Follow

How to Configure Advanced (Proxy)

 

Description

 

Environment

 

Procedures

Advanced Options

 

Load Balancing Method

Note: This option only appears if you’ve added more than one back end server during Configuration of Applications or Proxies.

NewProxy_Load-Balancing.png

Load Balancing Method determines the priority order of back-end servers when the proxy is attempting to connect.

  • For some methods, the priority order is considered. Set the priority order by dragging-and-dropping the Back End IPs/FQDNs on the Proxy Configuration page. Top of the list is higher priority than lower in list.
  • NewProxy_Multiple-BackEnds.png(above image: This proxy has more than 1 Back End IP set up on the Proxy Configuration page.)

The load balancing method is also used when the DNS lookup for the back-end server's FQDN returns more than one IP address. 

Load Balancing Method Options

  • Default is Round Robin (RR): The system passes each new connection request to the next back end server in line, eventually distributing connections evenly across the array of machines being load balanced.
  • Priority Group Activation (PGA): Connections are first distributed to the first back-end server (highest priority) listed on the individual proxy's Front End and Back End IP configuration section (Note: You can drag-and-drop to change the priority order: Top of the list is higher priority than lower in list.) If the first backend server fails, traffic is directed to the second backend server in the list.
  • Least Connections (LCON): The system passes a new connection to the node that has the least number of current connections in your list of backend IP addresses.
  • Observed: Observed method tracks the number of Layer 4 connections to each backend server over time and creates a ratio for load balancing.
  • Predictive: Similar to the Observed method with an additional calculation that measures the trend in server performance. If the trend shows an improved performance of a server it will get more connections.

 

TCP Optimization Profile

The TCP profile allows you to specify how a BIG-IP virtual server processes TCP traffic. The options are Legacy, Modern, or Mobile, which are based on BIG-IP TCP profiles.

More details here: Q&A: What Are The Differences Between the TCP Optimization Profiles on my Proxy?

 

Client Connection Idle Timeout

If client doesn't interact with the application/site for x amount of time, then Silverline proxy resets the connection

  

Insert X-Forwarded-For Header

If the "Insert X-Forwarded-For Header" checkbox is checked, the X-Forwarded-For header will be added via the request header to the backend:

User-Agent: Wget/1.14 (darwin12.4.0)
Accept: */*
Host: www.customer.com
Connection: Keep-Alive
X-Forwarded-For: 1.1.1.1
Via: 1.1 sjc1-44

If an X-Forwarded-For variable is received by the Silverline infrastructure, a new X-Forwarded-For header is simply added:

User-Agent: Wget/1.14 (darwin12.4.0)
Accept: */*
Host: www.customer.com
Connection: Keep-Alive
X-Forwarded-For: 1.1.1.1
X-Forwarded-For: 2.2.2.2
Via: 1.1 sjc1-44

 

If required by the customer, Silverline can modify the above behavior by implementing iRules.

Option 1: Append the IP to the existing X-Forwarded-For header.

Sample iRule:

when HTTP_REQUEST { 
if {[HTTP::header exists X-Forwarded-For]}{ 
HTTP::header replace X-Forwarded-For "[HTTP::header X-Forwarded-For], [IP::client_addr]" 
} else { 
HTTP::header insert X-Forwarded-For [IP::client_addr] 

}

Option 2: If an X-Forwarded-For header is received by the Silverline infrastructure, do not add a new X-Forwarded-For header:

Sample iRule:

when HTTP_REQUEST {
if { !([HTTP::header exists "X-Forwarded-For"])} {
HTTP::header insert x-Forwarded-For [IP::remote_addr]
}
}

 

Multiplex HTTP(s) Requests to Server

This function allows for improved back end server performance by multiplexing concurrent TCP connections into one when communicating with the back-end servers.

 

Alternative Trusted Source Header

If your traffic passes through a CDN or another security provider before reaching Silverline, this is where you put their unique header that identifies the original Source IP. This helps Silverline identify the true source of traffic and make relevant decisions (such as denylisting specific IPs).

If you Enable "Alternative Trusted Source Header,  be sure to disable "Insert XFF."

 

HTTP(S) Object Cache

See Proxy Configuration Advanced Options: HTTP(S) Object Cache

 

Use Cookie Persistence

 

Related Content

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request