1) Standard Virtual Server
--> BIG IP F5 LTM acts as Full Proxy for all the connections in Standard Virtual Server type.
--> A Standard virtual server directs client traffic to a load balancing pool.
--> A Standard virtual server is the most basic type of virtual server used in F5 LTM.
--> The Standard virtual server requires a TCP or UDP profile in F5 LTM.
--> The Standard virtual server may optionally be configured with HTTP, FTP, or SSL profiles if Layer 7 or SSL processing is required.
--> Three-way handshake is established with the Server ( Pool Member) before receiving data packet ( Ex: HTTP GET) from the client in case of Standard Virtual Server is configured only with Layer 4 Profile ( TCP/UDP).
--> The client must send at least one data packet before the server-side connection can be initiated by the BIG-IP LTM system, if a Standard virtual server is configured with Layer 7 functionality, such as an HTTP profile and Layer 4 Profile.
--> The BIG IP LTM will establish a TCP three-way handshake before receiving the data packet in case of FTP traffic ( Layer 7 ) as the client waits for the greeting before sending the data.
--> SSL Profile/Compression Profile/Authentication Profile/Stream Profile Can be configured under Standard Virtual Server.
2) Performance Layer 4 Virtual Server
--> Performance Layer 4 Virtual Server has a fast layer 4 profile.
--> Fast Layer 4 profile uses onboard ePVA FPGA chip in F5 LTM that will help to speed up in processing the traffic.
--> ePVA chip is only present on the F5 Hardware Platforms and not present on the virtual platforms.
--> PVA Acceleration can be configured in three modes
i) Full or Assisted Mode: Forward TCP Connections by using PVA Chip.
iii) None: PVA Acceleration is disabled.
--> Big IP F5 LTM processes the information packet by packet basis.
--> The virtual server and profile increase the speed at which the virtual server processes Layer 4 requests.
--> It does not follow full proxy architecture as Standard Virtual Server.
Note: PVA Acceleration needs to be disabled in case if you want to do a packet capture that is going via F5 LTM.
--> You can check whether the PVA Acceleration is enabled on the virtual server by using the command :
# tmsh show ltm virtual server < server name > ( PVA Acceleration field)
3) Performance HTTP Virtual Server
--> By default, a fast HTTP profile is associated with Performance HTTP Virtual Server.
--> Performance HTTP Virtual Server should be used between the client and server where is less chance of dropped packets.
--> SSL Profile/Compression Profile/Authentication Profile/Stream Profile Cannot be configured under Performance HTTP Virtual Server.
--> Performance HTTP Virtual Server of two types, i) No IDLE Server Side flow ii) IDLE Server Side flow
i) No IDLE Server Side flow: TCP Connection to the pool member will be established only after the client has established a TCP 3-way handshake with f5 LTM.
ii) IDLE Server Side flow: TCP Connection to the pool member will be established before the client has established a TCP 3-way handshake with f5 LTM.
4) Forwarding (IP)
--> A Forwarding (IP) virtual server is similar to other virtual servers, except that a forwarding virtual server has no pool members to load balance.
--> Does not follow full proxy architecture.
--> Uses PVA Chip embedded on the F5 BIG IP System.
--> The virtual server simply forwards the packet directly to the destination IP address specified in the client request.
--> When you use a forwarding virtual server to direct a request to its originally-specified destination IP address, Local Traffic Manager adds, tracks, and reaps these connections just as with other virtual servers.
--> You can also view statistics for a forwarding virtual servers.
5) Forwarding ( Layer 2)
--> We need to create VLAN Group in F5 LTM and assign an IP address to it, for forwarding layer 2 virtual server.
--> Uses PVA Chip embedded on the F5 BIG IP System.
--> Forwarding (Layer 2) virtual server shares the same IP address as a node in an associated VLAN.
--> LTM Processes the packets to the destination server based upon destination MAC Address.
--> Does not follow full proxy architecture.
6) Reject
--> A Reject virtual server rejects any traffic destined for the virtual server IP address.
--> Whenever any SYN Packet comes on to the reject virtual server by sending the reset packet to it.
7) Stateless
--> A stateless virtual server prevents the BIG-IP system from putting connections into the connection table for wildcard and forwarding destination IP addresses.
--> When creating a stateless virtual server, you cannot configure SNAT automap, iRules, or port translation, and you must configure a default load balancing pool.
--> It is basically used for one way UDP traffic.
--> Any traffic coming onto this virtual server will be load balanced to the pool members.
--> Does not check the connection table and it simply forwards the traffic as soon as it receives traffic.
--> The Virtual server is basically used for stateless traffic such as DNS UDP traffic.
--> Note that this type of virtual server applies to UDP traffic only.
8) DHCP Relay Virtual Server
--> Used for relaying DHCP traffic.
--> By using Virtual server the F5 BIG system will listen for client traffic and does relay the DHCP traffic to DHCP server.
9) Internal Virtual Server
--> Internal Virtual Server is used for sending ICAP traffic to ICAP Server for Scanning purposes.
--> Internal Virtual Servers are used by other Virtual Servers by default.
--> This can be done by using a request/response adapt profile where you can specify the Internal Virtual server IP address.
--> We need to configure ICAP Profile to Internal Virtual Server if you want to process ICAP Traffic.
--> The Client establishes the connection with Standard Virtual Server and then this virtual server will establish the connection with Internal Virtual Server.
--> Internal Virtual Server forwards the traffic to one of the Pool members and waits for the Verdict.
--> Then this verdict is forwarded to Standard Virtual Server.
10) Message Routing Virtual Server
--> Message Routing Virtual Server is used for SIP Traffic.
--> Need to configure SIP Profile.
Ref: F5
Md.Kareemoddin
CCIE # 54759
--> BIG IP F5 LTM acts as Full Proxy for all the connections in Standard Virtual Server type.
