Tuesday, January 16, 2018

F5 LB common misconfigurations for vRA 7.x

Working with some customers to build vRealize Automation 7.x in production environment I have had some problems configuring F5 Load Balalancers, although these errors affected to F5 these mistakes can affect other load balancers as well. These recommendations are based on my own experiences but I based this article on others blogs posts. Just I tried to make a summary.

1- Utilize the load balancer VIP for initial installation

Please don't try to use the load balancer VIP during vRA installation. While if setup perfectly this will work, a small mistake with the VIP configuration can make the installation and configuration of vRealize Automation feel impossible. For this I would recommend you create the VIP DNS record and just point it to your first nodes. Complete your vRA installation and configuration and only after confirming your setup is stable and fully installed to point your VIP DNS record to your actual VIP IP. This will make your installation go much smoother, and allow you a much easier path to troubleshooting if you made a mistake during load balancer configuration.

2- Leaving the vRA Virtual Servers Load balancing Type to “Standard”

F5 load balancer usually offers three Virtual Servers Load balancing types “Standard”, “Performance Layer 4”, and “Layer 7”. By default, F5 vRA Virtual Servers is configured with load balancing type “Standard”, which does not work well with vRealize Automation. I saw the network team leaving this paramater to the default value of “Standard” causing vRealize automation to fail. Below is a sample errors faced when using the “Standard” Load balancing type:

“Error processing ping response Unable to connect to the remote server Inner Exception: Unable to connect to the remote server”

“Error processing ping response System.Data.Services.Client.DataServiceTransportException: Unable to connect to the remote server —> System.Net.WebException: Unable to connect to the remote server —> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it :443”

The recommended configuration for the F5 Virtual Servers Load balancing type is “Performance Layer 4” and using any different type can cause issues. I would recommend sticking with the supported, recommended, and tested configuration in here.

3- Forgetting to Setup Protocol Profile (Client) to “fastL4”

Not setting up Protocol Profile (Client) to “fast L4” in the F5 can cause similar issue to the ones seen in the above point. Same bad result.

4- Leaving the default setting to HTTP Profile to “http” in Virtual Servers

By default, F5 is configured with the HTTP Profile of “http” , which does not work well with vRealize Automation. The correct value is "none". The behaviour to leave this setting with "http" is undefined, sometimes work sometimes does not work. Looks unstable. With "none" the F5 works normally.

I hope this help some of you fix some issues caused by F5 load balancer configuration when creating a vRA distributed environment.


No comments:

Post a Comment