Forum Discussion
NimbostratusPacket and proxy based
CirrusHi,
When you use a packet based solution, the device (like a router or firewall) in the middle of the communication streams just forwards the destination to the endpoint. So there is one connection from client to server. With an access list or firewall rule base you can allow or block traffic. You do not have much control over the traffic passing the device.
When you use a proxy based solution (like F5 BIGIP) there are two connections. One connection from client to F5 BIGIP and one connection from F5 BIGIP to server. This gives you much more control over the traffic passing the BIGIP.
For example you can have a HTTPS on the client side of the connection while the connection to the backend server is just HTTP. So performing SSL Offloading. Or you can use a TCP profile on the client side which is optimized for WAN while the TCP profile on the server side is optimized for LAN.
And when you use iRules, you can do about anything to change the traffic passing the BIGIP.
So if there is no need to change the traffic passing the device in the middle (or maybe it is not allowed by the security policy to 'look' in the traffic flow) you can use a packet bases solution.
If you need control over traffic passing the device, you need to use the proxy based solution.
Hopes this helps.
Regards, Martijn.
CirrusHi,
When the device performs some kind of destiantion NAT-ing, you could say you have packet based load balancing, but in F5 BIGIP the connection to the backend server is a second one so you have proxy based load balancing.
Both types of solution support source IP NAT-ing.
Below an F5 article explaining the connection setups for different types of virtual servers. Hopes this makes thing clear to you.
https://support.f5.com/csp/article/K8082standard
Regards, Martijn.
