For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

DebbieB_165163's avatar
DebbieB_165163
Icon for Nimbostratus rankNimbostratus
Jul 29, 2014

Problem configuring a simple load balancer for a 2 node HTTPS site

I am configuring a simple setup. One virtual server, and 2 physical nodes. HTTPS protocol.

 

On the Dashboard, the Virtual Server, nodes and pool show as green If I set the health monitor for the nodes to https_443, the nodes stay green, and using a packet sniffer on the nodes, I can see https traffic between the F5 to the nodes.

 

Yet, wheh I attempt to make an https connection to the Virtual IP, I see no connect attempt to either of the two nodes. On the dashboard, it shows the connection to the virtual server, but nothing to either of the nodes.

 

What am I possibly missing? Something very simple I presume.

 

SETUP: 1 Virtual server type: standard destnation: ip address 10.1.1.10 service port: 443 State:enabled Configuration: protocol: tcp http profile:http everything else:defaults Resources: main_pool 1 Pool name: main_pool health monitor:inband Members: node1 address: 10.1.2.10 node2 address: 10.1.2.11 Nodes: node1: health monitors:node specific, icmp node2: (same)

 

Network connection: using Interface 2.1 vlans 800,900,910 Vlan 800: Vlan for virtual server IP vlan 900: vlan for node1 IP

 

application delivery
deployment
LTM
performance

3 Replies

  • shaggy's avatar
    shaggy
    Icon for Nimbostratus rankNimbostratus
    Jul 29, 2014

    It appears that you are using an HTTP profile on an HTTPS site without using ClientSSL/ServerSSL profiles. Try removing the the HTTP profile from the configuration.

     

  • DebbieB_165163's avatar
    DebbieB_165163
    Icon for Nimbostratus rankNimbostratus
    Jul 29, 2014

    Thanks, that helped. Appears I have some more reading to do before I understand what some things do.

     

  • shaggy's avatar
    shaggy
    Icon for Nimbostratus rankNimbostratus
    Jul 29, 2014

    Think of profiles as the F5 interacting with traffic at that 'level'. An HTTP profile tells the F5 to read traffic as HTTP, but since it is encrypted, it is unable to read that traffic. A client-ssl profile allows the SSL session to terminate at the F5, allowing the F5 to read the decrypted traffic as HTTP. A server-ssl profile tells the F5 to establish an SSL session back to a pool member before sending data to that member.

     

    You are currently just load-balancing data at a TCP-level, which may suit your situation if you are not looking to take any http-related actions on the F5 for this application.