Manual Chapter : BIG-IP Administrator guide v4.0: nPath routing

Applies To:

Show Versions Show Versions

BIG-IP versions 1.x - 4.x

  • 4.0 PTF-04, 4.0 PTF-03, 4.0 PTF-02, 4.0 PTF-01, 4.0.0
Manual Chapter


17

nPath routing



Introducing nPath routing

The nPath routing configuration allows you to route outgoing server traffic around the BIG-IP Controller directly to an outbound router in a single interface configuration. (For more information about the single interface configuration, refer to Chapter 16, One IP Network Topologies.) This method of traffic management increases outbound throughput because packets do not need to be transmitted to the BIG-IP Controller for translation and forwarding to the next hop. Figure 17.1 shows an nPath configuration.

Figure 17.1 An example nPath configuration

Note: This configuration does not support late binding features such as SSL persistence, cookie persistence, and content switching.

In bypassing the BIG-IP Controller on the return path, nPath departs significantly from a typical load-balancing configuration. In a typical load-balancing configuration, the destination address of the incoming packet is translated from that of the virtual server to that of the node being load balanced to, which then becomes the source address of the returning packet. A default route set to the BIG-IP Controller then sees to it that packets returning to the originating client return through the controller, which translates the source address back to that of the virtual server.

The nPath routing configuration differs from this configuration in the following ways:

  • The default route must be set to the router inside address, not the controller self-address (10.1.1.1 in Figure 17.1). This causes the return packet to bypass the BIG-IP Controller.
  • Because the BIG-IP Controller is no longer in the return loop, a translated destination address will not be translated back to the virtual server address. Consequently, it is necessary to turn off address translation on the virtual server. This way the source address on the return packet will match the destination address of the outbound packet and be recognized by the originating client.
  • Because address translation has been turned off, it is turned off in both directions, meaning that the incoming packet will arrive at the server it is load balanced to with the untranslated virtual server address (11.1.1.1 in Figure 17.1), not the address of the server. For the server to respond to that address, that address must be placed on the loopback interface of the server.
  • Because the address placed on the loopback interface must be on a different IP network, the virtual server address must also be on a different network than that of the BIG-IP Controller self address. (Thus the virtual server address 11.1.1.1.) This means that the incoming packet with the virtual server address as its destination must have a route to that address.

    With nPath routing, you will also need to set an appropriate idle connection time-out value so that valid connections are not disconnected, and closed connections are cleaned up in a reasonable time.

    You need to complete the following tasks to configure the BIG-IP Controller to use nPath routing.

  • Define a server pool.
  • Define a virtual server with address and port translation off.
  • Configure the virtual server address on the server loopback interface.
  • Set a route on your routers to the virtual server with the BIG-IP Controller as the gateway.
  • Set the default route on your servers to the router.
  • Set idle connection timeouts.

Defining a server pool for nPATH routing

The first task you need to complete for nPATH routing is to create a server pool.

To create pools using the Configuration utility:

  1. In the navigation pane, click Pools.
    The Pools screen opens.
  2. Click the Add button.
    The Add Pool screen opens.
  3. In the Add Pool screen, configure the attributes you want to use with the pool. For additional information about configuring a pool, click the Help button.

    Configuration note

    · For this example, you would create an HTTP pool named http_pool containing the following members:
    10.1.1.11
    10.1.1.12

To create a pool from the command line

To define a pool from the command line, use the following syntax:

b pool <pool_name> { member <member_definition> ... member <member_definition>}

To create the pool http_pool, type the following command:

b pool http_pool { member 10.1.1.11 member 10.1.1.12 }

Defining a virtual server with address translation disabled

After you create a pool server pool, you need to create a virtual server with address translation off.

To define a standard virtual server using the Configuration utility

  1. In the navigation pane, click Virtual Servers.
  2. Click the Add button.
    The Add Virtual Server screen opens.
  3. The Add Virtual Server screen, configure the virtual server attributes. For additional information about configuring a pool, click the Help button.

