Web example: Configuring basic Layer 4 server load balancing

Network configuration

As shown in Figure 1, an enterprise uses Server A, Server B, and Server C to provide FTP services. Configure server load balancing to load balance FTP requests from Host among the servers based on source address. For example, enable the device to assign FTP requests sourced from 62.159.4.0/24 and 63.159.4.0/24 to Server A and Server B, respectively; enable the device to assign FTP requests with other source addresses to Server C.

Figure-1 Network diagram

Software versions used

This configuration example was created and verified on R9900P2705 of the F5000-AI-55-G device.

Procedure

  1. Assign IP addresses to interfaces and add the interfaces to security zones.

    # On the top navigation bar, click Network.

    # From the navigation pane, select Interface Configuration > Interfaces.

    # Click the Edit icon for GE 1/0/1.

    # In the dialog box that opens, configure the interface:

    • Select the Untrust security zone.

    • On the IPv4 Address tab, enter the IP address and mask length of the interface. In this example, enter 61.159.4.100/24.

    • Use the default settings for other parameters.

    • Click OK.

    # Add GE 1/0/2 to the Trust security zone and set its IP address to 192.168.1.100/24 in the same way you configure GE 1/0/1.

  2. Configure security policies.

    # On the top navigation bar, click Policies.

    # From the navigation pane, select Security Policies > Security Policies.

    # Click Create.

    # In the dialog box that opens, configure a security policy named Untrust-to-Trust:

    • Enter policy name Untrust-to-Trust.

    • Select type IPv4.

    • Select source zone Untrust.

    • Select destination zone Trust.

    • Enter destination IPv4 address 61.159.4.0/24.

    • Select action Permit.

    • Use the default settings for other parameters.

    • Click OK.

    # Configure a security policy named Local-to-Trust:

    • Enter policy name Local-to-Trust.

    • Select type IPv4.

    • Select source zone Local.

    • Select destination zone Trust.

    • Enter destination IPv4 address 192.168.1.0/24.

    • Select action Permit.

    • Use the default settings for other parameters.

    • Click OK.

  3. Create an ICMP-type probe template.

    # On the top navigation bar, click Objects.

    # From the navigation pane, select Load Balancing > Health Monitoring.

    # Click Create to configure the probe template t1 as shown in Figure-2.

    Figure-2 Creating probe template t1

    # Click OK.

  4. Create an address- and port-type sticky group.

    # On the top navigation bar, click Objects.

    # From the navigation pane, select Load Balancing > Sticky Groups.

    # Click Create to configure the sticky group sticky_group as shown in Figure-3.

    Figure-3 Creating sticky group sticky_group

    # Click Apply.

  5. Create real servers.

    # On the top navigation bar, click Policies.

    # From the navigation pane, select Load Balancing > Server Load Balancing > Real Servers.

    # Click Create to configure the real server rs_a as shown in Figure-4.

    Figure-4 Creating real server rs_a

    # Click Apply.

    # Configure real server rs_b and set its IP address to 192.168.1.2 in the same way you configure real server rs_a.

    # Configure real server rs_c and set its IP address to 192.168.1.3 in the same way you configure real server rs_a.

    # Display the configured real servers as shown in Figure-5.

    Figure-5 Displaying the configured real servers

  6. Create server farms.

    # On the top navigation bar, click Policies.

    # From the navigation pane, select Server Load Balancing > Server Farms.

    # Click Create to configure the server farm sf1 as shown in Figure-6.

    Figure-6 Creating server farm sf1

    # Click Apply.

    # Configure server farm sf2 and specify real server rs_b in the same way you configure server farm sf1.

    # Configure server farm sf3 and specify real server rs_c in the same way you configure server farm sf1.

    # Display the configured server farms as shown in Figure-7.

    Figure-7 Displaying the configured server farms

  7. Create classes.

    # On the top navigation bar, click Policies.

    # From the navigation pane, select Load Balancing > Server Load Balancing > Advanced Policies.

    # Click the Class tab.

    # Click Create to configure the class cls_1 as shown in Figure-8.

    Figure-8 Creating class cls_1

    # Click Apply.

    # Click Create to configure the class cls_2 as shown in Figure-9.

    Figure-9 Creating class cls_2

    # Click Apply.

  8. Create actions.

    # On the top navigation bar, click Policies.

    # From the navigation pane, select Load Balancing > Server Load Balancing > Advanced Policies.

    # Click the Action tab.

    # Click Create to configure the action act_1 as shown in Figure-10.

    Figure-10 Creating action act_1

    # Click OK.

    # Configure action act_2 and specify primary server farm sf2 in the same way you configure action act_1.

    # Configure action act_3 and specify primary server farm sf3 in the same way you configure action act_1.

    # Display the configured actions as shown in Figure-11.

    Figure-11 Displaying the configured actions

  9. Create a load balancing policy.

    # On the top navigation bar, click Policies.

    # From the navigation pane, select Load Balancing > Server Load Balancing > Advanced Policies.

    # Click the Load Balancing Policy tab.

    # Click Create to configure the load balancing policy loadbalance_policy as shown in Figure-12.

    Figure-12 Creating load balancing policy loadbalance_policy

    # Click Apply.

  10. Create a virtual server.

    # On the top navigation bar, click Policies.

    # From the navigation pane, select Load Balancing > Server Load Balancing > Virtual Servers.

    # Click Create to configure the virtual server vs as shown in Figure-13.

    Figure-13 Creating virtual server vs (basic configuration)

    # Click Apply.

Verifying the configuration

  1. Verify that Device assigns Sever A the FTP requests sourced from host IP address 62.159.4.1 and destined to virtual server IP address 61.159.4.200.

    # Access virtual server IP address 61.159.4.200 on the host with IP address 62.159.4.1.

    C:\Users\system>ftp 61.159.4.200

    Connected to 61.159.4.200.

    220 FTP service ready.

    User (61.159.4.200:(none)): admin

    331 Password required for admin.

    Password:

    230 User logged in.

    ftp>

    # On the top navigation bar, click Monitor.

    # From the navigation pane, select LB Monitor > Server LB Statistics > Virtual Servers.

    Figure-14 Displaying virtual server statistics

    # On the top navigation bar, click Monitor.

    # From the navigation pane, select LB Monitor > Server LB Statistics > Servers Farms. You can see that Device assigns FTP requests sourced from 62.159.4.1 to server farm sf1.

    Figure-15 Displaying server farm statistics

  2. Verify that Device assigns Sever B the FTP requests sourced from host IP address 63.159.4.1 and destined to virtual server IP address 61.159.4.200.

  3. Verify that Device assigns Sever C the FTP requests sourced from host IP address 64.159.4.1 and destined to virtual server IP address 61.159.4.200.