F5 forwarding Mode

F5 forwarding Mode

1. Transparent mode: Performance L4

This type of virtual server. F5 processes packets in a pure four-tier manner, looking only at source IP, source port, destination IP, and destination port. After the packet arrives F5, only the destination IP and port are changed to forward. This part of the data processing method can be transmitted through the F5 PVA chip. So this model will theoretically not consume the CPU. However, the F5 to the PVA forwarding requirements are relatively harsh, there will be a lot of relevant conditions of limitations.

2. Transmission mode: Standard

This type of virtual server takes full proxy processing mode on the packet F5. After a client initiates a request, it is necessary to initiate a follow-up operation after establishing three handshakes with F5. The F5 then establishes three handshakes with the backend real server. F5 maintains two TCP protocol stacks. After applying HttpProfile, F5 handles the packet in the same way as the HTTP protocol. At this point the processing of the data is handled entirely by the F5 CPU. You can also implement the so-called content switch. But this is a much higher CPU drain.

At 172.24.138.79 telnet 172.24.138.201 7701

172.24.138.201:7701 forwarding 172.24.139.148:1700 in F5

On the 172.24.138.79.

11:34:59.925704 IP 172.24.138.79.61097 > 172.24.138.201.7701:s 286925418:286925418 (0) win 5840 <mss 1460,sackOK, Timestamp 2763497529 0,nop,wscale 3>

11:34:59.926382 IP 172.24.138.201.7701 > 172.24.138.79.61097:s 2627151899:2627151899 (0) Ack 286925419 win 4380 <ms s 1460,nop,nop,timestamp 2793374552 2763497529,sackok,eol>

11:34:59.926396 IP 172.24.138.79.61097 > 172.24.138.201.7701:. Ack 1 win 5840 <nop,nop,timestamp 2763497529 2793374552>

11:34:59.928794 IP 172.24.138.201.7701 > 172.24.138.79.61097:p 1:5 (4) Ack 1 win 4380 <nop,nop,timestamp 2793374554 2763497529>

11:34:59.928802 IP 172.24.138.79.61097 > 172.24.138.201.7701:. Ack 5 win 5840 <nop,nop,timestamp 2763497530 2793374554>

On the 172.24.139.148.

172.24.139.148:1700 172.24.139.60:47853

172.24.139.60 to F5 address

The above situation is to do both the destination address translation, has done the original address translation, if only to do the destination address translation, the server gateway point to F5 can be

First type: Performance L4 mode (4-tier data forwarding)

Performance L4 mode 2, where TMM is only responsible for client connection allocation and forwarding, does not change any parameters in the TCP connection, that is, the client connection and server interception is a 1:1 relationship. This is often the case in a general enterprise, because the forwarding rate is fast. However, in the case of some 7-tier packets, such as HTTP, it is recommended to use standard VS mode.

Second Standard vs mode

In this mode, the client and server side of the TCP connection is completely independent, and F5 by default, the client source IP and the background to establish a connection, in the case of opening Snat with Snat address and the background to establish a connection . Standard VS's ports are always open, regardless of whether the server is working in the background. In other words, if the VS open port is 80, in the case of Node A and Node B are down, the virtual IP of the 80 port can still be telnet, but the Web page cannot access.

The third type: Forwarding IP

Generally used for internal and external network connections, without pool Member, forwarding is entirely dependent on the local route. By default, F5 does not have the routing function, need to establish a full 0 vs to open the F5 routing function, wherein, if you want to control only intranet can access the extranet, the outside network cannot access the intranet, you can adjust the "VLAN and tunnel traffic" parameter to achieve.

F5 forwarding Mode