Forum Discussion
Question about Pools
I'm at a new job where I have inherited an existing F5 cluster to manage. I've never managed F5's before.
My understanding of pools based on my previous experience with Kemp HLB's is that they're primarily a collection of real servers. In the F5 environment I have inherited, many pool names include a portnumber or protocol name. This threw me off, because I always thought that the port/protocol only factors in at the Virtual Server level.
My question is: Do pools have any exposure to port number or protocol? Any good reasons why the previous admins might have named them in this way?
There are reasons to create pools with the protocol listed. Here is why we use it on our environment.
You can create a pool with a wildcard port of 0. This will cause incoming requests to be routed to the port specified on the client side of the request:
If your pool were defined as pool_member:0
client -----> VIP:443 -----> pool:443
client -----> VIP:80 -----> pool:80
This is all fine and dandy but what if you have multiple pools behind a VIP and not all need SSL all the way through.
client -----> VIP:443 -----> pool:80
In this case you would want to create a pool and define the port so that it does not just route to the port the client requested. (you would probably also want to issue an SSL::disable serverside if it SSL from F5 to the server was enabled)
- smp_86112Cirrostratus
Do pools have any exposure to port number or protocol?
Not exactly sure what you mean by that, but certainly Pool Members normally have an IP address and port number. So in that sense, I'd say they do have "exposure". Perhaps that's not what you meant though...
Including port numbers or protocol names in Pool names may or may not make sense, depending on your naming conventions. I can understand developing a naming convention for Pools which includes a port and/or protocol to help associate that Pool with the particular VIP it's used on. In my environment, that doesn't make a lot of sense. We have waaaaay too many objects to try and correlate them based on their names - we have to put everything in a database and use SQL to correlate them.
- Stuart_Page_131NimbostratusThanks for your input.
There are reasons to create pools with the protocol listed. Here is why we use it on our environment.
You can create a pool with a wildcard port of 0. This will cause incoming requests to be routed to the port specified on the client side of the request:
If your pool were defined as pool_member:0
client -----> VIP:443 -----> pool:443
client -----> VIP:80 -----> pool:80
This is all fine and dandy but what if you have multiple pools behind a VIP and not all need SSL all the way through.
client -----> VIP:443 -----> pool:80
In this case you would want to create a pool and define the port so that it does not just route to the port the client requested. (you would probably also want to issue an SSL::disable serverside if it SSL from F5 to the server was enabled)
- Stuart_Page_131NimbostratusSuper helpful, thanks.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com