8

nPath Routing

nPath routing

nPath routing allows you to route outgoing server traffic around the BIG-IP Controller directly to an outbound router. This method of traffic management increases outbound throughput because packets do not need to be transmitted to the BIG-IP Controller for translation and forwarding to the next hop.

Note: This configuration does not support late binding features such as SSL persistence, cookie persistence, and content switching.

To use nPath routing, you must configure the BIG-IP Controller so that it does not translate the IP address or port of incoming packets. This is important because packets must not be translated when they are outbound to the router. To avoid translation of incoming, or destination packets, you must define virtual servers with address translation turned off.

The following tasks are required to configure the BIG-IP Controller to use nPath routing:

• Define a virtual server
• Turn address translation off for the virtual server
• Set a route on your routers to the virtual server with the BIG-IP Controller as the gateway
• Set the idle connection time-out value to remove stale connections
• Configure the servers

Defining a virtual server with address translation disabled

You can disable address translation on any virtual server. Turning off address translation is necessary for nPath routing. The following two procedures describe how to create a virtual server in the Configuration utility and then how to turn address translation off for the virtual server.

To define a standard virtual server mapping in the Configuration utility

1. In the navigation pane, click Virtual Servers.
2. On the toolbar, click Add Virtual Server.
   The Add Virtual Server screen opens.
3. In the Address box, enter the virtual server's IP address or host name.
4. In the Netmask box, type an optional netmask. If you leave this setting blank, the BIG-IP Controller uses a default netmask based on the IP address you entered for the virtual server. Use the default netmask unless your configuration requires a different netmask.
5. In the Broadcast box, type the broadcast address for this virtual server. If you leave this box blank, the BIG-IP Controller generates a default broadcast address based on the IP address and netmask of this virtual server.
6. In the Port box, either type a port number, or select a service name from the drop-down list.
7. For Interface, select the external (destination processing) interface on which you want to create the virtual server. Select default to allow the Configuration utility to select the interface based on the network address of the virtual server.
8. In Resources, click the Node List button.
9. In the Node Address box, type the IP address or host name of the first node to which the virtual server maps. If you have already defined a node address, you can choose it from the list.
10. In the Node Port box, type the node port number, or select the service name from the drop-down list. If you have already defined a node port, you can choose it from the list.
11. Click the add button (>>) to add the node the Current Members list for the virtual server.
12. To add additional nodes to the virtual server mapping, type in a Node Address, Node Port, and click the add button (>>).
13. To remove nodes from the virtual server mapping, click the node listed in the Current Members list and click the remove button (<<).
14. After you have added or removed nodes from the Current Members list, click the Add button to save the virtual server.

To configure address translation for virtual servers in the Configuration utility

After you create a virtual server, you must turn address translation for the virtual server off.

1. In the navigation pane, click Virtual Servers.
   The Virtual Servers screen opens.
2. In the virtual server list, click the virtual server for which you want to set up a transparent virtual server.
   The properties screen for the virtual server you clicked opens.
3. In the Enable Translation options, clear the Address check box. This turns address translation off for the virtual server.
4. Click the Apply button.

To define a virtual server mapping on the command line

Enter the bigpipe vip command as shown below to create the virtual server mapping. Note that you must turn off address translation for the virtual server you create.

bigpipe vip <virtual IP>:<port> define <node IP>:<port> \
<node IP>:<port>... <node IP>:<port>

For example, the following command defines a virtual server that maps to three nodes. After you create the virtual server, you must turn off address translation. Use the following syntax to turn off address translation for the virtual server.

bigpipe vip <vip>:<port> translate addr [ enable | disable ]

For example, use the following command to turn off address translation for the virtual server 11.1.1.1:80.

bigpipe vip 11.1.1.1:80 translate addr disable

Setting the route through the BIG-IP Controller

A route must be defined through the BIG-IP Controller on the inbound router in your network configuration. This route should be the IP address (or alias) for the server, or servers, for which you want to set up nPath routing. The gateway should be the external shared IP alias of the BIG-IP Controller.

For information about how to define this route, please refer to the documentation provided with your router.

Setting the idle connection time-out

With nPath routing, the BIG-IP Controller cannot track the normal FIN/ACK sequences made by connections. Normally, the BIG-IP Controller shuts down closed connections based on this sequence. With nPath routing, the idle connection time-out must be configured to clean up closed connections. You need to set an appropriate idle connection time-out value so that valid connections are not disconnected, and closed connections are cleaned up in a reasonable time.

To set the idle connection time-out in the Configuration utility

1. In the navigation pane, click Virtual Servers.
2. In the Virtual Servers list, click the wildcard virtual server you created for nPath routing.
   The Virtual Server Properties screen opens.
3. In the Port box, click the port.
   The Global Virtual Port Properties screen opens.
4. In the Idle connection timeout TCP (seconds) box, type a time-out value for TCP connections. The recommended time-out setting is 10 seconds.
5. In the Idle connection timeout UDP (seconds) box, type a time-out value for TCP connections. The recommended time-out setting is 10 seconds.
6. Click Apply.

To set the idle connection time-out in the /etc/bigip.conf file

To set the idle connection time-out in the /etc/bigip.conf file, edit the following lines:

treaper <port> <seconds>

udp <port> <seconds>

The <seconds> value is the number of seconds a connection is allowed to remain idle before it is terminated. The <port> value is the port on the wildcard virtual server for which you are configuring out of path routing. The recommended value for the TCP and UDP connection timeouts is 10 seconds.

Configure the servers

You must configure your servers differently to work in nPath mode. The IP address of the server (11.1.1.1 in Figure 8.1) must be placed on what is known as the loopback interface. A loopback interface is a software interface that is not associated with an actual network card. It allows a server to respond to an IP address without advertising it on a network. Most UNIX variants have a loopback interface named lo0. Microsoft Windows has an MS Loopback interface in its list of network adaptors. Consult your server operating system documentation for information about configuring an IP address on the loopback interface. The ideal loopback interface for the nPath configuration does not participate in the ARP protocol, because that would cause packets to be routed incorrectly.

Figure 8.1 An example nPath configuration with more than one virtual server

In this configuration, you must configure the BIG-IP Controllers, the router, and each web server. The following procedures describe each configuration task.

Use the following commands to configure the BIG-IP Controllers in this example

Use the following commands to configure the BIG-IP Controllers in this example (Figure 8.1, number 1):

bigpipe vip 11.1.1.1:80 define 10.1.1.11:80
10.1.1.12:80

bigpipe vip 11.1.1.1:80 translate addr disable

bigpipe vip 11.1.1.2:80 define 10.1.1.11:80

bigpipe vip 11.1.1.2:80 translate addr disable

Set up the following configuration on the router

Set up the following configuration on the router (Figure 8.1, number 2)

This router has a route to the 11.1.1.0 network through BIGip 12.1.1.10.

Set up the following configuration on the web servers

Set up the following configuration on the web servers (Figure 8.1, number 3)

The web servers have an HTTP service listening on address 11.1.1.1, port 80. The address 11.1.1.1 is bound to the loopback device. Their default route is 10.1.1.1.