cancel
Showing results for 
Search instead for 
Did you mean: 

web proxy load balancing

cymru81
Altocumulus
Altocumulus

We have two web proxy's that we would like to load balance with our F5, how should this look in terms of options for persistence profiles and anything else that would need configuring please?

5 REPLIES 5

Asking this question is too general as if the SWG devices sync the sessions between each other persistance may not be needed etc.

An example:

 

https://support.f5.com/csp/article/K25523645

 

https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-13-1-0.html

 

 

cymru81
Altocumulus
Altocumulus

thanks for the reply, its an LTM not SWG we're using if that makes a difference? 
my misunderstanding too, assumed persistence profile were related to pool members not the actual active standby f5 boxes?
will review docs but thank you again

You misunderstood me. When I said SWG I did not mean F5 SWG but all proxy devices like Symantec, F5 SWG, etc. When you say web proxy I think of forwarding web proxy SWG devices. The persistence works for pool members not for active/standby devices. Better read the F5 LTM Implementations guide as it has many examples and the F5 LTM operations guide.

Still for web proxy traffic it depends if F5 decrypts the traffic as if it does not then cookie persistance is not an option and the web proxy may remove it so it does not work so great with proxy devices. You can play with using SSL persistanse as the traffic now is HTTPS and there is almost no HTTP and as a backup persistance method source address or destination address  but as I mentioned that depends on your web proxy devices. If you use wildcard F5 Virtual server as one article for the cisco proxy I shared the destination address persistance will be the best as the web cache servers link I shared below. If there is NAT or other proxy device before the f5 device then don't even consider source address. Better check the guides first.

 

 

Using SSL session ID persistence (f5.com)

https://support.f5.com/csp/article/K25523645

Exactly how Destination Address Affinity persisten... - DevCentral (f5.com)

Source address persistence supersedes cookie persistence (f5.com)

cymru81
Altocumulus
Altocumulus

thanks for all the replies, the VS is listening on 8080 and the pool members are also on 8080 so no ssl involved so no need for presistence profiles ?