Forum Discussion
AH2011
Nimbostratus
NimbostratusPacket and proxy based
Hello All,
I need to understand the main differences between packet based and proxy based solutions in addition to when packet based scenarios will be sufficient?
Many thanks for your help
MvdG
Cirrus
CirrusHi,
When you use a packet based solution, the device (like a router or firewall) in the middle of the communication streams just forwards the destination to the endpoint. So there is one connection from client to server. With an access list or firewall rule base you can allow or block traffic. You do not have much control over the traffic passing the device.
When you use a proxy based solution (like F5 BIGIP) there are two connections. One connection from client to F5 BIGIP and one connection from F5 BIGIP to server. This gives you much more control over the traffic passing the BIGIP.
For example you can have a HTTPS on the client side of the connection while the connection to the backend server is just HTTP. So performing SSL Offloading. Or you can use a TCP profile on the client side which is optimized for WAN while the TCP profile on the server side is optimized for LAN.
And when you use iRules, you can do about anything to change the traffic passing the BIGIP.
So if there is no need to change the traffic passing the device in the middle (or maybe it is not allowed by the security policy to 'look' in the traffic flow) you can use a packet bases solution.
If you need control over traffic passing the device, you need to use the proxy based solution.
Hopes this helps.
Regards, Martijn.
AH2011Nimbostratus
NimbostratusHi Martijn,
Many thanks for your time and effort to explain that. I am also wondering if that explanation applies to load balancing using packet based and proxy based or applies for just one source and one destination setup? secondly, if a solution makes source ip translation for load balancing, which type will be this? Thirdly, will packet forwarding be sufficient in case of layer 4 load balancing? Thanks in advance.