In Simple words, F5 Load Balancer is an Application Delivery Controller ( ADC) to manage the delivery of apps and services by F5 Networks, Inc.
let’s have a look at below-mentioned scenarios to understand this awesome concept:
- Suppose your company wants to redirect Android Traffic to the Android web server, not to the other servers because that server is optimized for Android traffic.
- Suppose an application has most of the traffic from the USA but some web traffic from Japan. In this case, you want to redirect your traffic to the webserver that is dedicated to the Japanese language.
- Your website is running on HTTP and you want to redirect to HTTPS.
- Your company has separate webserver for Mobile traffic like m.technicalustad.com and you want to redirect mobile traffic to a web server that is optimized to handle mobile traffic.
Below is an example of traffic flow of F5 Load balancer, where once the user is coming for technicalustad.com F5 Load balancer will send traffic to the First server but when it will receive the traffic for m.technicalustad.com it will send to the second server.
To fulfill the Direct or redirect specific requests to appropriate resources. Intercept, inspect and/or transform requests and/or responses and verify the health of backend servers F5 Load Balancer comes in the picture. 🤴
I will recommend you to watch out the Below mentioned F5 Networks – The Application Networking Story to deep understand the F5 Load Balancer concept.
Most Used Features of F5 Load Balancer
I already explained the use of F5 Load Balancer in the above para now it’s time to explore the Most used Features that you can use in your organizations.
1. Load Balancing
The First and most used feature of the F5 Load Balancer is load balancing the web request across multiple identical servers behind the F5 LTM ( Local traffic manager).
For example, technicalustand.com is growing day by day and heavy web-traffic is coming to the webserver where a single web server is not able to serve all the requests.
In this scenario, we need to add another web server that is identical in the configuration but who will decide which server is busy which server is free to the server the new request in this case F5 Load Balancer comes in the picture like a Boss. 😎
As seen in the below-mentioned diagram, There is three web-server which are hosted behind the F5 LTM.
once the user is coming to the technicalustad.com F5 Load Balancer is deciding it need to transfer the traffic to which server based on the selected load-balancing method.
The default load-balancing method is Round Robin means it will send first traffic to the first server and second server to the second server and so on.
2. Traffic Redirection
Another Most used feature of F5 Load Balancer is Traffic Redirection from one address to another address or one host to another host or Pool or HTTP to HTTPS.
You can understand this with below mentioned two scenarios.
- Your Website is using HTTP and you want to redirect to HTTPS.
You can easily achieve this with the iRules feature ( A Scripting language to redirect your traffic) of F5 LTM.
LTM comes with the default preset of Irules for most used redirections that most of the organizations are using.
if you navigate to Local Traffic > iRules in LTM, you will see the many iRules which F5 verified and created by F5 For you.
2. You have a scenario where, In a Single website you want to redirect to multiple host-based on their parameters.
Ex:- User is one the technicalustad.com and there is a section for review.technicalustad.com or forums.technicalustad.com that is hosted on the other servers in the same network.
F5 Load Balancer is providing two solutions for this either do it with iRule or either with Policy.
The policy is a much easier concept then iRules, you just need to select your condition to build your granular policy.
Watch out the Below embedded video to understand the concept of Policy in detail.
3. SSL Offloading
SSL Offloading is one of the most used features of the F5 load balancer. why? 🤔
Here is the reason:
1. With an SSL offloading feature, we are terminating the SSL traffic on the F5 instead of direct servers that are saving the CPU utilization of the servers.
2. Once you are terminating the SSL traffic on the F5 itself it has complete visibility of the traffic means F5 is able to look at every packet that is passing and the ability to protect with ASM ( Application security manager or WAF).
3. You are easily able to mitigate the Vulnerability of any version of SSL/TLS (Read more in details )
4. Once you have SSL offloading on the F5, you are easily able to control Ciphers, maximum handshake, etc that you can find under the SSL Profile.
Below is the example of one old cipher issue that I fixed.
As you saw in the below screenshot it is showing “obsolete connection settings” 🙄
that you can easily fix it by just selecting the strong cipher sheet in the F5 SSL Profile.
No need to go to each server and fix it by some coding. maybe it’s easy for two servers but just thing what if u have 100 servers in the production. it will take maybe a month to fix it on the server.
Here is the result after changing the cipher settings. 😎
I will recommend you to watch out below mentioned video on “Breaking Down the TLS Handshake”
4. One Connect
One connect is another most powerful feature of the F5 load balancer. It’s cutting down the TCP Three-way handshake to save the CPU utilization of the servers.
Once you are enabling the One Connect profile on the F5, its reducing server-side TCP
connections by reusing the previously opened idle connections on the server
for multiple clients.
I will recommend you to watch out below to embed video to deep understand this concept.
A profile is a feature of the F5 load balancer that makes it more powerful than any other available product in the market.
A Profile is a collection of default or custom settings for controlling the behavior of a particular type of network traffic, such as HTTP connections.
Below the most used Profiles:-
We already discussed the SSL and one connect profile, now let’s talk about the persistence profile that is really important for application delivery.
Persistence is all about associating a user to the same backend server for multiple requests.
You have options of Cookie, IP-affinity, Hash, RDP, SIP, SSL and Universal to configure the persistence in the F5.
Persistence is beneficial in the condition. where you are collecting the user session information like ticketing system, banking system, server is caching the request locally.
I will recommend you to watch out below embedded video to deeply understand the concept of persistence profile.
F5 Loadbalancer is an application delivery controller that comes with a lot’s of features to save the lot’s of resources of the backend servers, providing availability to the application, protecting against many vulnerabilities and additionally it’s very easy to use the F5 ASM (application security manager or WAF) along with load balancer to protect your application against OWASAP top 10 attacks.