F5 Lab 1.16: Virtual Server Order of Precedence
There are always many virtual server configured on the F5, it can be configured as very specific source and destination IP address to wildcarded source, destination IP and the port. When facing the configuration like that, F5 has order of precedence algorithm to decide which virtual server will be received the request.
On the virtual server we have options to configure:
F5 will choose the VS from very specific to less specific configured of those three parameters. Starting from more specific destination IP, then look for more specific source IP and more specific port parameter.
For example there's a VS configured based on table below:
Let's assume some cases:
Let's prove the result on the lab by creating the virtual server and test the traffic based on each use cases:
1. Create all the virtual servers.
2. Prove each use cases by test the traffic and verify the statistic.
When traffic coming from 198.51.100.251 to 198.51.100.2 accessing HTTP it will be choose MARKETING_WEB_VS_6 because it has very specific configuration on source, destination and port.
When traffic coming from 198.51.100.4 to 198.51.100.2 accessing HTTP it will be choose MARKETING_WEB_VS_4 because it match the specific source IP prefix, destination and the port. Why it's not choosing MARKETING_WEB_VS_2 even tough the source IP of the client reside on both range source address prefixes. It because the source address configured on MARKETING_WEB_VS_4 is more specific compared to the MARKETING_WEB_VS_2. Prefix /29 is more specific than prefix /24. It's like longest-match on routing decision.
领英推荐
When traffic coming from 198.51.100.200 to 198.51.100.2 accessing HTTP it will be choose MARKETING_WEB_VS_2 because it match with the source IP prefix on /24, destination and the port.
When traffic coming from 192.0.2.2 to 198.51.100.2 accessing HTTP it will be choose MARKETING_WEB_VS because no more specific source address configured on other VS but the destination and the port are matched.
When traffic coming from 198.51.100.4 to 198.51.100.102 accessing HTTP it will be choose MARKETING_WEB_VS_3 because the destination IP matches with the configured prefix address (/24) and no more specific destination address configured on other VS.
When traffic coming from 198.51.100.251 to 198.51.100.2 accessing SSH it will be choose MARKETING_WEB_VS_1 because the no more specific source and destination address configured on other VS but the port is matches.
When traffic coming from 192.0.2.2 to 198.51.102.1 accessing SSH it will be dropped because the no match with the configured VS and no statistic counts on all VS.
Based on the test results of each use cases, it's recommended to plan and define the VS parameters (source address, destination address and service port) correctly to make the traffic directed to the correct virtual server and each backend server. By knowing the order of precedence, we know that unproperly configured parameters can cause unexpected traffic flow and it's not desired. You can explore more of other use cases on the attached link on the reference section.
Reference: