Forum Discussion

Nimbostratus

Jul 05, 2017

Single VIrtual Server for Multiple Ports/Protocols

We have a WebRTC Service we want to load balance and handle HTTP (and HTTPS), RTMP, as well as UDP traffic. The problem is that we need to support large ranges of ports (443 HTTPS with SSL terminatio...

Historic F5 Account

Jul 05, 2017

You are correct in that we don't have a way to create a virtual server that only listens for a certain range of ports. Ideally, you would need multiple virtual servers (one each dedicated for HTTP, HTTPS, RTMP traffic respectively). By doing so, you can have the respective SSL or HTTP profile configuration for the HTTP/S virtual servers in order for SSL termination and inspection of L7 traffic to be done for HTTP.

With the HTTP/HTTPS virtual servers taken care of in the above manner, you can have a third one configured to listen on any port (wildcard) for which you can have an iRule configured to drop traffic if it comes in on ports other than 40000-49999. Similarly, one can be configured for the UDP virtual server (which would require a UDP profile, unlike the other 3 which would use TCP so you'll need a dedicated virtual server for this anyway) for which you have traffic coming in on ports 50000-59999 with an iRule configured to drop traffic if it comes in on ports other than 50000-59999 range.

In order to create an iRule that allows for specifying a range of ports, this will be of help for you: https://support.f5.com/csp/article/K6018

funkdaddy_31014
Nimbostratus
Jul 06, 2017
Thanks for the follow-up, that is useful.

My understanding of the port ranges was incorrect, it appears that the traffic on 40000-49999 can be either UDP or TCP (if UDP fails, it will try TCP). I was assuming the UDP traffic would come over another range of ports. I'm not sure if this is possible to serve both protocols over the same VIP, and it doesn't seem you can match Virtual Servers based on the protocol - is there any way you know of to do this, or do we need to devise a failover scenario when UDP fails and maybe sends the client to a different Hostname/IP altogether?

Thanks again, -Funkdaddy
funkdaddy_31014
Nimbostratus
Jul 06, 2017
PS you mention having a separate UDP and TCP Virtual Servers, but how does it know to send UDP to the UDP VS, and TCP to the TCP one? My understanding of Virtual Server selection process only relates to ports and source/dest IPs, not protocol.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Single VIrtual Server for Multiple Ports/Protocols

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Horizon View iApp - Big-IP 17.5

r4600 Tenant CPU Assignment

master key file on vcmp guest HA Cluster different?

F5 Health Monitor Receive String as JSON

Rewrite content in XML schema file.

Related Content

Three Ways to Specify Multiple Ports on a Virtual Server

iControl REST Cookbook - Virtual Server (ltm virtual)

F5 Distributed Cloud: Virtual Sites - Regional Edge (RE)

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire

Multiple source address on virtual server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS