Hi, the backend VIP is standard and sends the traffic round-robin between the servers.

@MaxMedov It seems like the better purposed device for the first layer would be a GTM or another device that can perform GSLB since it is going to be performing generic forwarding to a pool of VIPs anyway. Having a VIP to balance to VIPs adds unnecessary delay when the only purpose is to send you to multiple destination VIPs.

The VS type to choose is not obvious because it depends on several factors. Generally speaking:

• Performance L4 is used to forward traffic as fast as possible and the cost is you loose many advanced functionalities which are available on the standard VS.
• Standard VS is the VS to go to take advantage of all the functionalities that the VS can offer, particularly Layer 7 manipulation and optimization. Since you go up to L7, the cost is most processing and time needed to serve traffic.
• Peformance HTTP is a type that is used to increase performance for some types of HTTP traffic, it is only relevant when the traffic condtions are optimal, thus it is most likely not efficient for internet facing traffic.

With that being said, there are many factors that will let you choose one or another, and using Performance L4 does not guarantee that the overall performance will be better: for example the Compression and Acceleration (cache) profiles that are available on the standard type (and not on the L4) can make the overall user experience better than with L4 VS.

On another side, using L4 or performance HTTP VS does not let you associate a WAF policy to the VS, so your backend VS both need to be on an F5 that has the WAF license.

So I think you should conduct a global approach (including the GTM option) to decide what to use. Or just test all the possible types and compare the results.

@MaxMedov That is the general concensus if you need iRule and WAF functionality on the front-end VIP but really this should be a GSLB function that points to the back-end so that you are not limiting yourself on either tier if the front-end is really just balancing to multiple virtual servers that perform the same function. Even if they didn't perform the same function you could use different FQDNs to make a DNS decision on where to send requests.

Hi @Paulius, I am making the routing decision on R53 geolocation and failover records.
But I also want to make a routing for the clients who don't accept the changes and keep hardened DNS records or receive a wrong (long TTL) resolution from their ISP.
The plan is to create a new "customer-facing" VIP, and behind him, the traffic will be routed to the same site or another VIP on another site. (traffic manipulation during the site routes).
For that design, I want to use RestAPI to enable/disable dedicated VIP in the pool member and send the "stuck" client to the right VIP depends the site route needs.
Im debating between Perfomance HTTP and L4 and where to configure them better - on the customer-facing VIP or the VIPs behind (backend).
I using iRules and WAF.

This sounds like a good approach, all the performance consuming traffic will be handlend in frontend VIP, and backend won't have to do what was already done (waf, compression, ssl, cache...).

Performance L4 sounds OK for its lower impact on processing time unless you need oneconnect to reduce the backend connection table size, which is available in Performance HTTP.

@Amine_Kadimi Thank you for your answer!
On the other hand, we have client smoke scripts that initiate the client path. 
If the backend VIP is without waf, compression, SSL, cache, etc., the result will not be correct enough. To imitate a client, I should send the script to the frontend VIP directly, but it will route me to the next VIP in the Pool when it site routed to another site. (the primary pool member VIP disabled)
So from that perspective, I need the Backend VIP with all the feathers.
Front VIP can be standard too, but it will do the same work twice and raise the latency
In this case, Performance HTTP /L4 will be better on the front VIP.
Between them, what do you recommend? I should receive all the possible data from the client in the end to collect logs.

Using Performance L4 in the front VIP, I think you will lose the source IP, because HTTP header inserting (XFF) is not suppported

@Amine_Kadimi, maybe you mean Performance HTTP?
Because in Performance L4, I've:

@MaxMedov Sometimes you can choose the profile but certain features will not work or it will error when you click save or create on the virtual server page. This is similar to when you associate an HTTP profile to a 443 virtual server but don't configure a client SSL profile so when you try the virtual server it just spins.

HTTP traffic is read only when you associate HTTP profile with Fast L4

https://my.f5.com/manage/s/article/K41110335

Yes I said that. Seeing XFF headers in backend logs does not mean they have been inserted by the Performance L4 VS. I'm not aware of your setup and I cannot tell what intermediary server has inserted the headers but if you get them then it's good for you.

For new issues please start a new thread

Thank you @Amine_Kadimi !