Forum Discussion

JustCooLpOOLe's avatar
JustCooLpOOLe
Icon for Cirrocumulus rankCirrocumulus
Sep 20, 2017

Loadbalancing MS SQL Servers - Read Only Copies

Hi,

 

I have a question about authentication when it comes to loadbalancing MSSQL servers. Since the F5 is a full proxy, there are essentially two connections. One from true client to the F5 and one from the F5 to the pool member. How is the authentication handled to the backend pool member? My AD login would be domain\seespotrun. What does the F5 do with that login information as the request goes of port 1433? I don't see any profiles for databases servers in Local Traffic -> Profiles so curious as to how this is handled.

 

Any help is greatly appreciated.

 

  • You have to realize that without appropriate traffic profiles, the BigIP literally doesn't care what you are doing above layer 4 of the OSI model. It's not even aware of it. So if you have a standard virtual server load balancing to a pool of MySQL servers, the full proxy would look something like this to the BigIP:

    : <---> :/: <---> :

    So the BigIP would pass the payload onto the SQL server without inspecting it. It wouldn't matter if you were sending active directory credentials or an HTTP POST with the current stats for the San Francisco Giants. Of course the back end server would care very much, and would respond differently to the one versus the other.

    So the BigIP will pass whatever application data it is given to the back end server, returning whatever the server sends us to the client.