Forum Discussion
igor_
Cirrus
CirrusF5 TCP Proxy mode
Hi all,
I am trying to mimic some settings from HAProxy and migrate them to F5.
In HAProxy we have what is called TCP proxy mode where HAProxy doesn't terminate SSL connection but just connects the client directly to the backend servers.
That config looks like this:
frontend myfrontend_https
mode tcp
bind 192.168.11.11:443
option tcplog
use_backend web_servers
backend web_servers
mode tcp
balance roundrobin
server s1 192.168.0.10:9443 check
server s2 192.168.0.11:9443 check
So with this config client connects over HTTPS protocol directly to the backend servers and they are served certificates from those servers.
I am not using any certs on HAProxy frontend, nor the backend.
I have looked into F5 documentation and couldn't find anything similar.
Does anyone have any suggestions?
Thanks, Igor
Hi igor_,
if you don't need SSL Offloading, iRules, HTTP profiles, L7-based persistence - why not use the Virtual Server type Performance (Layer 4) instead of type Standard?
Read:
- K01155812: Overview of the Performance (Layer 4) virtual server and
- K09948701: Overview of the FastL4 profile
Specially this "Using the FastL4 profile can increase virtual server performance and throughput for supported platforms by using the embedded Packet Velocity Acceleration (ePVA) chip to accelerate traffic." makes it a good choice for pure L4 loadbalancing.
KR
Daniel
- zamroni777
Nacreous
you simply don't assign http and ssl profiles to the virtual server.
SarahHi igor_ ,
Exactly as what zamroni777 mentioned, in F5 this is called SSL passthrough.
Explained more in below KB articles:
https://my.f5.com/manage/s/article/K65271370
https://my.f5.com/manage/s/article/K14343463
- Daniel_Wolf
MVP
Hi igor_,
if you don't need SSL Offloading, iRules, HTTP profiles, L7-based persistence - why not use the Virtual Server type Performance (Layer 4) instead of type Standard?
Read:
- K01155812: Overview of the Performance (Layer 4) virtual server and
- K09948701: Overview of the FastL4 profile
Specially this "Using the FastL4 profile can increase virtual server performance and throughput for supported platforms by using the embedded Packet Velocity Acceleration (ePVA) chip to accelerate traffic." makes it a good choice for pure L4 loadbalancing.
KR
Daniel
