Applies To:Show Versions
- 15.0.0, 14.1.0
- 15.0.0, 14.1.0
- 15.0.0, 14.1.0
- 15.0.0, 14.1.0
- 15.0.0, 14.1.0
- 15.0.0, 14.1.0
- 15.0.0, 14.1.0
- 15.0.0, 14.1.0
About Virtual Servers
Introduction to virtual servers
Types of virtual servers
Standardvirtual server (also known as a
load balancingvirtual server) directs client traffic to a load balancing pool and is the most basic type of virtual server. When you first create the virtual server, you assign an existing default pool to it. From then on, the virtual server automatically directs traffic to that default pool.
Forwarding (Layer 2)
You can set up a
Forwarding (Layer 2)virtual server to share the same IP address as a node in an associated VLAN. This type of virtual server has no pool members to load balance. To configure this type of virtual server, you must perform some additional configuration tasks: creating a VLAN group that includes the VLAN in which the node resides, assigning a self-IP address to the VLAN group, and disabling the virtual server on the relevant VLAN. With a forwarding (IP) virtual server, address translation is disabled. When you use a Forwarding (Layer 2) type of virtual server, the BIG-IP system preserves the source MAC address in the header.
Like a Forwarding (Layer 2) virtual server. A
Forwarding (IP)virtual server has no pool members to load balance. The virtual server simply forwards a packet directly to the configured destination IP address, based on what's defined in the BIG-IP system's routing table. The virtual server destination address can be either a node address or a network address. With a forwarding (IP) virtual server, address translation is disabled. An example of a Forwarding (IP) virtual server is one that accepts all traffic on an external VLAN and forwards it to the virtual server destination IP address.
Performance (HTTP)virtual server is a virtual server with which you associate a Fast HTTP profile. Together, the virtual server and profile increase the speed at which the virtual server processes HTTP requests.
Performance (Layer 4)
Performance (Layer 4)virtual server is a virtual server with which you associate a Fast L4 profile. Together, the virtual server and profile increase the speed at which the virtual server processes Layer 4 requests.
Statelessvirtual server prevents the BIG-IP system from putting connections into the connection table for wildcard and forwarding destination IP addresses. When creating a stateless virtual server, you cannot configure SNAT automap, iRules, or port translation, and you must configure a default load balancing pool. Note that this type of virtual server applies to UDP traffic only.
Rejectvirtual server specifies that the BIG-IP system rejects any traffic destined for the virtual server IP address.
DHCPvirtual server relays Dynamic Host Control Protocol (DHCP) messages between clients and servers residing on different IP networks. Known as a
DHCP relay agent, a BIG-IP system with a DHCP type of virtual server listens for DHCP client messages being broadcast on the subnet and then relays those messages to the DHCP server. The DHCP server then uses the BIG-IP system to send the responses back to the DHCP client. Configuring a DHCP virtual server on the BIG-IP system relieves you of the tasks of installing and running a separate DHCP server on each subnet.
Internalvirtual server is one that can send traffic to an intermediary server for specialized processing before the standard virtual server sends the traffic to its final destination. For example, if you want the BIG-IP system to perform content adaptation on HTTP requests or responses, you can create an internal virtual server that load balances those requests or responses to a pool of ICAP servers before sending the traffic back to the standard virtual server. An internal virtual server supports both TCP and UDP traffic.
Message Routingvirtual server is available for peer-to-peer configurations. Examples of traffic flows that can benefit from this type of virtual server are traffic flows using Diameter and SIP protocols.
Creating a virtual server
- On the Main tab, click.The Virtual Server List screen opens.
- ClickCreate.The New Virtual Server screen opens.
- In theNamefield, type a unique name for the virtual server.
- From theTypelist, verify thatStandardis selected.
- In theDestination Address/Maskfield:
The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is10.0.0.1or10.0.0.0/24, and an IPv6 address/prefix isffe1::0020/64or2001:ed8:77b5:2:10:10:100:42/64. When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a/32prefix.The IP address or addresses for this field must be on the same subnet as the external self-IP address.
- Hostbutton is selected, and type the IP address in CIDR format.
- If you want to specify multiple IP addresses, select theAddress Listbutton, and confirm that the address list that you previously created appears in the box.
- In theService Portfield:
- Portbutton is selected, and type or select a service port.
- If you want to specify multiple ports other than all ports, select thePort Listbutton, and confirm that the port list that you previously created appears in the box.
- Retain the default values for all other settings.
- From theDefault Poollist, choose the pool you created.
About the destination address
- When you specify a single IP address, a virtual server can listen for client connections that are destined for the address and then direct them to a server in a server pool. If you do not append a prefix (in CIDR notation) to the address, the default prefix is/32.
- When you specify a list of addresses, you must have previously created the address list, using theShared Objectsscreens of the BIG-IP Configuration utility. Once created, the address list appears in theAddress Listbox in the virtual server configuration. The virtual server can then listen for client connections that are destined for any address in the list of IP addresses and then direct the connections to a server in a server pool.
About connection rate limiting
- When the connection rate limit is exceeded for TCP connections, the BIG-IP system issues TCP resets and logs TCP reset messages, citing the exceeded connection rate limit as the cause for the resets.
- When the connection rate limit is exceeded for UDP connections, the BIG-IP system simply drops the connections.
About wildcard servers
Default and port-specific wildcard virtual servers
- Default wildcard virtual servers
- Adefault wildcard virtual serveris a wildcard virtual server that uses port 0 and handles traffic for all services. A wildcard virtual server allows traffic from all external VLANs by default. However, you can specifically disable any VLANs that you do not want the default wildcard virtual server to support. Disabling VLANs for the default wildcard virtual server is done by creating a VLAN disabled list. Note that a VLAN disabled list applies to default wildcard virtual servers only. You cannot create a VLAN disabled list for a wildcard virtual server that is associated with one VLAN only.
