Simple load balancing with bigip

F5, General stuffs, Security 1 Minute

Lab information
2x DVWA servers in vmnet3
1x Lubuntu client in vmnet5
Use round robin as load balancing method.
DVWA has a login page, hence enable persistence source address.
Enable health monitor for the DVWA servers.

Create DVWA pool
DVWA has two servers namely 172.16.3.130 and .131

root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos)# /ltm pool
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.ltm.pool)# create dvwa members add { 172.16.3.130:80 172.16.3.131:80 } load-balancing-mode round-robin description "DVWA server pool"

Here we create two server pools that listen to http and chose the round robin as the load balancing method.

 

Create virtual server to answer Lubuntu’s request

root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.net.self)# /ltm virtual
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.ltm.virtual)# create dvwa source 172.16.5.0/24 destination 172.16.3.254:80 profiles add { fastL4 } pool dvwa ip-protocol tcp persist replace-all-with { source_addr }

Here I configured the expected source address which I put vmnet5 subnet, and also the destination server which was the selfip which i created.

I also attached the dvwa pool and enabled source address persistence.

What this persistence does is to ensure the same source address always hit the same server within a session.

Do a save configuration before testing.
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.ltm.virtual)# save /sys config
Saving running configuration...
/config/bigip.conf
/config/bigip_base.conf
/config/bigip_user.conf
Saving Ethernet mapping...done

Test

dvwa login.png

dvwa login success.png

dvwa try.png

Enable health monitor for DVWA pool

Before the health monitor is enabled, the status of the virtual server is unknown.

before health monitor.png

The following command line enables the health monitor.

root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos)# /ltm monitor
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.ltm.monitor)# create http dvwa-monitor username admin password password

I created a http monitor known as dvwa-monitor from the http monitor template, I added the username and password of the DVWA.


root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.ltm.monitor)# /ltm pool
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.ltm.pool)# modify dvwa monitor dvwa-monitor description "To monitor DVWA status"
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos.ltm.pool)# save /sys config

after health monitor.png

pool after monitor.png

Advertisement

Published by cyruslab

Published

2 thoughts on “Simple load balancing with bigip

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s