For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

t_rajneesh_2252's avatar
t_rajneesh_2252
Icon for Nimbostratus rankNimbostratus
Oct 03, 2015

Least connection Method : Load balancing algorithm is not working as expected

Hi All,   Least connection method is not working as expected when used with source affnity persistance. All traffic is diverted to single server. I would like to let you know that Natting ( Public...
Amanpreet_Singh's avatar
Amanpreet_Singh
Icon for Cirrostratus rankCirrostratus
Oct 06, 2015

Hi Rajneesh,

 

The problem is not with the combination of Source Affinity with Least connection. The problem is using NAT on firewall and using source affinity. LB is assuming all the connections to be originating from a single client IP. Have you tried using "only Destination NAT" with LB having default route towards firewall? (assuming it as a traffic coming from Internet)

 

Regards, Aman

 

  • Amanpreet_Singh's avatar
    Amanpreet_Singh
    Icon for Cirrostratus rankCirrostratus
    Oct 06, 2015
    The other reasons I found hypothetically as - 1. If you are running below HF versions with known issue of uneven load balancing https://support.f5.com/kb/en-us/solutions/public/16000/400/sol16487.html?sr=46343907 2. If you have OneConnect profile enabled for this virtual server https://support.f5.com/kb/en-us/solutions/public/2000/000/sol2055.html 3. For the sake of information- https://support.f5.com/kb/en-us/solutions/public/10000/400/sol10430.html
  • t_rajneesh_2252's avatar
    t_rajneesh_2252
    Icon for Nimbostratus rankNimbostratus
    Oct 06, 2015
    Thanks Amanpreet. Image and hotfix details running currently on box. ALso we are not using anyconnect profile here Image: BIGIP-11.6.0.0.0.401.iso HF: Hotfix-BIGIP-11.6.0.4.0.420-HF4.iso Model: BIG-IP 2200
  • Amanpreet_Singh's avatar
    Amanpreet_Singh
    Icon for Cirrostratus rankCirrostratus
    Oct 07, 2015
    Hi, Ok, that should not be a issue. Try to avoid Source Affinity when you are using NAT on firewall. Source persistence. "Source address affinity persistence directs session requests to the same server based solely on the source IP address of a packet" If your traffic is HTTP, I would rather suggest to go for cookie persistence.
  • Amanpreet_Singh's avatar
    Amanpreet_Singh
    Icon for Cirrostratus rankCirrostratus
    Oct 07, 2015
    Hi, Ok, that should not be a issue. Try to avoid Source Affinity when you are using NAT on firewall. Source persistence. "Source address affinity persistence directs session requests to the same server based solely on the source IP address of a packet" If your traffic is HTTP, I would rather suggest to go for cookie persistence.