I have configured an Active/Standby BIG-IP F5 pair in my other post, you can take a look at the network configuration there. This post will walk you through setting up a basic load balancer between two web servers in my VMware Workstation LAB.
The F5 has two networks one Internal and one External. Clients will come in through the External interface where they will be forwarded to the Internal VIP IP which will load balance the two web servers behind it.
Load Balancing VIP IP (192.168.245.11)
WebServer-1 (192.168.245.20) WebServer-2 (192.168.245.30)
Import SSL certificate into F5
You need to import the cert into the BIG-IP F5 and then create a profile with the certificate so that it’s visible in different drop downs.
1. System > File Management > SSL Certificates List > Import 2. PKCS 12 (IIS) if you have a .pfx file, enter name of the cert 3. Create a profile for the cert: Traffic > Policies > SSL > Client, Create (right side), give the profile a name: mysite.mylab.local
Create a Node
You need to add the servers that will be hosting the web site here and also add the Default monitor that will monitor if the server is up or down.
1. Make sure you are on the Active F5 Node 2. Local Traffic > Nodes > Node List, Click Create (right corner) 3. Add both nodes, for Health Monitor leave Node Default: Name: mysite_WebNode1 Address 192.168.245.20 Name: mysite_WebNode2 Address 192.168.245.30 4. Configure Default Health Monitor, Nodes > Default Monitor, choose icmp 5. Click on Nodes > Node List, they should be green 6. Now you will create a pool and attach the nodes to it.
Create a Pool
This step will create the pool, then you will add two web servers (nodes) here and specify which port the nodes will listen on.
1. Local Traffic > Pools > Pool List, click Create (Top right corner) 2. Add the two web serves to the pool and specify the port Name: mysite.mylab.local-pool Health Monitors: https, Priority Group Activation: Node List, from drop down select both nodes with Service port 443/HTTPS and add to New Members section. 3. Your Pool is created it should be green, you can click on it and select Members tab to see details, both nodes should be green as well. 4. Now you will create a VIP and add link it to the pool.
Create a Virtual Server (VIP)
This step will create the Virtual IP, specify which port it will listen on. Then you can configure what certificate you want to the client to see. You can also specify if you want the F5 to use a certificate to talk to the Web Serves behind the VIP.
1. Local Traffic > Virtual Servers > Click Create (Right corner) Type: Standard Source Address: 0.0.0.0/0 Destination Address/Mask: 192.168.245.11 Service Port: 443/HTTPS SSL Profile (Client): mysite.mylab.local SSL Profile (Server): serverssl Source Address Translation: Auto Map 2. Resources TAB, attach VIP to the pool Default Pool: mysite.mylab.local-pool Default Persistence Profile: source_addr 3. Make sure the pool shows up green
Browse the sites through the VIP
Create a Node Walkthrough
Here are some screenshots that walk you through adding the web servers so that they will show up as available nodes.
Make sure you are on the correct node
Local Traffic > Nodes > Node List, click Create (Right side)
Add both nodes, for Health Monitor leave Node Default:
Name: mysite_WebNode1 Address 192.168.245.20
Name: mysite_WebNode2 Address 192.168.245.30
Adding the second WebNode
We can see both web nodes created but they are not green, you need to configure the default monitor as we specified it above.
Add the default monitors, the above nodes don’t show green. Choose basic icmp for the lab environment.
Create a pool Walkthrough
Local Traffic > Pools > Pool List, click Create (Top right corner)
Add the two nodes to the pool
Name: mysite.mylab.local-pool Health Monitors: https, Priority Group Activation: Node List, from drop down select both nodes with Service port 443/HTTPS and add to New Members section.
The pool list has been created
Click on it and click on Members, make sure they show up green
i shut down one of my servers and i can see the node went down and turned red
Create a Virtual server VIP
You will create a Virtual IP and then link it to the pool which has the two web serves behind it.
Local Traffic > Virtual Servers > Click Create (Right corner)
Assign an IP to the VIP 192.168.245.11
Type: Standard Source Address: 0.0.0.0/0
Destination Address/Mask: 192.168.245.11
Service Port: 443/HTTPS
SSL Profile (Client): mysite.mylab.local
SSL Profile (Server): serverssl
Source Address Translation: Auto Map
SSL Profile (Client)
When the client connects to the VIP this is the certificate that they will se
SSL Profile (Server)
When the F5 connects to the Web servers this is the certificate that they will see.
Source Address Translation: Auto Map
Assign the VIP to the pool
Default Persistence Profile: source_addr
The VIP is all set up and shows up green
Testing the VIP
Access it by the VIP IP. I created a web.html with “Web Server One” or “Web Server Two” so that I know which node I am being redirected to.
Web server one goes down, the second web server picks up.
Sync Up the F5 nodes
Sync the device to group. I have been doing all of these changes through the Active node bigip1.mylab.local. Now for the second node bigip2.mylab.local to pick up the changes I have to click on bigip1.mylab.local and sync it to the group (Sync Device to Group).
Both F5 Nodes are now synced