Sunday 29 December 2019

interview questions 2

Difference between Node and Pool Member:--

Node and Pool member are 2 terms used commonly in F5 LTM....

The difference between a node and a pool member is that a node is designated by the device's IP address for ex..
192.168.10.10,while pool member icludes an IP address and service for e.g.:--
192.168.10.10:80==Pool member is a combination of IP and POrt.

>>we can not apply tcp or http health monitor because
node is just an ip address of your server.
.another key difference between 2 terms is that while used to report status of device itself,a health monitor for a pool member service running on the device.

>>Can i apply http health monitor in Node?
 so answer is no....we can only ping(icmp) health monitor on node.

Health monitor can be applied on Pool and Poll member


 then go the nodes


then we will click on the particular node
then u will go to pool ---pool member  then health monitor



=========================================================lli===========================================================================================================================
1.NAT--One to One mapping between two IP address in F5.

For instance,between a private IP and external Public Ip.THis means that if any traffic coming from external client sends a request to the Public IP address on which NAT

NAT is listening it will automatically get translated to internal IP address that is define in NAT.

Same concept is applied when internal node wants to communicate with internet.

Hide NAT.

----------------------


As seen in the picture that NAT is only applied one to one mapping
but if there is need to apply many to one mapping then how you

can do it?

Answer--- SNAT

SNAT--Many to one--When many internal IP address wants to communicate with internet.


Why we need SNAT?

1.SNAT provides a more secure mechanism when translated internal IP address to public routable IP address

SNAT is unidirectional and they can only listen for traffic coming from a specific origin address and not destined to the SNAT address

SNAT can be used for many nodes in F5 on internal network who wants communicate with internet.

SNAT is also often used to solve routing complexity.

In a typical scenario when an external client wants to connect to virtual server and connection is established after that pool members need to get selected and another connection  is established between F5 and Pool member.

when looking at the connection flow the destination IP address is different depending if the connection is from external or internal side.

However the source ip address will remain same without SNAT.

When the pool member responds the BIGIP will replay back to client.

 SNAT can be usefull when your server gateway is not F5 and you wants your original traffic abd return traffic to take same path

To resolve this we configure SNAT.

============================

=====================================



No comments:

Post a Comment

iRule

  iRule: -- o iRule is a powerful and flexible feature within the BIG-IP local traffic management (LTM). o IRule is a powerful & flexibl...