Forum Discussion
NimbostratusDSR or Inline mode configuration
Hi,
Can we configure DSR or inline mode for a single VS. If yes, please tell me the method. Actually one of my client asking me to configure the F5 in way so that he can use the client IP for authentication.
Thanks, Nilesh
Simon_BlakelyEmployee
There are a couple of options.
For Direct Server Return your virtual server needs to be a Performance Layer 4 virtual with a profile that enables Loose Initiation and Loose Close.
Otherwise, if your pool members route all client traffic back to the LTM, you can use a Standard virtual with no SNAT, so the pool members see the original Client-IP address. As noted, return traffic must go via the LTM.
Nilesh_Dubey_36I think in Inline mode, we need to configure VLAN selfIP as gateway on server and traffic flow would be like- Client---------> F5------->pool member pool member--------->F5----------->Client Disadvantage is all traffics will be moving through F5 and it will increase the overload of F5
While in DSR mode we need to configure loopback IP on server and traffic flow would be like- Client---------> F5------->pool member Pool member--------->Switch( Default Gateway) ----------->Client Please find the article for DSR- https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-6-0/5.html
Please correct me if I am wrong.
Thanks, Nilesh
- Simon_Blakely
That is a correct understanding.
In-line (or in-path) configurations have the advantage of allowing far more comprehensive traffic manipulation and control for incoming and outgoing traffic. And while it does have a higher throughput requirement, this is usually not the limiting factor for LTM performance (depending on the device and load).