Big-IP F5 Local Objects

Nodes

Nodes are real Server, where Applications are hosted. Nodes are identified by IP Address. A Single Nodes can be a part of Multiple Pool members and also can be added to Multiple Pools.

Pool Members

When a Node is assigned an IP address and a specific TCP/UDP service port, which it listens to. These Pool Members then belongs to pool. The Pool member can also be a part of different pool with same or different Service Port.

Pools

A pool consistent of multiple Pool Members. You can either manually add Pool members in pool or choose from a list of previously configured nodes, but service Port must be there.

Below dig defines the Nodes, Pool member and Pool

Virtual Servers

Virtual Server consist of an IP address along with a service port. On Virtual Server, F5 listens and receives the data traffic.

Below are the traffic flow of any application.

• Client will initiates the traffic based on application URL, which will be then resolved to its respective IP address (DNS Resolution)
• When traffic (SYN) packet is received by F5, It will match the VS IP address and its respective Service Port. Once match is done, then the packet will be permitted and processed.
• F5 works on Full Proxy Architecture, three way handshake will be completed and TCP connection will be established with Client.
• Now after 3 Way Handshake is completed, Client will send the application traffic, upon receipt, F5 will load balance the traffic based on load balancing algorithm.
• It will select the Pool, & pool Member and establish the TCP connection to Pool member on service Port, that pool member is listening on.
• Once TCP connection is established, application traffic will be send on respective Pool member.

There are various types of Virtual Server, here we will discuss one by one.

Wild Card Virtual Server

A VS when configured with network IP address of 0.0.0.0, instead of Host IP address is called as Wild Card Virtual Server or default Wild card VS with Port 0. This is used when F5 needs to process traffic that is not specifically destined for itself and is required to process and permit any traffic.

A port specific Wild card VS will always take precedence over a default wild card Virtual Server.

One of the example to use this type of VS is when it is required to send the traffic simply to Router or Firewall.  

A port Specific Wild Card VS is one that has Network IP address 0.0.0.0 along with specific port. Example 0.0.0.0:80 or 0.0.0.0:443.

Below Figure shows when F5 uses to default Wild Card Virtual Server, Port-Specific Wild Card Virtual Server and Non-Wildcard Virtual Server.

When Traffic need to send to destination 143.143.143.143:80, it is using Port-Specific Wild Card Virtual Server. When Destination is 10.10.10.10:80, F5 uses Non-Wildcard Virtual Server and when F5 needs to send traffic to 200.200.200.200:21 then it is using default Wildcard Virtual Server.

Standard Virtual Server

In This type of Virtual Server, F5 will establish a TCP connection between Client and Server both, having two separate connection. The Standard VS requires either a TCP, UDP or SCTP profile, you can also apply Layer 7 profile such as HTTP, FTP, and SSL if required.