SysLog UDP Load Balancing
Hello,
1st of all I require some guideline/suggestion here. I am configuring a Virtual Server from F5 listening on 514 and translating port to 8514 at backend servers. Idea is Systems will send the syslog through this F5 and F5 VIP will eventually send logs to Backend Syslog Connectors.
Traffic Flow is like below
Client >> F5 VIP_IP [ 2.2.2.2] ( Service Port 514 ) ( UDP Profile with FastL4 Profile ) -- >> Backend Syslog Connector 2.2.2.6, 7 on 8514 Port.
Clearly to specify VIP IP and Backend IP are in the same subnet hence I do not need to enable SNAT. Also I was thinking if I enable SNAT at backend how do they identify actually who send the Log. What is the Guideline for this to make sure Syslog can see actual source and Syslog Servers follow return traffic through F5 ?. ( Note that Servers gateway are at Network Device not in F5 )
Also if I set monitor TCP or Gateway ICMP Pool Goes Down. Pool is live only if I set Monitor as UDP. Why is that ?
How I should check that UDP Traffic is load balanced. But this is less important as I need to be sure about the Traffic Flow.
Please advise.
Below is the Virtual Server Config
tmsh list ltm virtual Virtual_Server all-properties
[api-status-warning] ltm/virtual, properties : deprecated : mobile-app-tunnel, urldb-feed-policy
ltm virtual Virtual_Server {
address-status yes
app-service none
auth none
auto-lasthop default
bwc-policy none
clone-pools none
cmp-enabled yes
connection-limit 0
creation-time 2020-02-25:18:47:05
description "Supports Syslog"
destination 2.2.2.2:514
enabled
fallback-persistence none
flow-eviction-policy none
gtm-score 0
ip-protocol udp
last-hop-pool none
last-modified-time 2020-02-25:20:04:58
mask 255.255.255.255
metadata none
mirror disabled
mobile-app-tunnel disabled
nat64 disabled
partition Common
per-flow-request-access-policy none
persist none
policies none
pool SYSLOG_Pool
profiles {
fastL4 {
context all
}
}
rate-class none
rate-limit disabled
rate-limit-dst-mask 0
rate-limit-mode object
rate-limit-src-mask 0
related-rules none
rules none
security-log-profiles none
service-down-immediate-action none
service-policy none
source 0.0.0.0/0
source-address-translation {
pool none
type none
}
source-port preserve
syn-cookie-status not-activated
traffic-classes none
traffic-matching-criteria none
translate-address enabled
translate-port enabled
transparent-nexthop none
urldb-feed-policy none
vlans {
vlan_222
}
vlans-enabled
vs-index 97
}