Testing F5 Load Balancer

Testing F5 Load BalancerI have couple of projects with ECS and F5 Load Balancers. But unfortunately I never worked wit F5 yet. So today I’d like to play a little bit with the virtual F5 Load Balancer. 

First we need to register on F5 site, download corresponding vApp and deploy .ovf.F5 Load Balancer

Select destination networks. In my case Management, Internal, External and HA networks are located on the same distributed switch. For test purpose I decided just use different subnets there.image002image003

After vApp is booted, open a console and login as root/default.

image004

Start config utilityimage005

 Select No to reconfigure a management IP addresses (assigned by DHCP by default).
Next just follow instructions to define IP address, Netmask and default Gateway.image006

Now we are ready for GUI login. Type in the browser https:// YourIP. Use admin/admin to login.image007

 Start Setup utility.image008

 Activate licenses. For trial you have to get the Registration Key via email from f5network@f5.com.image009

Now trial licenses are activated for 90 days.image010

 Check the management network config, set a hostname, correct timezone and change default passwords for root and admin.image011

 When our passwords are changed, we have to re-login.image012image013

I didn’t change Redundancy settings.image014

Lets configure Internal Self IP. Untagged port 1.1 is used for internal communications.image016

External Self and Floating IPs are configured as well. Port 1.2 is used.image017 

HA IP is configured. Port 1.3 is used for HA.image018 

The rest of config is by default.image019

image020

image021

Click Finished.image022

The final F5 network config below. You can see how Internal, External and HA addresses were distributed across eth interfaces (check HWaddr field).

[root@bigip:Active:Standalone] config # ifconfig
HA Link encap:Ethernet  HWaddr 00:50:56:B8:D0:4B 
inet addr:192.168.11.10 Bcast:192.168.11.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:feb8:d04b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1
RX packets:741 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:576706 (563.1 KiB)  TX bytes:180 (180.0 b)

eth0 Link encap:Ethernet  HWaddr 00:50:56:B8:74:32 
inet addr:10.76.246.114 Bcast:10.76.246.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:feb8:7432/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1
RX packets:12705 errors:0 dropped:0 overruns:0 frame:0
TX packets:2927 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4163586 (3.9 MiB)  TX bytes:1068264 (1.0 MiB)

eth1      Link encap:Ethernet  HWaddr 00:50:56:B8:D2:1F 
inet6 addr: fe80::250:56ff:feb8:d21f/64 Scope:Link
UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST  MTU:1500 Metric:1
RX packets:73932 errors:0 dropped:0 overruns:0 frame:0
TX packets:51 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:27067063 (25.8 MiB)  TX bytes:3018 (2.9 KiB)

eth2      Link encap:Ethernet  HWaddr 00:50:56:B8:EA:5F 
inet6 addr: fe80::250:56ff:feb8:ea5f/64 Scope:Link
UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST  MTU:1500 Metric:1
RX packets:73930 errors:0 dropped:0 overruns:0 frame:0
TX packets:41 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:27066362 (25.8 MiB)  TX bytes:2422 (2.3 KiB)

eth3 Link encap:Ethernet  HWaddr 00:50:56:B8:D0:4B 
inet6 addr: fe80::250:56ff:feb8:d04b/64 Scope:Link
UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST  MTU:1500 Metric:1
RX packets:73952 errors:0 dropped:0 overruns:0 frame:0
TX packets:17 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:27068392 (25.8 MiB)  TX bytes:1150 (1.1 KiB)

external  Link encap:Ethernet  HWaddr 00:50:56:B8:EA:5F 
inet addr:192.168.10.100  Bcast:192.168.10.255  Mask:255.255.255.0
inet6 addr: fe80::250:56ff:feb8:ea5f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1
RX packets:1186 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:915348 (893.8 KiB)  TX bytes:180 (180.0 b)

internal  Link encap:Ethernet  HWaddr 00:50:56:B8:D2:1F 
inet addr:192.168.5.10  Bcast:192.168.5.255  Mask:255.255.255.0
inet6 addr: fe80::250:56ff:feb8:d21f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1
RX packets:1762 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1341138 (1.2 MiB)  TX bytes:180 (180.0 b)

 I’d like to check if my interfaces are pingable. I have Linux server in the same network. To get access to IPs in different subnets I have to assign interface aliases.

