For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JustCooLpOOLe's avatar
JustCooLpOOLe
Icon for Cirrocumulus rankCirrocumulus
Sep 20, 2017

Loadbalancing MS SQL Servers - Read Only Copies

Hi,   I have a question about authentication when it comes to loadbalancing MSSQL servers. Since the F5 is a full proxy, there are essentially two connections. One from true client to the F5 and...
application delivery
BIG-IP
LTM
Chris_Grant's avatar
Chris_Grant
Icon for Employee rankEmployee
Sep 20, 2017

You have to realize that without appropriate traffic profiles, the BigIP literally doesn't care what you are doing above layer 4 of the OSI model. It's not even aware of it. So if you have a standard virtual server load balancing to a pool of MySQL servers, the full proxy would look something like this to the BigIP:

: <---> :/: <---> :

So the BigIP would pass the payload onto the SQL server without inspecting it. It wouldn't matter if you were sending active directory credentials or an HTTP POST with the current stats for the San Francisco Giants. Of course the back end server would care very much, and would respond differently to the one versus the other.

So the BigIP will pass whatever application data it is given to the back end server, returning whatever the server sends us to the client.