F5 BIG-IP Load Balancer Design and Implementation

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

F5 BIG-IP devices support 100 Mbps or 1 Gbps interfaces. Forthis deployment, 100 Mbps NIC cards are used on the BIG-IPdevices.

A pair of BIG-IP load balancers (redundant BIG-IP controllers)supports automatic failover and helps insure the reliability of therequest routing. The load balancing device pair is configured inthe Active/Passive mode. Each F5 BIG-IP controller has twointerfaces, exp0 (with public addresses) and exp1 (with privateaddresses).

Note: Exp1 is theadministrative interface. IP addresses for the BIG-IP controllerare placed on exp1.

F5 BIG-IP IP Addresses

  • External Interface (exp0): Active IP address andStandby IP address

  • Internal Interfaces (exp1): Active IP address andStandby IP address

The state mirroring feature allows the standby unit to maintainall of the current connection and persistence information. If theactive unit fails and the standby unit takes over, all connectionscontinue, virtually uninterrupted.

Windows SharePoint Services automatically supports dynamic loadbalancing between front-end Web servers. There is no need to enablepersistence on the BIG-IP controllers.

BIG-IP NAT/SNAT Configuration

Network Address Translation (NAT) is used to convert publicaddress space (200.100.1. x ) to private address space(172.16.1. y ); for example, Windows SharePoint Services mayconnect to the Internet to retrieve additional Web Partinformation. Using Secure Network Address Translation (SNAT)provided by BIG-IP helps protect the internal network addressinformation. The SNAT address for outbound traffic is Address Resolution Protocol (ARP) with NAT.

F5 BIG-IP Device Administration and Configuration

The Internet Platform and Operations group usedhttps:// and and logged in withthe appropriate account and password to manage the BIG-IPcontrollers and load balancing configuration. To help provide ahigh level of security, they blocked traffic coming from theInternet and allowed only servers on the corporate network usingthe corporate proxy servers to access those two URLs.