Design Strategies in F5 LTM–Part 1

A key to an effective, resilient and robust network is a good design. Big IP design is a key for faster and more effective failover leading to greater availability and lesser convergence time. This blog is written with the deployment considerations that are done.
A Big IP works like a switch, having VLAN’s and Spanning Tree Protocol. This enables the Big IP to fit right into your LAN design. You are offered with choices of Active/Standby (Failover) pair or Active/Active or as I like to call it, the “load balance your load balancer” pair, which doubles up on covering for each other. All this is feasible with the concept of “Floating IP”, “Gratuitous ARP” or “Mac Masquerading”.
When the initial configuration of Big IP is done, these are things you need to consider,
  1. What business purpose will this need to serve?
  2. How many businesses are going to be using it?
  3. Where is the load balancer going to be located physically?
  4. Where are the Servers that need to be load balanced going to be located?
Well I have assumed that the Big IP is rightly sized based on the Capacity Planning and licensed as per needs. The above questions will lead us to the answers for one of the most critical things in design, (i.e.) The number of VLAN’s that will be on the Big IP.
We have the following options when designing the Big IP deployments
  1. One Arm Mode
  2. Two Arm Mode
  3. Multi Arm Mode
The number of Arm’s are nothing more but the number of VLAN’s that are created and active on the Big IP. We in this blog will only detail the One Arm Mode:
One Arm Mode is the most common kind of deployment seen nowadays. This is very easy to achieve, this means, creating just one VLAN on the Load Balancer, both the physical servers to be load balanced and the Clients that are try to reach the servers use the same VLAN. So if the Load balancer can reach the clients and servers using that VLAN, we are all set.
This causes the minimum impact on the existing LAN / WAN Design. But it is to be noted that for this to work, we need to enable SNAT (Source NAT) settings on our load balancer.
The below diagram shows the functioning of the One Arm Mode and traffic flow with and without SNAT.
 
image
One ARM Mode – Physical Connection
Traffic Flow (Without SNAT)
image
As you can see without SNAT the traffic flow will be asymmetric and the F5 will block the next packet and so the above will not work. (There is a way to make this setup work as well, that is called n-path in F5 terminology and DR mode (Direct Routing Mode) load balancing in general terms. More on that later.
With SNAT:
image
As you can see with SNAT the traffic flow Normalizes and the connection starts working again.
Thus this is one of the most commonly deployed scenarios in the Load Balancer world, I will be detailing the other modes in my future blog posts, so till then, take care …

Comments

Post a Comment

Popular posts from this blog

Juniper Aggregate Interfaces (LACP/No LACP)

HA Proxy for Exchange 2010 Deployment & SMTP Restriction