How can I evenly persist traffic from only 2 clients(Apache) against 2 application servers based on source IP address ?
I'm new on irules and need some help.
We need to loadbalance some web applications through the BIG-IP in the following manner:
In step 1 the first VIP load balances the SSL traffic(passthrough in the BIG-IP) against two Apache servers. This traffic will be more or less evenly distributed against the two pool members because of the diversity in source addresses from the clients.
Persistence can be accomplished by a normal persistence profile based on source address affinity, connected to the virtual server. If there are no other requirements for persistence, we will keep a persistence timeout equal to the SSL session idle timeout.
The Apache servers will decrypt the traffic and authenticate the users with help of the client certificates and a special security product.
The traffic will then be reencrypted and sent to the second BIG-IP VIP(SSL passthrough again) with the purpose to load balance against the 2 application servers for the moment.
But now we will only have the two Apache servers source ip addresses as clients and a big risk that the whole traffic for longer times will be directed against the same pool member. Also here we want the same persistence timeout as in step 1.
How can I accomplish with an irule or otherwise that the traffic in step 2 will be evenly ditributed against the two application server nodes i.e. that traffic from Apache 1 will always go to destination server 1 if the monitoring tells it's up and Apache server 2 traffic will go to destination server 2 ? There could be other reasons(application HTTP session timeout) to keep the client persistent to the same server for longer time than the SSL session timeout value. If the first server is brought down for any reason then it will be necessary of course to send Apache 1 traffic against application server 2. But what would happen then when server 1 is available again and some "normal server 1 users" have persistence against server 2.