Forum Discussion
AhmedMS
Altostratus
AltostratusF5 LTM (ADC) question
Hello Dears, I hope you're doing great. Could someone help me with the below confusing terms and cases: - What is the difference between a Service port and a Virtual port (service port of VS)? When...
Paulius
MVP
MVPAhmedMS In your screenshots I only see that you are comparing service port (SP) in the pool at the Virtual Server (VS) which has no distinction other than one is in the pool and the other is in the VS. The SP is the port in which you want that configuration to listen on, so in the VS this is the port the VS will listen on and receive traffic with the specific perameters of source address, destination address, service port, and protocol. Typically you match the SP in the VS to the same SP for the pool members (PM) in the pool but you can mismatch then as you mentioned above. One of the reasons you might mismatch would be a common one where the VS listens on 443 and decrypts SSL for HTTPS traffic and then passes that decrypted traffic to the pool member on 81 so that those individuals who manage the website can differentiate between HTTP traffic on 80 and HTTPS traffic received on port 81. Again ultimately the ports not matching is completely up to the individuals who use that particular virtual server and who manage the servers that you are balancing to.
This second piece, the alias port in the health monitor is a way to force the health monitor to check a different port than what the PM is listening on with its configured SP. By default if your PM is configured to listen on port 80 then the health check without an alias port will send the health check to port 80 as well. So the PM could be listening on 81 but you want to health check on 8080 to validate something else that the server is doing that could be a dependancy for the website working that port 81 couldn't validate properly. Hopefully this is what you were looking for but if you require additional information please let us know and we can hopefully assist with that.
AhmedMSAltostratus
AltostratusThanks, Paulius for the answers.
I am a little bit confused about VS service port. If an application owner requests VIP for his app, and he just gave me the VIP and real servers' IPs and listening ports. Now all I have is (pool members - VIP), however, I still don't know which port should the VS be listening on. Is it something that should be provided or I should consider pool members' service ports and VS itself the same ports?
For the second piece, so if the PM is listening on port 7000, and I did alias port on the health monitor to be * or 7000 there is no difference. Did I get it right? In general cases, and as a default setting, should the alias port match the PM service port?
Regards,
- Mike757
Hi Ahmed,
If no one tells you otherwise, I would say keeping the VS port the same as the service port on the pool members a good initial approach. But in your place I would confirm with the application owner.
When the monitor has an alias port of *, the port used is whatever is defined in the pool member. So it's usually ok to leave the alias with its default value of *:*
Forcing the alias is useful in a couple of situations I've encountered (and probably a few more I don't remember out of the blue):
- When the pool member listens on all ports and you want to test a specific service, say http on port 80, you would need to use 80 as alias port.
- When the application owner runs a healthcheck service on a different port. Imagine a web server running on 443, and another service on 8443, which must also be running for the server to work properly. You can use a "normal" monitor with the default alias to check 443, another monitor with alias *:8443, and consider the server as "up" only when both monitors are up.Makes sense?
/Mike