- Port-specific wildcard virtual servers
- Aport-specific wildcard virtual serverhandles traffic for a particular service only, and you define the virtual server using a service name or a port number. You can use port-specific wildcard virtual servers for tracking statistics for a particular type of network traffic, or for routing outgoing traffic, such as HTTP traffic, directly to a cache server rather than a firewall or router.
About virtual addresses
About virtual address creation
Viewing virtual address properties
- On the Main tab, click.The Virtual Server List screen displays a list of existing virtual servers.
- On the menu bar, clickVirtual Address List.This displays the list of virtual addresses.
- In the Name column, click the name of the relevant virtual address.This displays the properties of the virtual address.
- Click theCancelbutton.
Modifying a virtual address
- On the Main tab, click.The Virtual Address List screen opens.
- Click the virtual address that you want to modify.This displays the properties of that virtual address.
- From theTraffic Grouplist, select the traffic group that you want the virtual address to belong to.
- Select or clear theAvailabilitycheck box to speciy the availability of the virtual address with respect to service checking.
- From theStatelist, select the state of the virtual address, that is, enabled or disabled.
- Check or clear theAuto Deletecheck box to configure whether the system should automatically delete the virtual address with the deletion of the last associated virtual server.When cleared (disabled), this setting specifies that the system should retain the virtual address, even when all associated virtual servers have been deleted.
- To specify when the virtual address is considered available for route advertisement, select an option from theAvailability Calculationlist:
When the virtual address is available and theRoute Advertisementsetting is set toEnabled, the BIG-IP system advertises the route for the virtual address.
- When any virtual server is available
- When all virtual server(s) are available
- Verify that theARPcheck box is selected.
- From theICMP Echolist, select an option:OptionDescriptionDisabledDoes not send ICMP responses.AlwaysAlways sends ICMP responses, regardless of availability status. This requires an enabled virtual address.SelectiveInternally enables or disables responses based on virtual server state: any virtual server, all virtual servers, or always, regardless of the state of any virtual server.ForSelective, you must configure each relevant virtual server to notify the virtual address of its status.AnyResponds when any virtual server is available.AllResponds only when all virtual servers are available.
- From theRoute Advertisementlist, select an option:OptionDescriptionDisabledDoes not advertise the route for the virtual address, regardless of the availability status.EnabledAdvertises the route for the available virtual address, based on the calculation method selected in theAvailability Calculationlist.AlwaysAlways advertises the route for the virtual address, regardless of availability status. This requires an enabled virtual address.SelectiveYou can also selectively enable ICMP echo responses, which causes the BIG-IP system to internally enable or disable responses based on virtual server state: any virtual server, all virtual servers, or always, regardless of the state of any virtual server.AnyAdvertises the route for the virtual address when any virtual server is available.AllAdvertises the route for the virtual address when all virtual servers are available.
Virtual address settings
The name that you assign to the virtual address. This name can match the virtual IP address itself.
No default value
Partition / Path
The pathname indicating the partition/folder in which the virtual address resides.
The IP address of the virtual server, excluding the service.
No default value
The traffic group that contains this virtual IP address.
traffic-group-1 or traffic-group-local-only
The availability of the virtual address with respect to service checking.
No default value
The state of the virtual address, that is,
A directive that the system should automatically delete the virtual address with the deletion of the last associated virtual server. When cleared (disabled), this setting specifies that the system should retain the virtual address even when all associated virtual servers have been deleted.
The virtual-server conditions for which the BIG-IP system should advertise this virtual address to an advanced routing module. This setting only applies when the
Route Advertisementsetting is enabled (checked). Possible values are:
When any virtual server is available
The number of concurrent connections that the BIG-IP system allows on this virtual address.
A setting that enables or disables ARP requests for the virtual address. When this setting is disabled, the BIG-IP system ignores ARP requests that other routers send for this virtual address.
A setting that enables, selectively enables, or disables responses to ICMP echo requests on a per-virtual address basis. When this setting is disabled, the BIG-IP system drops any ICMP echo request packets sent to virtual addresses, including standard statistics and logging. Note that the resulting behavior is affected by the value you configure for the
A setting that inserts a route to this virtual address into the kernel routing table so that an advanced routing module can redistribute that route to other routers on the network. Possible values are:
About virtual servers and route domain IDs
In the destination address, you change an existing route domain ID.
The system automatically changes the route domain ID on the source address to match the new destination route domain ID.
In the source address, you change an existing route domain ID.
If the new route domain ID does not match the route domain ID in the destination address, the system displays an error message stating that the two route domain IDs must match.
You specify a destination IP address only,with a route domain ID, and do not specify a source IP address.
The source IP address defaults to
0.0.0.0and inherits the route domain ID from the destination IP address.
You specify both source and destination addresses but no route domain IDs.
The BIG-IP system uses the default route domain.
You specify both source and destination addresses and a route domain ID on each of the IP addresses.
The BIG-IP system verifies that both route domain IDs match. Otherwise, the system displays an error message.
You specify both source and destination addresses and a route domain ID on one of the addresses, but exclude an ID from the other address.
The system verifies that the specified route domain ID matches the ID of the default route domain. Specifically, when one address lacks an ID, the only valid configuration is one in which the ID specified on the other address is the ID of a default route domain. Otherwise, the system displays an error message.
About virtual server and virtual address status
- The shape of the icon indicates the status that the monitor has reported for that node.
- The color of the icon indicates the actual status of the node.
- While displaying some statistics individually for each TMM instance, the BIG-IP system displays other statistics as the combined total of all TMM instances.
- Connection limits for a virtual server with CMP enabled are distributed evenly across all instances of the TMM service.