Lin1:~ # ifconfig eth0:1 inet 192.168.5.164 netmask 255.255.255.0 up
Lin1:~ # ifconfig eth0:2 inet 192.168.10.164 netmask 255.255.255.0 up
Lin1:~ # ifconfig eth0:3 inet 192.168.11.164 netmask 255.255.255.0 up

Lin1:~ # ifconfig
eth0 Link encap:Ethernet  HWaddr 00:50:56:B8:C8:55 
inet addr:10.76.246.164 Bcast:10.76.246.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1
RX packets:359580 errors:0 dropped:90294 overruns:0 frame:0
TX packets:749 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:150438152 (143.4 Mb)  TX bytes:82906 (80.9 Kb)

eth0:1    Link encap:Ethernet  HWaddr 00:50:56:B8:C8:55 
inet addr:192.168.5.164 Bcast:192.168.5.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST  MTU:1500 Metric:1

eth0:2    Link encap:Ethernet  HWaddr 00:50:56:B8:C8:55 
inet addr:192.168.10.164 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1

eth0:3 Link encap:Ethernet  HWaddr 00:50:56:B8:C8:55 
inet addr:192.168.11.164 Bcast:192.168.11.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1

 

LB Internal, External and HA interfaces are pingable now. Everything is OK.

Lin1:~ # for i in 192.168.5.10 192.168.10.100 192.168.11.10; do ping -c 1 $i ; done
PING 192.168.5.10 (192.168.5.10) 56(84) bytes of data.
64 bytes from 192.168.5.10: icmp_seq=1 ttl=255 time=180 ms

--- 192.168.5.10 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 180.916/180.916/180.916/0.000 ms
PING 192.168.10.100 (192.168.10.100) 56(84) bytes of data.
64 bytes from 192.168.10.100: icmp_seq=1 ttl=255 time=105 ms

--- 192.168.10.100 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 105.137/105.137/105.137/0.000 ms
PING 192.168.11.10 (192.168.11.10) 56(84) bytes of data.
64 bytes from 192.168.11.10: icmp_seq=1 ttl=255 time=53.5 ms

--- 192.168.11.10 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 53.584/53.584/53.584/0.000 ms

 

As web services I’d like to use 2x CentOS machines. I’m quite lazy and don’t want to install any web servers. Netcat can be used instead. This primitive script was started on my 1st server.

[root@Web1 ~]# while true ; do echo -e 'HTTP/1.0 200 OK\r\n\r'; echo "Server is Web1" | nc -l 80 ;done

Almost the same was started on the 2nd one.

[root@Web2 ~]# while true ; do echo -e 'HTTP/1.0 200 OK\r\n\r'; echo "Server is Web2" | nc -l 80 ;done

 

Lets proceed.image023

Create the new Pool.pastedimage_0

Specify HTTP Monitor. Balancing method is Roud Robin. Add two Nodes to the pool with HTTP service (port 80).image025

Pool is successfully created.image026

 Next step is Virtual Server configuration.image027

Specify Virtual IP address from the External network. Port is 80 (HTTP).

Specify Source Address Translation to Auto Map. In my case load balancing worked incorrectly without Auto Map option.image028

Next specify the Default Pool which is WebPool in my case.image029

Virtual server is created.image030

Now on consoles of the both servers I see GET requests every several second. What is that?


GET /
HTTP/1.0 200 OK

GET /
HTTP/1.0 200 OK

 These messages are related to HTTP monitor requests. It checks availability every 5 seconds.image031

You can see the Virtual server and Nodes relations in the Network Map section. image032

Go to the Pool > Statistics. No statistic available yet.image033

Lets check if our “Web page” is available now through the Virtual IP? Web1 answered.

Lin1:~ # curl http://192.168.10.100
Server is Web1

Refresh statistics. You can see some statistics for Web1 server.image034

Do the same again. Web2 answered that time.

Lin1:~ # curl http://192.168.10.100
Server is Web2

 Refresh statistics. Web2 info was updated.image035

 

Lets check the same via web browser.image036

 I see that request on the console of my Web1. As you the request to the server sent by Virtual Server (from external virtual IP).

GET /favicon.ico HTTP/1.1
Host: 192.168.10.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20100101 Firefox/17.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

 Refresh the page. image037

Corresponding message appeared on the console of Web2.

GET / HTTP/1.1
Host: 192.168.10.100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20100101 Firefox/17.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

 Lets check what happens in case of one server failure.

Start requests in cycle. Both servers are requested

Lin1:~ # while true; do curl http://192.168.10.100 ; sleep 2; done
Server is Web1
Server is Web2
Server is Web1
Server is Web2
Server is Web1
Server is Web2
Server is Web1

I stopped my Web2.

curl: (56) Failure when receiving data from the peer
curl: (56) Failure when receiving data from the peer
curl: (56) Failure when receiving data from the peer
curl: (56) Failure when receiving data from the peer
curl: (56) Failure when receiving data from the peer
Server is Web1
curl: (56) Failure when receiving data from the peer
Server is Web1
Server is Web1
Server is Web1
Server is Web1

I started Web2 back.

Server is Web1
Server is Web1
Server is Web1
Server is Web2
Server is Web1
Server is Web2
Server is Web1
Server is Web2

So Load Balancer recognized the failure and failed back.

Pool Member (Web2) Up and Down are visible under  System > Logs > Local Traffic.
13

We can see our traffic on the dashboard.12

 Great ! Load Balancing with F5 appliance works just fine !

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s