For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Steve_07_136055's avatar
Steve_07_136055
Icon for Nimbostratus rankNimbostratus
Apr 25, 2014

Load Balanced services consuming other load balanced services

Hi,

 

Beginner here so trying to understand the required setup. I am putting together the following but I've come across another forum that stated this could be problematic so I wanted to get the best practise opinion from here.

 

I have a LTM 2000s in a two arm deployment. External VLAN called Infrastructure and internal called Apps. I have a pool of 3 x Tomcat servers all listening on port 8080 on apps vlan that are serving an application at a given URL. I have a virtual address, eg 10.10.1.10 on the infrastructure vlan that balances across the 3 tomcat systems.

 

The application that Tomcat runs at the above URL consumes a webservice that also runs on the same 3 Tomcat systems. My thinking is that this web service should be accessed via another virtual address on the infrastructure vlan eg 10.10.1.11.

 

However, this I believe will lead to tomcat A consuming the service on Tomcat B for example and thus the packets, after the initial request, will move directly between them without going via the LTM as they are on the same subnet.

 

This was highlighted as a potential problem based on my reading around various sites comparing one-arm vs two-armed deployments.

 

I'd love to hear if this is a problem and if so, what is the best practise in this scenario.

 

Many thanks in advance,

 

Steve

 

application delivery
deployment
LTM

1 Reply

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Apr 26, 2014

    At a minimum, because the two servers are on the same network segment, you'd necessarily want to use a SNAT. You could create a separate VIP on the app VLAN that the servers use to load balance amongst themselves. Two questions then come to mind:

     

    1. Do you need any kind of persistence across these services? For example, if the client is load balanced to server A, does server A have to persist to itself across the inner VIP? Or is basic load balancing okay?

       

    2. Are the two services running on the tomcat server completely independent of one another? Such that if the web server dies the web service may still be usable? Or would it be reasonable to a) take the server out of rotation if either service failed, and b) simply have the tomcat server talk to itself for web service requests, without going through a VIP.