F5 load balancer LTM settings for IIS, ftp server & MS SQL AAG

I was asked to fill up an Excel for F5 load balancer (LTM) to
be used for our servers (they're VMs) running:

a) IIS
b) Ftp server (this is IIS based ftp server)
c) MS SQL 2012 AAG

Questions:

Q1:
What are the common values usually set for
Persistence?  Is it source IP or cookie or ??

Q2:
What are the common values usually set for
Timeout?  Pls provide for all the 3 types of
servers/services above

Q3:
Is "X-forwarded for" used?
sunhuxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

giltjrCommented:
A1)  It depends.  
For FTP and SQL server you have to use either Universal Inspection Engine (UIE) or source IP.  There are no cookies in FTP ftp or SQL.

For HTTP it depends on your requirements.   We use UIE.

A2)  Not sure about FTP or SQL.  Can't remember what we use for HTTP, but we are frontending a J2EE server (IBM's WebSphere Application Server).

Q3) For HTTP you can use it.  Using it allows the back end web server to log/know the remote sides IP address.

There is no X-Forwarded  for for SQL or FTP.
0
sunhuxAuthor Commented:
For Q1, I was told by the F5 vendor that cookie persistence is recommended for
IIS / http.  What's the rationale for this?  Why not Source IP  or  no persistence?

The link below indicates a concern with cookie persistence but why is the
vendor still strongly recommending cookie persistence?

"Cookie persistence only supports the HTTP protocol. This is because the F5 BigIP is unable to inspect cookies from within an encrypted session. It is also worth noting that if a) the clients system clock is incorrect or b) cookies are disabled then the cookies may not be sent from the client to BigIP "
0
giltjrCommented:
The use of persistence depends on what you are doing.  Do the people accessing the site have to authenticate or is there session state information?

If so, then normally you would need persistence so they keep going back to the same server they were authenticated on or where their session is.  Most servers do not exchange session state information or authentication information.

As for source IP vs. cookie, if your target audience are mostly businesses, they are typically sitting behind a network device that does many-to-one NAT'ing.  So everybody from that company would have the same source IP.  If that company had 100 people visiting your site, all 100 users would go to the same server and could overload one server while leaving the other sitting idle.  Using cookie, would allow an almost equal distribution between all of the back end servers.

If you are passing the HTTPS traffic through the F5, the statement is true, the F5 can't see the cookie because it is encrypted.  However, if you are using the F5 to also offload SSL, then the F5 can see the cookie.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.