Showing results for 
Search instead for 
Did you mean: 

Persisting to different pool, not members

Here is the problem I'm having a hard time solving. I have 5 pools of servers, each with 3 members. State is maintained across the 3 members in each pool by the application, so I don't need to persist to a specific server, but rather the pool. The one caveat is that if a server goes down, I will need to keep that connection on one of the other servers in that pool. So my question is...



How do I load balance across 5 pools from one virtual server making sure to persist clients to whatever pool they are originally connected to?



I'm assuming this can be done via an iRule, instead of the VIP > Pool > VIP > Pool method being used today.



Any help would be greatly appreciated. Thanks in advance.







What is the criteria you want to use to select the pool if a client doesn't have an existing persistence record? Which version of LTM are you running?




Least connection would be preferrable, but whatever would get me closest to to equal connections across all the pools. I am running 9.4.4.



Thanks in advance.

Actually, what I was thinking wouldn't work. For this scenario, it would be great if you could add a VIP as a pool member of another VIP. In 9.4.x you can send a connection to a second VIP using an iRule, but you can't put a VIP in as a pool member by default. You could try to implement load balancing in an iRule, but it gets complicated trying to implement anything but round robin. Trying to maintain a count of connections per pool member would get very difficult and resource intensive.



There has been a workaround mentioned previously which could work for your scenario. You could create a loopback port with five VIPs (VS2 - VS6: one for each pool of servers). There would be one external VIP (VS1) which references the five loopback VIPs in VS1's pool. Ignore the detail on SSL termination as that wouldn't be required.



VS1 is on a external vlan


VS2 - VS6 are on a dmz vlan


DEST is on an internal vlan


VS1 accepts and terminates ssl using an ssl profile, then passes traffic to VS2 on port80, via a pool containing VS2's ip.


That traffic goes out the dmz vlan port, but needs to come in on another vlan (either internal or external).


VS2 is listening for requests from all vlans (or the one you link to above).


VS2 then sends to DEST via its pool or irule, etc.



If you have the ports free, you can connect two of them directly, and assign one to a dmz vlan and the other to the internal vlan. (Don't put them both in the same vlan as it will create a broadcast storm). If you don't have the free ports, you'll have to play with your switching fabric to get the loop.





I think the loopback idea in 9.x was originally from unRuleY (Click here).



Else, what you have now might be the simplest solution. Anyone else have ideas on this?