Forum Discussion
Hamada_Tabosha_
Nimbostratus
Nimbostratusequal load balancing in multi tier senario :
Dears, I have a multi tier scenario, in which i have an external f5 using as a reverse proxy, sending the traffic to the Vs of the external f5 which load balance the traffic between 10 servers.
The external one is in one arm mode, so snat auto map is used, in such case all the traffic will come to the internal f5 with one ip , thats why sr base persistence is not useful. thats why im using cookie persist (insert mode)
The problem that all the traffic is going to one or two servers from the ten servers !!!!!!!!!
Cory_50405Noctilucent
Can you post your sanitized virtual server and pool configurations from your internal LTM? Is this just HTTP traffic or something else?
Hamada_Tabosha_Its HTTPs traffic both (ssl offload , and ssl server side)
Vs is https , with default tcp prof and cookie persistence
Pool : LB mechanism is least connection
- Cory_50405
Do you have an HTTP profile applied to the virtual server?
How much client traffic is there (how many users)?
- Hamada_Tabosha_the external f5 vs : default tcp profiles , http profile with def settings with only x-forward addded. no one connect , no persistence (cause i have one pool member which is the vs of the internal f5) the internal F5 vs : def tcp prof , def http prof , one connect prof , and cookie persist number of connections is huge sometimes 50k connection per secon
- Cory_50405Does removing the OneConnect profile on the internal LTM have any effect?
- Hamada_Tabosha_I havnt tried it, the problem that this is a DR site , and testing anything needs a down time.
What_Lies_Bene1Cirrostratus
Do you have OneConnect enabled on the first tier LBs?
- What_Lies_Bene1
OK, very odd behaviour. A few more questions;
- Do the clients use a proxy?
- Any NTLM involved?
- Does the Persistence profile have any 'Match Across' options configured?
- Are the real servers in any other Pools?
- Are the Pool Members actually different servers, or the same but listening on different ports?
- I assume health monitors show all the members as up?
- What_Lies_Bene1
Thanks. So, this leaves perhaps two avenues of investigation;
-
A proxy is in use and is doing some sort of request multiplexing. A tcpdump on the external interface of the internal F5 might help you prove this. You should see initial requests from 'new' clients without the cookie being present, as it won't have been set yet. If you don't then there's a proxy doing something. Hope that makes sense.
-
Perhaps switch to the Round Robin load balancing method, this may at least prove something odd is going on with the connection counting when using Least Connections.
Also, I was wondering if you are using a session cookie or a particular time period before expiry?
-
nitassEmployee
The problem that all the traffic is going to one or two servers from the ten servers !!!!!!!!!
have you tried another load balancing algorithm such as round robin?
- Hamada_Tabosha_yes
- nitass_89166
The problem that all the traffic is going to one or two servers from the ten servers !!!!!!!!!
have you tried another load balancing algorithm such as round robin?
- Hamada_Tabosha_yes
- What_Lies_Bene1
Well, I'm pretty stuck but I still think doing a tcpdump would be very useful at this stage.