Jump to content
rev.dennis

F5 Load Balancing Application Patterns

Recommended Posts

Common LB Application Patterns

SSL Offload

SSL offloading, also known as SSL termination, decrypts all HTTPS traffic on the load balancer.  Layer 7 actions can be carried out and the data proceeds to the backend server as plain HTTP traffic. SSL offloading allows data to be inspected as it passes between the load balancer and server. It also reduces CPU demand on an application server by decrypting data in advance. SSL offloading is vulnerable to attack as the data travels unencrypted between the load balancer and application server.

pattern_SSL-Offload.jpg

 

SSL Bridge

SSL bridging is a process where a device, usually located at the edge of a network, decrypts SSL traffic and then re-encrypts it before sending it on to the Web server. SSL bridging can be useful when the edge device performs deep-packet inspection to verify that the contents of the SSL-encrypted transmission are safe, or if there are security concerns about unencrypted traffic traversing the internal network.

pattern_SSL-bridge.jpg

 

Pass-through

SSL passthrough happens when an incoming security sockets layer (SSL) request is not decrypted at the load balancer but passed along to a server for decryption. SSL passthrough is used when web application security is a top concern.  SSL passthrough keeps the data encrypted as it travels through the load balancer. The web server does the decryption upon receipt.  SSL passthrough uses TCP mode to pass encrypted data to servers.  The data passes through fully encrypted, which precludes any layer 7 actions.

pattern_pass-through.jpg

 

LTM Policy

 

pattern_ltm-policy.jpg

GTM (Active/Active or Active/Passive)

 

pattern_gtm-aa_ap.jpg

UnCommon Patterns

2-way SSL

 

Openshift Patterns

Share this post


Link to post
Share on other sites

×
×
  • Create New...