Applies To:

Show Versions Show Versions

Manual Chapter: BIG-IP version 9.2 - Solutions Guide for BIG-IP Traffic Management Systems: Configuring nPath Routing
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>


Configuring nPath Routing

Introducing nPath routing

With the nPath routing configuration, you can route outgoing server traffic around the BIG-IP system directly to an outbound router. This method of traffic management increases outbound throughput because packets do not need to be transmitted to the BIG-IP system for translation and forwarding to the next hop. Figure 2.1 shows an nPath configuration.

Figure 2.1 An example nPath configuration

You can use the Fast L4 profile only on transparent, non-translating virtual servers for this configuration.

In bypassing the BIG-IP system on the return path, nPath routing departs significantly from a typical load-balancing configuration. In a typical load-balancing configuration, the destination address of the incoming packet is translated from that of the virtual server to that of the server being load balanced to, which then becomes the source address of the returning packet. A default route set to the BIG-IP system then sees to it that packets returning to the originating client return through the BIG-IP system, which translates the source address back to that of the virtual server. The nPath configuration differs from the typical load-balancing configuration, as you can see in the following section.

Configuring nPath routing

The nPath routing configuration differs from the typical BIG-IP load balancing configuration in the following ways:

  • The default route on the content servers must be set to the router internal address, not to the BIG-IP system self-address ( in Figure 2.1 ). This causes the return packet to bypass the BIG-IP system.
  • If you plan to use this configuration for TCP traffic, create a Fast L4 profile with the following custom settings.
    • Enable the Loose Close attribute. This attribute is used internally to allow the connection to be established with just a SYN packet followed by an ACK packet. (A SYN packet indicates the start of the sequence numbering. An ACK packet acknowledges receipt of a packet.) When you enable the Loose Close attribute, the TCP protocol flow expires more quickly, once a TCP FIN packet is seen. (A FIN packet indicates the tearing down of a previous connection.)
    • Set the TCP Close Timeout to the same value as the profile idle timeout if you expect half closes. If not, you can set this value to 5 seconds.
  • Because address translation and port translation have been turned off, the incoming packet arrives at the pool member it is load balanced to with the virtual server address ( in Figure 2.1 ), not the address of the server. For the server to respond to that address, that address must be configured on the loopback interface of the server and configured for use with the server software.

You need to complete the following tasks to configure the BIG-IP system to use nPath routing:

  • Create a custom Fast L4 profile.
  • Create a pool that contains the content servers.
  • Define a virtual server with port and address translation disabled and assign the custom Fast L4 profile to it.
  • Configure the virtual server address on each server loopback interface.
  • Set the default route on your servers to the router.

Before you begin these tasks, log in to the Configuration utility.

Creating a custom Fast L4 profile

The first task you must complete to create an nPath routing configuration is to create a custom Fast L4 profile.

To create a custom Fast L4 profile

  1. On the Main tab of the navigation pane, expand Local Traffic, and click Profiles.
    This displays the HTTP Profiles screen.
  2. From the Protocol menu, choose Fast L4.
    The Fast L4 Profiles screen opens.
  3. To create a custom profile, click Create.
    The New Fast L4 Profile screen opens.
  4. In the New Fast L4 Profile screen, set the following attributes.
    1. In the Name box, type a name for the profile.
    2. Enable the loose close option by checking the corresponding Select box on the right side of the screen, and then checking the Loose Close box.
    3. Set the TCP Idle Timeout setting according to the type of traffic the virtual server is going to handle. For additional information about setting this timeout, see Setting timers for nPath configurations .
  5. Click Finished.

Creating a server pool for nPath routing

After you create a custom Fast L4 profile, you need to create a server pool.

To create a pool

  1. On the Main tab of the navigation pane, expand Local Traffic, and click Pools.
    The Pools screen opens.
  2. To create a new pool, click Create.
    The New Pool screen opens.
  3. Type a pool name and add the member addresses for each of the servers. (For additional information about configuring a pool, click the Help tab.)
  4. Click Finished.

Configuration note

For this example, you create an HTTP pool named http_pool containing the following members:

Creating a virtual server

After you create a server pool, you need to create a virtual server that references the customer Fast L4 profile and pool you created in the last two tasks.

To create a standard virtual server

  1. On the Main tab of the navigation pane, expand Local Traffic, and click Virtual Servers.
    The Virtual Servers screen opens.
  2. To create a new virtual server, click Create.
    The New Virtual Server screen opens.
  3. Type the virtual server name, select a destination type, and type the IP address. For nPath routing, you must set the following attributes.
    1. For Protocol, select either UDP, TCP, or *All Protocols from the list.
    2. For Protocol Profile (Client), select the custom Fast L4 profile you created.
    3. Clear the Address Translation check box to disable address translation.
    4. Clear the Port Translation check box to disable port translation.
    5. In the Resources section, choose the pool you created that contains the content servers.
  4. Click Finished.
Configuration notes
For this example, you create a virtual server that references the HTTP pool named http_pool.

Configuring the virtual server on the content server loopback interface

You must place the IP address of the virtual server ( in Figure 2.1 on page 2-1 ) on the loopback interface of each server. Most UNIX variants have a loopback interface named lo0. Microsoft® Windows® has an MS Loopback interface in its list of network adaptors. For some versions of Windows, you must install the loopback interface using the installation CD. Consult your server operating system documentation for information about configuring an IP address on the loopback interface. The loopback interface is ideal for the nPath configuration because it does not participate in the ARP protocol.

Setting the route for inbound traffic

For inbound traffic, you must define a route through the BIG-IP system self IP address to the virtual server. In the example, this route is, with the external self address as the gateway.


You need to set this route only if the virtual server is on a different subnet than the router.

For information about how to define this route, please refer to the documentation provided with your router.

Setting timers for nPath configurations

When you create an nPath configuration, the BIG-IP system sees only client requests. Therefore, the timer for the connection timeout is only reset when clients transmit. In general, this means the timeout for an nPath connection should be at least twice as long as for a comparable connection where BIG-IP system sees both client requests and node responses. Following are descriptions of scenarios for setting the timers for UDP and TCP traffic.

Guidelines for configuring timeouts for UDP traffic

When you configure nPath for UDP traffic, the BIG-IP system tracks packets sent between the same source and destination address to the same destination port as a connection. This is necessary to ensure that client requests that are part of a session always go to the same server. Therefore, a UDP connection is really a form of persistence, since UDP is a connectionless protocol. To calculate the timeout for UDP, estimate the maximum amount of time that a server transmits UDP packets before a packet is sent by the client. In some cases, the server might transmit hundreds of packets over several minutes before ending the session or waiting for a client response.

Guidelines for configuring timeouts for TCP traffic

When you configure nPath for TCP traffic, the BIG-IP system sees only the client side of the connection. For example, in the TCP three-way handshake, the BIG-IP system sees the SYN from the client to the server, and does not see the SYN acknowledgement from the server to the client, and does see the acknowledgement of the acknowledgement from the client to the server. The timeout for the connection should match the combined TCP retransmission timeout (RTO) of the client and the node as closely as possible to ensure that all connections are successful. The maximum initial RTO observed on most UNIX and Windows systems is approximately 25 seconds. Therefore, a timeout of 51 seconds should adequately cover the worst case. Once a TCP session is established, an adaptive timeout is used. In most cases, this results in a faster timeout on the client and node. Only if your clients are on slow, lossy networks should you ever need a higher TCP timeout for established connections. Once a FIN packet is received from the client, the TCP Close Timeout option is used to more aggressively remove connections from the BIG-IP system.

Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)