Least connection Method : Load balancing algorithm is not working as expected

Question

Hi All,&nbsp;
Least connection method is not working as expected when used with source affnity persistance. All traffic is diverted to single server.
I would like to let you know that Natting ( Public IP to Private IP) has been done on FW with the VIP ( contains two pool members in Pool).&nbsp;
Please let me know what need to be done to get the connections load balance across pool members.&nbsp;
Is it possible get it done using this way Or need to go with cookie persistance..If possible, what need to be done.&nbsp;
Please help !!&nbsp;
Thank you in Advance.&nbsp;
Regards,
Rajneesh&nbsp;

patrik_jonsson · Answer

Hi&nbsp;
Do you source nat the connection? If you have an http profile cookie persistence is generally recommended. :)&nbsp;
Don't forget to encrypt the cookie for security reasons!&nbsp;
https://support.f5.com/kb/en-us/solutions/public/14000/700/sol14784.html&nbsp;
/Patrik&nbsp;

amanpreet_singh · Answer

Hi Rajneesh, &nbsp;
The problem is not with the combination of Source Affinity with Least connection. The problem is using NAT on firewall and using source affinity. LB is assuming all the connections to be originating from a single client IP. Have you tried using "only Destination NAT" with LB having default route towards firewall? (assuming it as a traffic coming from Internet) &nbsp;
Regards, Aman&nbsp;

amanpreet_singh · Answer

The other reasons I found hypothetically as - 
1. If you are running below HF versions with known issue of uneven load balancing
https://support.f5.com/kb/en-us/solutions/public/16000/400/sol16487.html?sr=46343907 
2. If you have OneConnect profile enabled for this virtual server
https://support.f5.com/kb/en-us/solutions/public/2000/000/sol2055.html
3. For the sake of information-
https://support.f5.com/kb/en-us/solutions/public/10000/400/sol10430.html

t_rajneesh_2252 · Answer

Thanks Amanpreet.

Image and hotfix details running currently on box. 
ALso we are not using anyconnect profile here

Image: BIGIP-11.6.0.0.0.401.iso 
HF: Hotfix-BIGIP-11.6.0.4.0.420-HF4.iso 
Model: BIG-IP 2200

amanpreet_singh · Answer

Hi, 
Ok, that should not be a issue.
Try to avoid Source Affinity when you are using NAT on firewall. Source persistence.
"Source address affinity persistence directs session requests to the same server based solely on the source IP address of a packet"
If your traffic is HTTP, I would rather suggest to go for cookie persistence.

Forum Discussion

Least connection Method : Load balancing algorithm is not working as expected

6 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Intro to Load Balancing for Developers – The Algorithms

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Lightboard Lessons: Local Traffic Manager Load Balancing Algorithms

TCP Nagle Algorithm

Load Balancing Fu: Beware the Algorithm and Sticky Sessions