Forum Discussion

AhmedMS's avatar
AhmedMS
Icon for Altostratus rankAltostratus
Feb 17, 2023

F5 LTM (ADC) question

Hello Dears,

I hope you're doing great. Could someone help me with the below confusing terms and cases:

- What is the difference between a Service port and a Virtual port (service port of VS)? When should it be the same on VS and Pool members, and when it is customary to use different ports on each of them? 

Ex: VIP: 192.168.1.100:80 -- Pool member: 10.10.10.1:80 

VIP:192.168.1.100:7777 -- Pool member: 10.10.10.1:5555 

- What's the difference between a service port that a pool member would be assigned to, and a service port of that health monitor that will be assigned to that pool?

Really would appreciate your time and support. Please find the attached files.

   

Regards,

 

  • AhmedMS In your screenshots I only see that you are comparing service port (SP) in the pool at the Virtual Server (VS) which has no distinction other than one is in the pool and the other is in the VS. The SP is the port in which you want that configuration to listen on, so in the VS this is the port the VS will listen on and receive traffic with the specific perameters of source address, destination address, service port, and protocol. Typically you match the SP in the VS to the same SP for the pool members (PM) in the pool but you can mismatch then as you mentioned above. One of the reasons you might mismatch would be a common one where the VS listens on 443 and decrypts SSL for HTTPS traffic and then passes that decrypted traffic to the pool member on 81 so that those individuals who manage the website can differentiate between HTTP traffic on 80 and HTTPS traffic received on port 81. Again ultimately the ports not matching is completely up to the individuals who use that particular virtual server and who manage the servers that you are balancing to.

    This second piece, the alias port in the health monitor is a way to force the health monitor to check a different port than what the PM is listening on with its configured SP. By default if your PM is configured to listen on port 80 then the health check without an alias port will send the health check to port 80 as well. So the PM could be listening on 81 but you want to health check on 8080 to validate something else that the server is doing that could be a dependancy for the website working that port 81 couldn't validate properly. Hopefully this is what you were looking for but if you require additional information please let us know and we can hopefully assist with that.

    • AhmedMS's avatar
      AhmedMS
      Icon for Altostratus rankAltostratus

      Thanks, Paulius for the answers.

      I am a little bit confused about VS service port. If an application owner requests VIP for his app, and he just gave me the VIP and real servers' IPs and listening ports. Now all I have is (pool members - VIP), however, I still don't know which port should the VS be listening on. Is it something that should be provided or I should consider pool members' service ports and VS itself the same ports?

      For the second piece, so if the PM is listening on port 7000, and I did alias port on the health monitor to be * or 7000 there is no difference. Did I get it right? In general cases, and as a default setting, should the alias port match the PM service port?

      Regards,

      • Mike757's avatar
        Mike757
        Icon for MVP rankMVP

        Hi Ahmed,

        If no one tells you otherwise, I would say keeping the VS port the same as the service port on the pool members a good initial approach. But in your place I would confirm with the application owner.

        When the monitor has an alias port of *, the port used is whatever is defined in the pool member. So it's usually ok to leave the alias with its default value of *:*

        Forcing the alias is useful in a couple of situations I've encountered (and probably a few more I don't remember out of the blue):

        - When the pool member listens on all ports and you want to test a specific service, say http on port 80, you would need to use 80 as alias port.
        - When the application owner runs a healthcheck service on a different port. Imagine a web server running on 443, and another service on 8443, which must also be running for the server to work properly. You can use a "normal" monitor with the default alias to check 443, another monitor with alias *:8443, and consider the server as "up" only when both monitors are up.

        Makes sense?

        /Mike

  • Hi AhmedMS , 
    Virtual server port : is the port that you assign to the virtual server to listen on , for EX: you need to publish a { http } Application , so you shoud create a virtual server ip with the proper service port { 80 for http } to map all connections which destinated to your http application via this virtual server. 
    NOTE : you do not have to assign port 80 for http traffic you can use any custom port , I use it for simplicity. 

    The Alias service port in Monitors : from its name it is a monitoring related , you want to create a custom monitor to check the availability if this application runs this port properly or not. 
    For Example : you have a application server listens on port 777 and you need to check if this service port up and available or not in this case , you do not only assign a normal tcp monitor which perform only {SYN , SYN-ACK , ACK} you need to be more specific and check the service itself up and running or not , so when you create an Alias with service port "777" it will go to check the service itself periodically it will ask for "777" I want to say that.


    this is widely used when you want to monitor the Backend servers which listen on differnet ports other than the pool members service ports. 

    I hope you find this answer insightful.

  • Dear Mohamed, Mike, Paulius 

    Many thanks for your support, your time, and your efforts. You all made my point, and I appreciate that very much. 

    Kind Regards,