OneConnect feature

 The OneConnect feature works with HTTP Keep-Alives to allow the BIG-IP system to minimize the number of server-side TCP connections by making existing connections available for reuse by other clients.

For example, when a client makes a new connection to a BIG-IP virtual server configured with a OneConnect profile, the BIG-IP system parses the HTTP request, selects a server using the load-balancing method defined in the pool, and creates a connection to that server. When the client's initial HTTP request is complete, the BIG-IP system temporarily holds the connection open and makes the idle TCP connection to the pool member available for reuse.

When a new connection is initiated to the virtual server, if an existing server-side flow to the pool member is idle, the BIG-IP system applies the OneConnect source mask to the IP address in the request to determine whether it is eligible to reuse the existing idle connection. If it is eligible, the BIG-IP system marks the connection as idle and sends a client request over it. If the request is not eligible for reuse, or an idle server-side flow is not found, the BIG-IP system creates a new server-side TCP connection and sends client requests over it.

Basics

 Self ip is ip address which will be used when polling of monitor. The ip address big ip will use is self ip. Eg if u set http monitor on server side you will connection attempts from self ip for monitoring.

Floating ip address is the virtual ip or HA ip for connection if your not using snat. This is case when use automap.

Snat .. source nat or secure nat is the ip address you define for connecting to pool member when traffic is initiated to access vs/application.

Client ip -- VS ip - SNAT ip (this will be the client ip server will see) -- server ip.

** tried brief in basic level.

Cookie Hash and HTTP Cookie Insert

 Cookie Hash

The Cookie Hash method consistently maps a cookie value to a specific node. When the client returns to the site, the BIG-IP system uses the cookie information to return the client to a given node. With this method, the web server must generate the cookie; the BIG-IP system does not create the cookie automatically as it does when you use the HTTP Cookie Insert method.

HTTP Cookie Insert

Using the HTTP Cookie Insert method, the information about the server to which the client connects is inserted in the HTTP header of the response from the server in the form of a cookie. By default, the cookie is named BIGipServer<pool_name> and includes the encoded address and port of the server handling the connection. The system sets the expiration date for the cookie based on the Expiration setting in the cookie persistence profile. HTTP Cookie Insert is the default value for the Cookie Method setting.

source:F5.com

Processing the traffic

 

Basic terminology

• NODE = Real IP address of server
• Pool Member = Real IP address + Port
• Pool = Grouping of pool members
• Pool members do not have to listen on the same port. They can be on same IP address and different port number.
• Virtual Server = IP address + port often called a listener as it is actively listening for inbound traffic to process it and load balance to its pool. BIG-IP is default deny device. So without configuring any listener BIG-IP donot process any client traffic.

 Processing the traffic

Before virtual server can process the traffic you have to map it to a pool. When packet arrive, BIG-IP translates the destination IP address from virtual server to real server. The client sees the pool of servers as a single server (virtual server). You can also configure so BIG-IP translates the virtual server destination port to the real server destination port.

Step by step traffic processing

1. 1.client resolves the virtual server address via its configured DNS service
2. 2.client initiate request to virtual server destination IP address and by Internet routing process the packet arrives to BIG-IP device
3. 3.BIG-IP takes the packet and process it by virtual server configuration. By default LTM translates destination. address to pool member, but leaves the source address untouched.
4. 4.BIG-IP uses combination of monitor results, persistence, load balancing method and other settings to choose pool member.

And here is the catch called „golden rule“. The RESPONSE packet must traverse through the BIG-IP otherwise it will not work. The BIG-IP is the one who translates the packet, i.e. the return way must go through it. If client machine has configured default gateway on different location than BIG-IP we got asymmetric routing problem. To solve this issue the pool members must have either default gateway configured on BIG-IP device or we have to use SNAT (secure nat or source nat).

It is important to realize that BIG-IP is doing much more than just NAT. It implements something called „full proxy architecture“. It handles separate client and server connections, this means it has separate tcp connections for client and for the server. Look at picture.

Configuring pools and Virtual servers

Go to Local traffic and pools, click on create. To configure virtual server go to local traffic and click on virtual server, create new. An important feature in web configuration utility is Network Map (in Local traffic also). Network Map allows you to see all configuration for virtual servers in one screen, including the virtual server, irules and pool member statuses. This can be very useful when all you need is quick overview/status of your BIG-IP configuration.

Statistics

You may also need to check statistics of how the BIG-IP distributes the packets along the pool and how big traffic you are actually processing. You can check statistics two ways. From the overview, statistics, local traffic and choose what you want to see (pools, nodes). Or directly from every local traffic tab (virtual servers, pools) there is statistics header menu. Check the screen.

Logs

Navigate to System – Logs to see the actual logs.

Disable vs Forced offline

You can put pool member to forced offline or to disabled status. What is the difference? Disable status disable all new connections but processes all ongoing persistence sessions and connections. Forced offline disables all new connections and ongoing persistence sessions but keeps the ongoing connections.