Forum Discussion

thistuffjuice_3's avatar
thistuffjuice_3
Icon for Altostratus rankAltostratus
Sep 06, 2017

LTM L4 Monitor's on Pool-Member's via Proxies

Hello

 

I could not find any relevant questions on the DevCentral DB, and thought it also may help other's if we can collaborate on an answer. I am currently testing this myself, and will update results shortly.

 

If a back-end pool-member is reachable from the F5 self-IP address or floating address via a proxy which could be intercepting on the service-port and acting as a L3 inter-vlan routing device to reach the pool-member. I assume that the health-monitor for example if using a standard TCP monitor with an alias service port E.G TCP80 will send a SYN and actually establish a three-way handshake with the proxy rather than the pool-member? Does the F5 L4 health-monitor's have any kind of mechanism that could prevent this almost "spoofing-like" behaviour? Unfortunately most captures at present on an example proxy shows both F5 and server IP address due to the proxy is acting on behalf of the pool-member.

 

Many thanks in advance.

 

No RepliesBe the first to reply