--> A Standard virtual server directs client traffic to a load balancing pool.
--> A Standard virtual server is the most basic type of virtual server used in F5 LTM.
--> The Standard virtual server requires a TCP or UDP profile in F5 LTM.
--> The Standard virtual server may optionally be configured with HTTP, FTP, or SSL profiles if Layer 7 or SSL processing is required.
--> Three-way handshake is established with the Server ( Pool Member) before receiving data packet ( Ex: HTTP GET) from the client in case of Standard Virtual Server is configured only with Layer 4 Profile ( TCP/UDP).
--> The client must send at least one data packet before the server-side connection can be initiated by the BIG-IP LTM system, if a Standard virtual server is configured with Layer 7 functionality, such as an HTTP profile and Layer 4 Profile.
--> The BIG IP LTM will establish a TCP three-way handshake before receiving the data packet in case of FTP traffic ( Layer 7 ) as the client waits for the greeting before sending the data.
--> SSL Profile/Compression Profile/Authentication Profile/Stream Profile Can be configured under Standard Virtual Server.
2) Performance Layer 4 Virtual Server
--> Performance Layer 4 Virtual Server has a fast layer 4 profile.
--> Fast Layer 4 profile uses onboard ePVA FPGA chip in F5 LTM that will help to speed up in processing the traffic.
--> ePVA chip is only present on the F5 Hardware Platforms and not present on the virtual platforms.
--> PVA Acceleration can be configured in three modes
i) Full or Assisted Mode: Forward TCP Connections by using PVA Chip.
iii) None: PVA Acceleration is disabled.
--> Big IP F5 LTM processes the information packet by packet basis.
--> The virtual server and profile increase the speed at which the virtual server processes Layer 4 requests.
--> It does not follow full proxy architecture as Standard Virtual Server.
Note: PVA Acceleration needs to be disabled in case if you want to do a packet capture that is going via F5 LTM.
--> You can check whether the PVA Acceleration is enabled on the virtual server by using the command :
# tmsh show ltm virtual server < server name > ( PVA Acceleration field)
3) Performance HTTP Virtual Server
--> By default, a fast HTTP profile is associated with Performance HTTP Virtual Server.
--> Performance HTTP Virtual Server should be used between the client and server where is less chance of dropped packets.
--> SSL Profile/Compression Profile/Authentication Profile/Stream Profile Cannot be configured under Performance HTTP Virtual Server.
--> Performance HTTP Virtual Server of two types, i) No IDLE Server Side flow ii) IDLE Server Side flow
i) No IDLE Server Side flow: TCP Connection to the pool member will be established only after the client has established a TCP 3-way handshake with f5 LTM.
ii) IDLE Server Side flow: TCP Connection to the pool member will be established before the client has established a TCP 3-way handshake with f5 LTM.
4) Forwarding (IP)
--> A Forwarding (IP) virtual server is similar to other virtual servers, except that a forwarding virtual server has no pool members to load balance.
--> Does not follow full proxy architecture.
--> Uses PVA Chip embedded on the F5 BIG IP System.
--> The virtual server simply forwards the packet directly to the destination IP address specified in the client request.
--> When you use a forwarding virtual server to direct a request to its originally-specified destination IP address, Local Traffic Manager adds, tracks, and reaps these connections just as with other virtual servers.
--> You can also view statistics for a forwarding virtual servers.
5) Forwarding ( Layer 2)
--> We need to create VLAN Group in F5 LTM and assign an IP address to it, for forwarding layer 2 virtual server.
--> Uses PVA Chip embedded on the F5 BIG IP System.
--> Forwarding (Layer 2) virtual server shares the same IP address as a node in an associated VLAN.
--> LTM Processes the packets to the destination server based upon destination MAC Address.
--> Does not follow full proxy architecture.
6) Reject
--> A Reject virtual server rejects any traffic destined for the virtual server IP address.
--> Whenever any SYN Packet comes on to the reject virtual server by sending the reset packet to it.
7) Stateless
--> A stateless virtual server prevents the BIG-IP system from putting connections into the connection table for wildcard and forwarding destination IP addresses.
--> When creating a stateless virtual server, you cannot configure SNAT automap, iRules, or port translation, and you must configure a default load balancing pool.
--> It is basically used for one way UDP traffic.
--> Any traffic coming onto this virtual server will be load balanced to the pool members.
--> Does not check the connection table and it simply forwards the traffic as soon as it receives traffic.
--> The Virtual server is basically used for stateless traffic such as DNS UDP traffic.
--> Note that this type of virtual server applies to UDP traffic only.
8) DHCP Relay Virtual Server
--> Used for relaying DHCP traffic.
--> By using Virtual server the F5 BIG system will listen for client traffic and does relay the DHCP traffic to DHCP server.
9) Internal Virtual Server
--> Internal Virtual Server is used for sending ICAP traffic to ICAP Server for Scanning purposes.
--> Internal Virtual Servers are used by other Virtual Servers by default.
--> This can be done by using a request/response adapt profile where you can specify the Internal Virtual server IP address.
--> We need to configure ICAP Profile to Internal Virtual Server if you want to process ICAP Traffic.
--> The Client establishes the connection with Standard Virtual Server and then this virtual server will establish the connection with Internal Virtual Server.
--> Internal Virtual Server forwards the traffic to one of the Pool members and waits for the Verdict.
--> Then this verdict is forwarded to Standard Virtual Server.
10) Message Routing Virtual Server
--> Message Routing Virtual Server is used for SIP Traffic.
--> Need to configure SIP Profile.
Ref: F5
Md.Kareemoddin
CCIE # 54759
Awesome, you described all V.S types in a short way and covered all major aspects.
ReplyDelete