Forum Discussion
NimbostratusQuestion on irules for multiple nodes.
Hi all, I am new to F5 Load balancer and started afew days ago. I understand that F5 LB is to balance the load among the nodes. Is it possible for f5 Load balancer to do somethat it can send to multiple nodes instead of 1 at the same time? The traffic that flow through is for Logs(SIEM).
Load balancer: f5 big ip LTM 4000S Version : 11.6
Example Diagram: images attached.
Thanks.!
18 Replies
Antony2015Altostratus
Yes. LB will distribute the traffic among multiple nodes on each new requests. Could you please brief what you want to achieve in terms of iRule ?
Samir_Jha_52506Noctilucent
Without iRule, you can achieve this task. If you will not attach any method in pool, then it will take round robin & your problem will be solved..
janlaw_195243Hi Jha, Thanks for the reply. I don't see how round robin will achieve it. let's say i have 2 nodes. And i have 10 clients sending in their stuff. If i have round robin, wouldn't i split the traffic half-half? My end result is to have the exact same traffic in both nodes. Thanks.
dragonflymrCirrostratus
Kevin_Davies_40Nacreous
Sounds like you want to mirror the traffic to all pool members instead of spreading traffic across them. In this case you would create a clone-pool for each member then attach this to the virtual server. The first pool member would be in the pool attached to the virtual server. The rest of the pool members would be in clone pools. In other words each pool will have a single pool member.
If you have the following pools with a single member in each...
pool1 - 10.10.10.1:80 pool2 - 10.10.10.2:80 pool3 - 10.10.10.3:80 pool4 - 10.10.10.4:80 pool5 - 10.10.10.5:80The then following commands will create a mirror of traffic to the members.
tmsh create /ltm pool pool1 members add { 10.10.10.1:80 } tmsh create /ltm pool pool2 members add { 10.10.10.2:80 } tmsh create /ltm pool pool3 members add { 10.10.10.3:80 } tmsh create /ltm pool pool4 members add { 10.10.10.4:80 } tmsh create /ltm pool pool5 members add { 10.10.10.5:80 } tmsh create /ltm virtual myvirt destination 192.168.10.10:80 profiles add { tcp } pool pool1 tmsh modify /ltm virtual myvirt clone-pools add { pool2 pool3 pool4 pool5 }- dragonflymr@Kevin, I wonder which Clone Pool should be used here Client or Server? Piotr
- Kevin_Davies_40It would be server because the server side traffc is being cloned ~ sol8573 describes this
- dragonflymrI thought so but it's better to be sure :-), thanks Piotr
- nitass
Employee
just wondering if SIEM does accept clone traffic.
Clone pool traffic is sent from the BIG-IP system to the IDS system (clone pool member) using the IDS system's L2 MAC address. Other packet header information contained in the clone pool traffic, such as the L3 addressing, remains the same as in the original packet sent to the virtual server pool member.sol8573: Configuring the BIG-IP system to send traffic to an intrusion detection system (9.x - 10.x)
https://support.f5.com/kb/en-us/solutions/public/8000/500/sol8573.htmlisn't it easier to use HSL:: or sideband command?
UDP_Packet_Duplication
https://devcentral.f5.com/wiki/iApp.UDP-Packet-Duplication.ashx- Kevin_Davies_40One is an iRule, one uses a built-in feature. The builtin would be faster no? As for udp just change my virtual command to profiles add {udp} for the purpose.
- dragonflymr@nitass, wonder why citation in your post is only present in article about 9.x-10.x configuration but not in 11.x (https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13392.html), is that omission or something changed here? Piotr
nitass_89166just wondering if SIEM does accept clone traffic.
Clone pool traffic is sent from the BIG-IP system to the IDS system (clone pool member) using the IDS system's L2 MAC address. Other packet header information contained in the clone pool traffic, such as the L3 addressing, remains the same as in the original packet sent to the virtual server pool member.sol8573: Configuring the BIG-IP system to send traffic to an intrusion detection system (9.x - 10.x)
https://support.f5.com/kb/en-us/solutions/public/8000/500/sol8573.htmlisn't it easier to use HSL:: or sideband command?
UDP_Packet_Duplication
https://devcentral.f5.com/wiki/iApp.UDP-Packet-Duplication.ashx- Kevin_Davies_40One is an iRule, one uses a built-in feature. The builtin would be faster no? As for udp just change my virtual command to profiles add {udp} for the purpose.
- dragonflymr@nitass, wonder why citation in your post is only present in article about 9.x-10.x configuration but not in 11.x (https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13392.html), is that omission or something changed here? Piotr
- nitass
wonder why citation in your post is only present in article about 9.x-10.x configuration but not in 11.x (https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13392.html),,) is that omission or something changed here?
i do not know why askf5 team does not include it in sol13392. anyway, i think there is no change in behavior between 9.x/10.x and 11.x.
- janlaw_195243
Hi all.
What if i don have IDS, mean i am not able to use clone function? Is there any method to do so that the multiple servers will have the same traffic/results?
thanks
- Kevin_Davies_40It's the same configuration. It's not specifically for IDS devices
- janlaw_195243
Hi all.
What if i don have IDS, mean i am not able to use clone function? Is there any method to do so that the multiple servers will have the same traffic/results?
thanks
