Forum Discussion
Not a concern. Syslog is a stateless "fire and forget" protocol for the most part.
I drew up a diagram in LucidChart. Attaching.
Virtual server is UDP stateless. Load balancer is green. Ingress/virtual server side is on the left, and egress/node side is on the right.
Pool members run on the same port as the virtual server, so there is no port or address translation happening, except for routing packets to a pool member. No SNAT, no AutoMap.
Syslog packets coming from devices on the network are spread relatively equally across my pool members. This is working as expected and designed.
I also generate syslog packets from the pool members, pointed back at the virtual server. So, like a loopback, except pointed at the virtual server. These syslog-generating scripts run on both servers. And it touches every mode of transport I have ingress to the servers to serve as an advanced health monitor for our own purposes. So, on pool member 1, if I point to localhost:30514, I see all the packets, because they never leave the network stack of the pool member. However, if I point to virtual_server:30514, I see only about half the packets. The other half of the packets, which should be arriving on pool member 2, do not arrive on pool member 2.