Forum Discussion

Subrun's avatar
Subrun
Icon for Cirrostratus rankCirrostratus
Feb 26, 2020

SysLog UDP Load Balancing

Hello,   1st of all I require some guideline/suggestion here. I am configuring a Virtual Server from F5 listening on 514 and translating port to 8514 at backend servers. Idea is Systems will sen...
application delivery
BIG-IP
LTM
Mayur_Sutare's avatar
Mayur_Sutare
Icon for MVP rankMVP
Mar 04, 2020

Yes, with layer 4 VIP, we can't configure X-Forwarded-For.

  • danmassa7's avatar
    danmassa7
    Icon for Nimbostratus rankNimbostratus
    Jan 31, 2022

    We are also standing up a VIP to receive UDP syslog traffic on 514.  We then want to send it to a cluster of back-end LogStash servers on UDP port 6008.

    Since UDP syslog is unacknowledged uni-directional traffic it seems we don't need to setup an SNAT.   Without the SNAT the packet with its original src addr will arrive at the LogStash servers.

    Does that sound fine?  That's what we were planning, but have not put it in place yet.

    • RedWave25's avatar
      RedWave25
      Icon for Nimbostratus rankNimbostratus
      Oct 10, 2024

      Late reply but for people that might still google search this.

      "Having F5 VIP and backend server in same subnet does not mean SNAT is not required. If you do not want to enable SNAT, your syslog server default gateway should be F5 so it will complete the session"

      Nothing is needed to complete any session. As you pointed out this is a one way traffic that doesn't need to return back to clients that sends their syslogs through F5. No SNAT required and servers are not required to have F5 as their gateway. I'd also use stateless virtual server as opposed to Performance. Also use special UDP profile.

      https://my.f5.com/manage/s/article/K3605