Topic starter
Client → Virtual Server (VIP) → Profiles/iRules → Pool Selection → Server → Response back via BIG-IP
Client Sends Request
-
User connects to VIP (Virtual IP).
-
Packet reaches BIG-IP.
VLAN & Self-IP Check
-
BIG-IP checks incoming interface.
-
Validates VLAN and routing.
-
Performs route lookup.
Virtual Server (VIP) Match
-
BIG-IP checks:
-
Destination IP
-
Port
-
Protocol
-
-
If match found → process continues.
-
If no match → traffic dropped.
Profile Processing
Profiles define how traffic behaves:
-
TCP Profile → connection settings
-
SSL Profile → decrypt/encrypt
-
HTTP Profile → enables Layer 7 inspection
-
Persistence Profile → sticky sessions
If SSL is enabled:
-
Traffic is decrypted here (Client SSL profile).
iRules (If Configured)
Custom logic executed:
-
Redirect HTTP to HTTPS
-
Route based on URI
-
Block specific IP
-
Modify headers
iRules execute at specific events (CLIENT_ACCEPTED, HTTP_REQUEST, etc.)
Load Balancing Decision
BIG-IP selects a pool member based on:
-
Round Robin
-
Least Connections
-
Ratio
-
Fastest
Also checks:
-
Server health monitor status
If server is down → skipped.
Server-Side Connection Created
Important concept:
F5 is a Full Proxy
It creates:
-
One connection between Client ↔ BIG-IP
-
Another connection between BIG-IP ↔ Server
Client never talks directly to the server.
Server Response Returns
Response comes back:
-
May be modified by iRules
-
Re-encrypted (Server SSL profile if used)
-
Sent back to client
Posted : 19/02/2026 10:33 pm
