Forum Discussion

Powershell_Taco's avatar
Powershell_Taco
Icon for Nimbostratus rankNimbostratus
Mar 05, 2021

Load Balance API Calls

I'm having trouble with using an F5 LTM to load balance API calls. It's a pretty simple setup, 2 nodes in a pool, virtual server with service port as 443, client and server ssl profiles created, yet traffic is not making it anywhere. API calls to either individual server are accepted, but calls to the VIP address fail every time. I don't even see traffic on a tcpdump when filtering by the VIP address.

 

Is there anything in particular that needs to be done to load balance these API calls?

9 Replies

  • To add some more detail to this, I have built several other virtual servers in the same way in the past and they are all functioning, so there isn't a routing or addressing problem here. It seems like there is something specific to how these server nodes operate that is causing the traffic to fail.

  • to be sure API calls are just HTTP requests here right? there shouldnt be something special needed.

     

    if you don't see traffic at your VIP then i would say there is some network or client issue. who is making the API call, how, ...? have your confirmed they now use the VIP instead of the individual server? can they reach other VIPs on the same BIG-IP?

    • Powershell_Taco's avatar
      Powershell_Taco
      Icon for Nimbostratus rankNimbostratus

      I was told they were HTTPS but they should just be regular 443 communications as far as I'm aware.

      It's definitely not a network issue, the user who is making the API calls to the VIP is able to reach other VIP's in that same network range. They are definitely using the VIP and not the individual server.

      • boneyard's avatar
        boneyard
        Icon for MVP rankMVP

        ok, yet you say: "I don't even see traffic on a tcpdump when filtering by the VIP address."

         

        so why doesn't it reach the VIP, or does it?

  • If it does not match VIP do the tcpdump on a surce as it could match another VIP as seen in https://support.f5.com/csp/article/K14800 . If the clients are directly trying to access the server IP addresses/DNS names you may need to change the DNS/Networking or the client config or configure a wildcard VIP and make the traffic to go to the F5 device.