with each other if the virtual server is UP on F5 , and no traffic forwarded to web servers again related to (tcp 3 way handshake )
That was my analysis for your case After labing it and do all above test scenarios.
Regards
Hi JamesCrk ,
How are you ,
I have tested your scenarios on my lab and found 2 different results.
( My implementation)
> 2 F5 VEs , one for monitoring whereas the other for publishing virtual servers and serve user data.
I did my test in two differnet scenarios , I used ( Layer 4 TCP monitor " your demand" and http layer 7 monitor )
FOR (Layer 4 TCP monitor ) :
> I found as long as the virtual server is up on F5 , external monitor is able to open 3 way-handshake with second F5 , but this 3 way handshake connection stopped outside and F5 doesn’t Forward it to backend server.
> which means that if this virtual server become down for any reason , external monitor will not be able to open a 3 way-handshake with your F5 and it will mark this virtual server as down.
According that , no TCP traffic related to external monitor forwarded to the backend , it is only between External monitor and F5 from outside.
FOR ( Layer 7 http monitor )
> I have configured a custom http monitor to check periodically for a specific resource on web server.
> I found Extenal monitor opens ( TCP 3 way handshake first with F5 and send a piece of http traffic " GET /custom_Path " ) to F5 and F5 by its role recieves this traffic and opened a ( TCP 3 way handshake first with F5 and send a piece of http traffic " GET /custom_Path " ) and send it to servers.
> when server replied by ( 200 OK ) to F5 , F5 sent this responce back to External monitor , and here external monitor marked it as UP/available after getting the specified resource exactly.
I want to say now ,
Application Layer 7 health monitors from external monitors , F5 deals with these monitors as a users data traffic , take request and give them replay.
but with Layer 4 health monitors {TCP} , external monitor and F5 opens only ( a tcp 3 way handshake ) with each other if the virtual server is UP on F5 , and no traffic forwarded to web servers again related to (tcp 3 way handshake )
That was my analysis for your case After labing it and do all above test scenarios.
Regards
thank you so much for confirming!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com