DSR with LTM

Question

&nbsp;
Hello,&nbsp;
I have some questions regarding how effectively DSR mode load balancing works with LTM&nbsp;
Do I need to configure persistance or sticky to make DSR work? In some other vendor load balancer I have seen that persisnace configuration is mandetory (based on source IP) to get DSR working which is a problem in my opinion.&nbsp;
In DSR mode, can I configure Virtual IPs (VIPs) per protocol and per port at the same time? For example, if we configure VIP for DNS (port 53) it works for both TCP and UDP with no way to make it work only for UDP.&nbsp;
When I configure VIPs for DSR operation, I configure loopback interfaces on the real servers with the VIP IP. Is it possible to have health checks aimed to the loopback addresses of the servers instead of the addresses bound to teh ethernet interfaces? So, this way if there is no loopback (with the VIP IP) configured on the real server (may be due to config error), the VIP will fail.&nbsp;
I do not have a Big IP LTM in hand today and facing these problems with the current (non F5) load balancers that we have. So trying to understand if these are generic DSR problems across all platforms or spefic to particular vendors.&nbsp;
AM&nbsp;

nitass · Answer

Do I need to configure persistance or sticky to make DSR work? In some other vendor load balancer I have seen that persisnace configuration is mandetory (based on source IP) to get DSR working which is a problem in my opinion.i think it depends on your application. if there are multiple connection per session, i think persistence is needed. 
&nbsp;  
&nbsp; In DSR mode, can I configure Virtual IPs (VIPs) per protocol and per port at the same time? For example, if we configure VIP for DNS (port 53) it works for both TCP and UDP with no way to make it work only for UDP.i understand you can choose protocol (i.e. tcp, udp, all) under virtual server setting. 
&nbsp;  
&nbsp; When I configure VIPs for DSR operation, I configure loopback interfaces on the real servers with the VIP IP. Is it possible to have health checks aimed to the loopback addresses of the servers instead of the addresses bound to teh ethernet interfaces? So, this way if there is no loopback (with the VIP IP) configured on the real server (may be due to config error), the VIP will fail.i understand health monitor has to be sent to server's ethernet interface address but what health monitor checks is another thing. for example, http monitor. it will mark server up if server responds expected string.

techie1975_1294 · Answer

&nbsp;
&nbsp;
i understand you can choose protocol (i.e. tcp, udp, all) under virtual server setting.
&nbsp;
&nbsp;
And this is possible with DSR correct?&nbsp;
 &nbsp;
i understand health monitor has to be sent to server's ethernet interface address but what health monitor checks is another thing. for example, http monitor. it will mark server up if server responds expected string.
&nbsp;
&nbsp;
Well if you just configure the health monitor to the servers ethernet IP instead of loopback and using DSR, it can very well happen that the LB thinks the server to be up (and will forward traffic to it) but the server will not be able to respond to the client request. In that case we shall see traffic black holing. That's why I am asking if it is possible to do the health check using the servers loopback address.&nbsp;

nitass · Answer

And this is possible with DSR correct?yes 
&nbsp;  
&nbsp; Well if you just configure the health monitor to the servers ethernet IP instead of loopback and using DSR, it can very well happen that the LB thinks the server to be up (and will forward traffic to it) but the server will not be able to respond to the client request. In that case we shall see traffic black holing. That's why I am asking if it is possible to do the health check using the servers loopback address.sorry to not explain well. i mean sending health monitor to ethernet ip but check (somehow) whether application works. it is similar to http health monitor which does GET and verify response before marking server up or down.

Forum Discussion

DSR with LTM

3 Replies

Recent Discussions

preserve client IP on layer 4 VIP

Failed to convert character dclid=%EDclid!

ASM - Parent policy vs OWASPcompliance

Rewrite uri translation not working

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

How to setup DSR in Kubernetes with BIG-IP

The Disadvantages of DSR (Direct Server Return)

iControl REST Cookbook - LTM policy (ltm policy)

Arabic Blackboard F5 series [LTM Idea] باللغة العربية

Virtual Server graphical App for F5 LTM