F5 Availability using LTM (Local Traffic Manager)

Hi Everyone,

After sometimes leaving this blog without any update then finaly today I have a bit time to share some knowledge.

Today I would like to share a bit regarding the System Availability, Why this is important ?. One of the task of Cyber Security especially the deffender is to ensure the availability of the system so that the system will enable to serve the user or customer at any time.

Availability is part of the main responsible of the cyber is to ensure C.I.A where it stands for Confidentiality, Integrity and Availability. The main responsibility for Cyber Security is to ensure the balance of these three things.

On this blog I would like to discuss the usage of F5 (Big IP) LTM module to support our requirement of system availability. This feature might help us on maintaining the availability since it can share the load of access, network or other to some server in the pool so that there is no one server will get stressed and fail.

First the Lab that I develop is just a simple lab with the below network topology

Topology

with the above lab we can try to develop the load balancing for http server which transparently handled by F5 without user notice.

Let begin.

Lets asume that you have done your initial F5 setup as the network topology above so that we can directly go to the configuration of load balancing. The overview step are below 

  1. Setup the Server Pool
  2. Setup Virtual Server
  3. Assigning the Virtual Server to a Server Pool

Start with the number 1 step is to setup the server pool

  1. Login to the F5
  2. Create new pool. Go to Local Traffic –> Pools –> Pool List –> Create
    PoolPool2
  3. Create New Pool
    Pool3
    1. Fill up the pool name
    2. Select with “<<” the health monitoring mechanism, I would use http so that F5 will regularly check the http server availability on each server in the pool
  4. Register the resource (server) to become pool member
    Pool4
    1. Set the Load Balancing Method, For simplicity I will use round robin.  
      Pool5
      • Round Robin
        Round Robin method passes each new connection request to the next server in the pool, eventually distributing connections evenly across the array of machines being load balanced. This is the default load balancing method.Roundrobin
      •  
      • Ratio (member, node)
        The BIG-IP system distributes connections among pool members or nodes in a static rotation according to ratio weights that you define. In this case, the number of connections that each system receives over time is proportionate to the ratio weight you defined for each pool member or node. You set a ratio weight when you create each pool member or node.
        ratio
      • Least Connections (member, node)
        The Least Connections methods are relatively simple in that the BIG-IP system passes a new connection to the pool member or node that has the least number of active connections.

        Note: If the OneConnect feature is enabled, the Least Connections methods do not include idle connections in the calculations when selecting a pool member or node. The Least Connections methods use only active connections in their calculations.
        leastconnections

      • Predictive (member, node)

        The Predictive methods use the ranking methods used by the Observed methods, where servers are rated according to the number of current connections. However, with the Predictive methods, the BIG-IP system analyzes the trend of the ranking over time, determining whether a node’s performance is currently improving or declining. The servers with performance rankings that are currently improving, rather than declining, receive a higher proportion of the connections.
        predictive

      • Fastest (node, application)
        The Fastest methods select a server based on the least number of current outstanding sessions. These methods require that you assign both a Layer 7 and a TCP type of profile to the virtual server.

        Note: If the OneConnect feature is enabled, the Least Connections methods do not include idle connections in the calculations when selecting a pool member or node. The Least Connections methods use only active connections in their calculations.
        fastest

      • Observed (node, member)
        The Observed mode dynamic load balancing algorithm calculates a dynamic ratio value which is used to distribute connections among available pool members. The ratio is based on the number of Layer 4 (L4) connections last observed for each pool member. Every second, the BIG-IP system observes the number of L4 connections to each pool member and assigns a ratio value to each pool member. When a new connection is requested, Observed mode load balances the connections based on the ratio values assigned to each pool member, preferring the pool member with the greatest ratio value.
        observed
      • Dynamic Ratio (node, member)
        The Dynamic Ratio methods select a server based on various aspects of real-time server performance analysis. These methods are similar to the Ratio methods, except that with Dynamic Ratio methods, the ratio weights are system-generated, and the values of the ratio weights are not static. These methods are based on continuous monitoring of the servers, and the ratio weights are therefore continually changing.

        Note: To implement Dynamic Ratio load balancing, you must first install and configure the necessary server software for these systems, and then install the appropriate performance monitor.

      • Weighted Least Connections (member, node)
        The Weighted Least Connections (member) method specifies that the system uses the value you specify in Connection Limit to establish a proportional algorithm for each pool member. The system bases the load balancing decision on that proportion and the number of current connections to that pool member. For example, member_a has 20 connections and its connection limit is 100, so it is at 20% of capacity. Similarly, member_b has 20 connections and its connection limit is 200, so it is at 10% of capacity. In this case, the system select selects member_b. This algorithm requires all pool members to have a non-zero connection limit specified.

        The Weighted Least Connections (node) method specifies that the system uses the value you specify in the node’s Connection Limit setting and the number of current connections to a node to establish a proportional algorithm. This algorithm requires all nodes used by pool members to have a non-zero connection limit specified. If all servers have equal capacity, these load balancing methods behave in the same way as the Least Connections methods.

      • Ratio Least Connections (member, node)
        The Ratio Least Connections methods cause the system to select the pool member according to the ratio of the number of connections that each pool member has active.

        Note – If a ratio weight is not specified, it will be treated as a default value of 1.

  5. Click Finish

The next step it to create the Virtual Server, Virtual server is the one who handle the request connection from the client so that user my only know the IP of Virtual Server

  1. Create new Virtual Server (Local Traffic –> Virtual Servers –> Virtual Server List –> Create)
    VirtualServer

    VirtualServer2

  2. Fill up the below information
    1. Name : Your Virtual Server Name Object
    2. Type : Standard
      VirtualServer4

      VirtualServer5

    3. Let the source address = 0.0.0.0/0 means it receive from anywhere
    4. Set Destination Address/Mask = 10.10.10.10 (This is your server IP that to be accessed by user)
    5. Set Service Port = 80/HTTP (I am publishing HTTP Server)

      VirtualServer3

  3. Set the Virtual Server Configuration
    1. Since we are publishing HTTP Server then choose HTTP Profile –> http to enable the F5 manage better connection between user and your server pool
    2. Vlan and Tunnel Traffic : All VLAN and Tunnel –>this to enable the Virtual Server to all VLAN and Tunnel 
    3. Set the SNAT : AutoMap 
      VirtualServer6

      SNAT

  4. Click Finish

Final step is to assign your virtual server to the pool that you created so that whenever the user akses http://10.10.10.10 then it will be directed to the server web1.rioasmara.com or web2.rioasmara.com based on the load balancing algorithm you set during the pool creation. Please follow the below steps

  1. Open the Virtual Server 
    VS
  2. Open the Virtual Server that you created and go to Resources tab and select the default pool that we created before and press update.
    VS2

Then finaly you can access the application hosted in the pool using the IP we defined in the Virtual server which in this tutorial is 10.10.10.10. IP 10.10.10.10 will now point to the web application that you host in the server web1.rioasmara.com or web2.rioasmara.com

Now if you do the high volume request to the IP 10.10.10.10 then the F5 will distribute the connection to the web1 or web2 so that hopefully will improve the availability of the application that can be served to the user. There is additional information for HTTP to enable session handling so that user will not loose their http session after login, there is feature called Persistence load balance. We will cover this matter in the next post. 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s