cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

reroute traffic to another VIP after passing to App Server in the back-end

Jacqueline_Tadr
Altocumulus
Altocumulus

I'm looking that explains how can I reroute traffic after coming from one VIP to the app servers to go back to a second VIP to load-balance between database servers. Do the latter need to be attached to the F5 like the app servers? Lastly but not least can we do this if we have LTM license only? Thanks

4 REPLIES 4

AlexBCT
MVP
MVP

Hi Jacqueline,

 

Yes, this won't be a problem with an LTM-only license.

The F5 does not have to be directly connected to the database servers, but the F5 will need to be able to reach them. Also, the App servers do NOT need to be able to reach the database servers, they only need to be able to reach the F5.

 

The best way to think of this, is by its connections. There are actually 4 connections involved;

  1. From Client to F5 (app-VS)
  2. From F5 to App servers
  3. From App server to F5 (db-VS)
  4. From F5 to DB servers

 

So although the App server needs the database server to complete requests from the client, each connection is very much on its own and as long as each connection can reach its endpoint, it will work.

 

You can create the second (db) virtual server with the db-pool and possibly enable SNAT Automap if the db servers don't have the F5 as their gateway. After that, configure the db-VS IP address in the App servers as their endpoint for database connections.

 

Hope this helps.

Jacqueline_Tadr
Altocumulus
Altocumulus

Thanks much Alex,

1, 2, and 4 are ok but 3 seems to be my problem.

I'm assuming the 3rd step is to configure something o the app servers who are on the back-end of the F5. Is there anything to configured on the F5 that will allow traffic to route back from the app server to the 2nd vip or this is route setup on the app server?

 

>> I'm assuming the 3rd step is to configure something o the app servers who are on the back-end of the F5. 

 

Correct, it will be somewhere in the App servers that you configure the IP for the db-VS.

 

>> Is there anything to configured on the F5 that will allow traffic to route back from the app server to the 2nd vip or this is route setup on the app server?

 

That should indeed be on the app server as well - the app servers need to know how to reach the db-VS - they don't need to know how to reach the actual DB servers.

Jacqueline_Tadr
Altocumulus
Altocumulus

Thank you Alex!