Forum Discussion

v_sakalkin_9556's avatar
v_sakalkin_9556
Icon for Nimbostratus rankNimbostratus
Jan 21, 2013

F5 LTM balancing by source port

 

Hello, colleagues!

 

We configured Source Address Affinity persistence profile type for Siebel application. But we have a BPM system that must be balanced not by source address.

 

One challenge is that we can't balance http request, because tcp sessions are established to one server, but http requests are balanced between two servers and the first one can drop session by timeout.

 

Could you give me explanation, can F5 balance sessions by source port for certain BPM server?

 

 

Thank you for your advice.

 

config
design

12 Replies

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jan 22, 2013
    Hey. Can you clarify the traffic flow and requirements please?

     

    -Which system is the source (client) and which system is being load balanced (BPM?)

     

    -Are there two distinct types of traffic (HTTP and something else?)

     

    -Do you mean you want to persist based on the client's source port rather than load balance?
  • v_sakalkin_9556's avatar
    v_sakalkin_9556
    Icon for Nimbostratus rankNimbostratus
    Jan 22, 2013
    1. The web-tier of Siebel is load balanced and BPM system is a client

     

    2. There is one type of traffic, HTTP

     

    3. BPM system opens some sessions to load balancer IP. If I persist by source address, all sessions will go to one node of the pool. I want to balance these sessions, but HTTP requests in one session must go to one node (persist by source address: port)
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jan 23, 2013
    OK, understood, thank you. So, can you be certain that each session only has one connection and client source port associated with it. In other words, are you sure BPM doesn't open multiple connections per session?
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jan 24, 2013

    OK, got that. So, this is actually quite simple to implement;

     

     

    1) Don't enable any kind of Persistence on the Virtual Server

     

    2) Ensure OneConnect is not enabled on the Virtual Server

     

    3) Have a HTTP profile assigned to the Virtual Server

     

     

    With that configuration, each individual TCP connection will be load balanced individually to one Pool Member or another yet the requests within each connection will be sent to only the Pool Member initially selected for that TCP connecction; any new connections from the same BPM host will be load balanced uniquely from any existing ones and again, the requests within each will all go to the Pool Member selected on inital connection. Hope that makes sense.

     

  • v_sakalkin_9556's avatar
    v_sakalkin_9556
    Icon for Nimbostratus rankNimbostratus
    Jan 27, 2013
    But we have clients that opens multiple connections per session.

     

    Jan 28 10:08:23 dc-lb1-v111-act tmm[17685]: Rule /Common/HTTP_REQUEST : virtual=/Common/SIEBEL_WEB_LB client_ip=172.16.10.21 client_port=55360 lb_server=192.168.1.9:80 host=192.168.11.183

     

    Jan 28 10:08:23 dc-lb1-v111-act tmm[17685]: Rule /Common/HTTP_REQUEST : virtual=/Common/SIEBEL_WEB_LB client_ip=172.16.10.21 client_port=55362 lb_server=192.168.1.9:80 host=192.168.11.183

     

    Jan 28 10:08:23 dc-lb1-v111-act tmm[17685]: Rule /Common/HTTP_REQUEST : virtual=/Common/SIEBEL_WEB_LB client_ip=172.16.10.21 client_port=55366 lb_server=192.168.1.9:80 host=192.168.11.183

     

    Jan 28 10:08:23 dc-lb1-v111-act tmm[17685]: Rule /Common/HTTP_REQUEST : virtual=/Common/SIEBEL_WEB_LB client_ip=172.16.10.21 client_port=55367 lb_server=192.168.1.9:80 host=192.168.11.183

     

    Jan 28 10:08:23 dc-lb1-v111-act tmm[17685]: Rule /Common/HTTP_REQUEST : virtual=/Common/SIEBEL_WEB_LB client_ip=172.16.10.21 client_port=55368 lb_server=192.168.1.9:80 host=192.168.11.183

     

    Jan 28 10:08:23 dc-lb1-v111-act tmm[17685]: Rule /Common/HTTP_REQUEST : virtual=/Common/SIEBEL_WEB_LB client_ip=172.16.10.21 client_port=55365 lb_server=192.168.1.9:80 host=192.168.11.183
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jan 28, 2013
    Posted By v.sakalkin on 01/23/2013 10:12 PM

     

    BPM doesn't open multiple connections, BPM makes a query and close the session.

    Sorry, I though you said you didn't! Let me rethink this and get back to you.

     

     

     

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jan 28, 2013
    OK, so we'll have to persist on something. What data can we use to identify each series/collection of connections from each other?
  • v_sakalkin_9556's avatar
    v_sakalkin_9556
    Icon for Nimbostratus rankNimbostratus
    Jan 29, 2013
    Can we not use persistance for BPM systems, and use source address persistence for other clients (call center users)? BPM systems runs in 192.168.1.0/24 subnet and End-users run in 172.16.0.0/16 subnet
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jan 29, 2013
    OK, so there are different connection sources. In that case sure, an iRule can do this easily. If you configure a default Persistence profile on the VS of source address, the elseif isn't actually required, I've just included it to demonstrate the possibilities; 

    
when HTTP_REQUEST {
 Check if this is a BPM system
 if { [IP::addr [IP::client_addr] equals 192.168.1.0/24] } {
  If a BPM system, disable persistence
  persist none
  Stop processing the iRule here
  return
  }
 Check if this is a CC user
 elseif { [IP::addr [IP::client_addr] equals 172.16.0.0/16] } {
  If a CC user, enable source address persistence
  persist source_addr
  Stop processing the iRule here
  return
 }
}