Forum Discussion
Stuart_Page_131
Nimbostratus
NimbostratusQuestion about Pools
I'm at a new job where I have inherited an existing F5 cluster to manage. I've never managed F5's before.
My understanding of pools based on my previous experience with Kemp HLB's is that they'...
There are reasons to create pools with the protocol listed. Here is why we use it on our environment.
You can create a pool with a wildcard port of 0. This will cause incoming requests to be routed to the port specified on the client side of the request:
If your pool were defined as pool_member:0
client -----> VIP:443 -----> pool:443
client -----> VIP:80 -----> pool:80
This is all fine and dandy but what if you have multiple pools behind a VIP and not all need SSL all the way through.
client -----> VIP:443 -----> pool:80
In this case you would want to create a pool and define the port so that it does not just route to the port the client requested. (you would probably also want to issue an SSL::disable serverside if it SSL from F5 to the server was enabled)
Mark_Stradling_
Cirrus
CirrusThere are reasons to create pools with the protocol listed. Here is why we use it on our environment.
You can create a pool with a wildcard port of 0. This will cause incoming requests to be routed to the port specified on the client side of the request:
If your pool were defined as pool_member:0
client -----> VIP:443 -----> pool:443
client -----> VIP:80 -----> pool:80
This is all fine and dandy but what if you have multiple pools behind a VIP and not all need SSL all the way through.
client -----> VIP:443 -----> pool:80
In this case you would want to create a pool and define the port so that it does not just route to the port the client requested. (you would probably also want to issue an SSL::disable serverside if it SSL from F5 to the server was enabled)
Stuart_Page_131Super helpful, thanks.