    Configuration notes

    · For this example, you would create a virtual server 11.11.11.1 that references the HTTP pool named http_pool.

    · For this virtual server, clear the Address Translation Enabled check box to disable address translation.

To define a virtual server mapping from the command line

To define a virtual server at the command line, use the following syntax.

b virtual <virtual_ip>:<port> use pool <pool>

For this example:

b virtual 11.1.1.1:80 use pool http_pool

After you create the virtual server, you must turn off address and port translation using the following syntax:

b virtual <virtual_ip>:<port> translate addr disable

b virtual <virtual_ip>:<port> translate port disable

For example, use the following command to turn off address translation for the virtual server 11.1.1.1:80.

b virtual 11.1.1.1:80 translate addr disable

b virtual 11.1.1.1:80 translate port disable

Configuring the virtual server on the content server loopback interface

The IP address of the virtual server (11.1.1.1 in Figure 17.1) must be placed on the loopback interface of each server. Most UNIX variants have a loopback interface named lo0. Microsoft Windows has an MS Loopback interface in its list of network adaptors. Consult your server operating system documentation for information about configuring an IP address on the loopback interface. The ideal loopback interface for the nPath configuration does not participate in the ARP protocol, because that would cause packets to be routed incorrectly.

Setting the route for inbound traffic

For inbound traffic, you must define a route through the BIG-IP Controller self IP address to the virtual server. In the example, this route is 11.1.1.1, with the self address 10.1.1.1 as the gateway.

For information about how to define this route, please refer to the documentation provided with your router.

Setting the return route

For the return traffic, you must define a route from the servers directly to the router inside address. In this example, this route is 10.1.1.1.

For information about how to define this route, please refer to the documentation provided with your servers.

Setting the idle connection time-out

With nPath routing, the BIG-IP Controller cannot track the normal FIN/ACK sequences made by connections. Normally, the BIG-IP Controller shuts down closed connections based on this sequence. With nPath routing, the idle connection time-out must be configured to clean up closed connections. You need to set an appropriate idle connection time-out value so that valid connections are not disconnected, and closed connections are cleaned up in a reasonable time.

To set the idle connection time-out using the Configuration utility

  1. In the navigation pane, click Virtual Servers.
    The Virtual Servers screen opens.
  2. Click the Virtual Ports tab.
    The Virtual Ports screen opens.
  3. In the Virtual Port box, click the port.
    The Virtual Port Properties screen opens.
  4. In the Idle connection timeout TCP (seconds) box, type a time-out value for TCP connections. The recommended time-out setting is 10 seconds.
  5. In the Idle connection timeout UDP (seconds) box, type a time-out value for TCP connections. The recommended time-out setting is 10 seconds.
  6. Click Apply.

To set the idle connection time-out from the command line

To set the idle connection time-out at the command line, use the following syntax:

b service <port> timeout tcp <seconds>

b service <port> timeout udp <seconds>

The <seconds> value is the number of seconds a connection is allowed to remain idle before it is terminated. The <port> value is the port on the wildcard virtual server for which you are configuring out of path routing. The recommended value for the TCP and UDP connection timeouts is 10 seconds.

Additional configuration options

Whenever you configure a BIG-IP Controller, a number of options are available to you:

  • You have the option in all configurations to configure a redundant BIG-IP Controller for fail-over. Refer to Redundant Systems in the BIG-IP Reference Guide, Chapter 1, Configuring the BIG-IP Controller.
  • All configurations have health monitoring options. Refer to Health Monitors in the BIG-IP Reference Guide, Chapter 1, Configuring the BIG-IP Controller.
  • When you create a pool, there is an option to set up persistence and a choice of load balancing methods. Refer to Pools in the BIG-IP Reference Guide, Chapter 1, Configuring the BIG-IP Controller.