Jump to content

F5 Load Balancing Application Patterns

Recommended Posts

Common LB Application Patterns

SSL Offload

SSL offloading, also known as SSL termination, decrypts all HTTPS traffic on the load balancer.  Layer 7 actions can be carried out and the data proceeds to the backend server as plain HTTP traffic. SSL offloading allows data to be inspected as it passes between the load balancer and server. It also reduces CPU demand on an application server by decrypting data in advance. SSL offloading is vulnerable to attack as the data travels unencrypted between the load balancer and application server.



SSL Bridge

SSL bridging is a process where a device, usually located at the edge of a network, decrypts SSL traffic and then re-encrypts it before sending it on to the Web server. SSL bridging can be useful when the edge device performs deep-packet inspection to verify that the contents of the SSL-encrypted transmission are safe, or if there are security concerns about unencrypted traffic traversing the internal network.




SSL passthrough happens when an incoming security sockets layer (SSL) request is not decrypted at the load balancer but passed along to a server for decryption. SSL passthrough is used when web application security is a top concern.  SSL passthrough keeps the data encrypted as it travels through the load balancer. The web server does the decryption upon receipt.  SSL passthrough uses TCP mode to pass encrypted data to servers.  The data passes through fully encrypted, which precludes any layer 7 actions.



LTM Policy



GTM (Active/Active or Active/Passive)



UnCommon Patterns

2-way SSL


Openshift Patterns

Share this post

Link to post
Share on other sites

  • Create New...