How to load ballance transparent devices (SMTP transparent proxy)

First stab, it should be just like load balancing anything else, except turn IP address translation off. The BIG-IP will translate the MAC address (and vlan) but otherwise leave the L3-L4 headers relatively untouched. If you are further LBing some servers behind it you can use a nexthop pool to LB the transparent proxies while the IP address translation gets you to the desired end server.

 

 

Except you may want to touch some L4 information when LB transparent devices. See RFC 2101 for some hints. Your transparent proxies are masquerading the same client address to the back end servers, the servers could get unhappy when they see timestamps or sequence numbers go backwards because the client went through two different transparent proxies. Very hard to debug, the connections just stall and many OSses don't even have the right counters to debug this. You just turn on timestamp re-writes if using fastL4 on the BIG-IP and you should be okay. (full proxy won't have this issue, and sequence numbers are always re-written)

 

 

I'm assuming you don't need any session persistence (e.g. email from the same client goes through same smtp transparent proxy). If so then you'll need some sort of persistence

 

 

Paul