Forum Discussion
rob_79447
Nimbostratus
NimbostratusHelix load balancing on LTM
Can anyone tell me if there is a sample config document that explains how to setup load balancing for a pair of Helix servers that use ports 554 and 6000-9000 ?
I'm a bit of a newbie, so please excuse any ignorance on my part in subsequent replies.
Thanks.
hoolioCirrostratus
Hi,
Based on this doc (Click here), I would guess you could configure a single Performance Layer4 virtual server on an IP and port 0, set to allow all protocols. If the server must be able to initiate arbitrary connections back to the client you'll probably need to configure nPath routing (also called direct return routing). To do this, you configure the servers with the LTM virtual server IP address on their loopback adapter. You probably also need to also enable loose close on the FastL4 profile you associate with the LTM virtual server. SOL4268 has details on using nPath (Click here).
Aaron- hoolioI forgot to add, that once you get the configuration working, you can lock down the virtual server using an iRule or packet filters to limit which ports clients can make requests on. You'll probably also need to use persistence (source address?) to ensure that the client gets sent back to the same server over the course of their session.
Aaron 
rob_79447Many thanks for the replies, Aaron.
I'll review the info in the link that you've provided and see if I can work it out from there.
I'm not too concerned about using the LTM to lockdown access to particular ports as I will be doing this at the firewall, so that shouldn't be an issue.
Again, thanks for the help so far.
Rob- rob_79447Aaron,
One more question for you based on your replies.
The cameras will be sending in streaming video to the VIP on the LTM. This is purely a one-way thing, with the live stream being sent direct from the Helix server to a webpage or mobile device, so I don't think we need to worry about the nPath routing in this situation.
That being the case, would we also then not need to implement the loose close that you mention ?
Rob - hoolioHi Rob,
You only need nPath if the server needs to initiate a connection back to the client. If you don't think this is required, you could try without nPath on the servers and without loose close on the FastL4 profile.
If it doesn't work on the first go, try testing with one client and one server while running tcpdumps filtering on the client and server IP's (tcpdump -ni0.0 -Xs0 host CLIENT_IP or host SERVER_IP) to determine who is trying to send what on which ports. The 0.0 interface is an alias for all server ports. You can check AskF5 SOL411 for details on using/interpreting tcpdump.
Aaron