Forum Discussion
VIP Type decision
From what I understood here, better to set the Standard profile type on the 'Front-end VIP' and Performance HTTP/L4 on the 'Back-end VIP.' All the traffic manipulation (iRule/LTM and WAF) will be done on the first 'Front-end VIP,' then traffic was local only so I can use Performance HTTP
- PauliusFeb 26, 2023MVP
MaxMedov That is the general concensus if you need iRule and WAF functionality on the front-end VIP but really this should be a GSLB function that points to the back-end so that you are not limiting yourself on either tier if the front-end is really just balancing to multiple virtual servers that perform the same function. Even if they didn't perform the same function you could use different FQDNs to make a DNS decision on where to send requests.
- MaxMedovFeb 27, 2023Cirrostratus
Hi Paulius, I am making the routing decision on R53 geolocation and failover records.
But I also want to make a routing for the clients who don't accept the changes and keep hardened DNS records or receive a wrong (long TTL) resolution from their ISP.
The plan is to create a new "customer-facing" VIP, and behind him, the traffic will be routed to the same site or another VIP on another site. (traffic manipulation during the site routes).
For that design, I want to use RestAPI to enable/disable dedicated VIP in the pool member and send the "stuck" client to the right VIP depends the site route needs.
Im debating between Perfomance HTTP and L4 and where to configure them better - on the customer-facing VIP or the VIPs behind (backend).
I using iRules and WAF.
- Amine_KadimiFeb 27, 2023MVP
This sounds like a good approach, all the performance consuming traffic will be handlend in frontend VIP, and backend won't have to do what was already done (waf, compression, ssl, cache...).
Performance L4 sounds OK for its lower impact on processing time unless you need oneconnect to reduce the backend connection table size, which is available in Performance HTTP.
- MaxMedovFeb 27, 2023Cirrostratus
Amine_Kadimi Thank you for your answer!
On the other hand, we have client smoke scripts that initiate the client path.
If the backend VIP is without waf, compression, SSL, cache, etc., the result will not be correct enough. To imitate a client, I should send the script to the frontend VIP directly, but it will route me to the next VIP in the Pool when it site routed to another site. (the primary pool member VIP disabled)
So from that perspective, I need the Backend VIP with all the feathers.
Front VIP can be standard too, but it will do the same work twice and raise the latency
In this case, Performance HTTP /L4 will be better on the front VIP.
Between them, what do you recommend? I should receive all the possible data from the client in the end to collect logs.- Amine_KadimiFeb 27, 2023MVP
Using Performance L4 in the front VIP, I think you will lose the source IP, because HTTP header inserting (XFF) is not suppported
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com