Forum Discussion
NimbostratusLoad Balancer to web servers
Hi, I would well balance workload on two different web servers listening on https
- Web Server 1 : 2: Web Server 2 :
I was thinking to use a Load Balancer that is running on an host A.B.C.D.X and listening on a https, so it well distribute the load on and using the Round Robin method.
I would use F5 Big-IP LTM to deploy this configuration.
I installed Big-IP F5 on a system that has two network adapter with these IPs:
10.10.10.X A.B.C.X I launched 10.10.10.X in browser to configure the Balancer-
I have crated a Pool on F5 BIG-IP : "my_pool" with two members:
M1: NODE1 with address A.B.C.D.E and Service Port 9343 M2: NODE2 with address A.B.C.D.F and Service Port 9343
Then I have created a Virtual Server: my_VirtualServer (Type Standard) to distribute load to the above two web servers (assigning it the "my_pool" pool)
I have set : Source Address 0.0.0.0/0 , Destination Address A.B.C.X:443 https
but this configuration doesn't work, At each test : connect to https:A.B.C.X:443 by the browser, the browser opens the Management F5 BIG-IP application instead of to connect one of the two above WebServers.
How can be managed this type of configuration ?
- P_K
Altostratus
Can you post output of browser when you connect to ?
tocotti_331571- tocotti_331571
- tocotti_331571
Added the logon that I see and the page after the logon Thanks
- boneyard
MVP
your virtual server shouldn't be on the same IP as the self IP, give it another IP in the range of one of the self IPs.
- P_K
As boneyard said, please use a different IP for your VS with-in same subnet of your self IP. Let us know if you have any questions
wlopezCirrocumulus
You need to use a different IP address for your virtual server. If the two web servers are in the same subnet as the IP address you use for the virtual server you'll need to activate SNAT Automap. If your not doing ssl offloading on the F5 that should be enough. If you are doing ssl offloading you'll need to create a client ssl profile with the certificate and private key for the website. You'll need to activate both the client-ssl profile and a server-ssl profile on your virtual server. You might also want to use an https health monitor for your pool.
Hope this helps!
- tocotti_331571
Hi, Following above suggestions, I have applied these changes:
- WebServer1 is on 10.10.10.56 listening on https 9343
- WebServer1 is on 10.10.10.58 listening on https 9343
On linux system hosting the F5 BIG IP, I configured : - a network interface with ip 10.10.10.54 communicating with 10.10.10.56 and 10.10.10.58; - F5 management interface is on IP 1.1.1.54; - Defined Virtual Server , with Destination address 9.A.B.54 , port 443 - https;
with Source addresses 0.0.0.0/0, with Client and Server SSL profiles;
with node members associated to the web servers 10.10.10.56 and 10.10.10.56 (up and running OK);But if I launch from external client browser : it opens the F5 Management Interface instead of redirect to one of web servers
I see only for less than 1 second a string "redirect" in the middle of browser page, but it returns to the F5 management interface
wlopez_98779You need to use a different IP address for your virtual server. If the two web servers are in the same subnet as the IP address you use for the virtual server you'll need to activate SNAT Automap. If your not doing ssl offloading on the F5 that should be enough. If you are doing ssl offloading you'll need to create a client ssl profile with the certificate and private key for the website. You'll need to activate both the client-ssl profile and a server-ssl profile on your virtual server. You might also want to use an https health monitor for your pool.
Hope this helps!
- tocotti_331571
Hi, Following above suggestions, I have applied these changes:
- WebServer1 is on 10.10.10.56 listening on https 9343
- WebServer1 is on 10.10.10.58 listening on https 9343
On linux system hosting the F5 BIG IP, I configured : - a network interface with ip 10.10.10.54 communicating with 10.10.10.56 and 10.10.10.58; - F5 management interface is on IP 1.1.1.54; - Defined Virtual Server , with Destination address 9.A.B.54 , port 443 - https;
with Source addresses 0.0.0.0/0, with Client and Server SSL profiles;
with node members associated to the web servers 10.10.10.56 and 10.10.10.56 (up and running OK);But if I launch from external client browser : it opens the F5 Management Interface instead of redirect to one of web servers
I see only for less than 1 second a string "redirect" in the middle of browser page, but it returns to the F5 management interface
- tocotti_331571
Hi, Following above suggestions, I have applied these changes:
- WebServer1 is on 10.10.10.56 listening on https 9343
- WebServer1 is on 10.10.10.58 listening on https 9343
On linux system hosting the F5 BIG IP, I configured : - a network interface with ip 10.10.10.54 communicating with 10.10.10.56 and 10.10.10.58; - F5 management interface is on IP 1.1.1.54; - Defined Virtual Server , with Destination address 9.A.B.54 , port 443 - https;
with Source addresses 0.0.0.0/0, with Client and Server SSL profiles;
with node members associated to the web servers 10.10.10.56 and 10.10.10.56 (up and running OK);But if I launch from external client browser : it opens the F5 Management Interface instead of redirect to one of web servers
I see only for less than 1 second a string "redirect" in the middle of browser page, but it returns to the F5 management interface
- P_K
Try VS destination IP from same subnet as your self IP or your back-end servers instead of 9.A.B.54.
- boneyard
why show all IPs and then do 9.a.b.54, it feels like you are trying to hide things which make it difficult for us to trouble shoot and really don't matter as this is test any way right?
should us some configuration snippets of what you created.
- tocotti_331571
I followed this configuration got in a demo video of F5 , and I applied the ip in green, red and blue. I would not hide things . Actually A is 49 and B is 35 . Then consider the network 9.49.35.x
