F5 Advanced Load Balancing Use Case¶
This use case demonstrates a comprehensive configuration scenario using the Nautobot Load Balancer App for an advanced F5 setup. The example includes multiple pool members, SSL profiles, and detailed health check monitoring.
Scenario Overview¶
In this advanced configuration scenario, we illustrate:
- A Virtual Server with multiple Pool Members.
- Advanced Certificate Profile configurations for secure communications.
- Detailed health monitoring via HTTP checks.
Step-by-Step Configuration¶
1. IPAM Configuration¶
Ensure these IP Addresses are available in Nautobot's IPAM:
- Virtual IP (VIP):
10.230.15.214 - Pool Member IPs:
10.230.32.121,10.230.32.122,10.230.32.123
2. Health Check Configuration¶
Before configuring your pools, set up your health checks:
- Navigate to Load Balancer > Health Check Monitors.
- Click Add Health Check Monitor.
- Name:
http - Health check type:
HTTP - Port:
80 - Interval:
30 - Timeout:
5 - Retry attempts:
3
- Name:
3. Certificate Profile Configuration¶
Define Certificate Profiles:
- Navigate to Load Balancer > Certificate Profiles.
- Click Add Certificate Profile.
- Name:
clientssl-fedcheck.app-strong - Certificate Type:
Server - Certificate file path:
fedcheck.app.crt - Chain file path:
fedcheck.app-chain.crt - Key file path:
fedcheck.app.key
- Name:
4. Configuring Load Balancer Pool¶
- Navigate to Load Balancer > Pools.
- Click Add Load Balancer Pool.
- Name:
pool_live_ident_admin_web_http - Load Balancing Algorithm: Select
Round Robin - Health Check Monitor: Select
http
- Name:
5. Adding Load Balancer Pool Members¶
- Navigate to Load Balancer > Pool Members.
- Add each pool member individually:
- IP Addresses:
10.230.32.12110.230.32.12210.230.32.123
- Load Balancer Pool:
pool_live_ident_admin_web_http - Status:
Active - Port:
9280 - Health Check Monitor:
http - Certificate Profile:
clientssl-fedcheck.app-strong
- IP Addresses:
6. Creating the Virtual Server¶
- Navigate to Load Balancer > Virtual Servers.
- Click Add Virtual Server.
- Name:
vs_live_ident_admin_web_https - IP Address (VIP):
10.230.15.214 - Protocol:
TCP - Load Balancer Type:
Layer 7 - Port:
443 - Load Balancer Pool:
pool_live_ident_admin_web_http - Health Check Monitor:
http - Certificate Profile:
clientssl-fedcheck.app-strong
- Name:
7. Validation and Configuration Snippet¶
{
virtual_servers(name: "vs_live_ident_admin_web_https") {
name
port
protocol
vip {
address
}
certificate_profiles {
name
certificate_file_path
key_file_path
cipher
}
load_balancer_pool {
name
health_check_monitor {
name
health_check_type
port
interval
timeout
retry
}
load_balancer_pool_members {
port
ip_address {
address
}
}
}
}
}
{
"data": {
"virtual_servers": [
{
"name": "vs_live_ident_admin_web_https",
"port": 443,
"protocol": "TCP",
"vip": {
"address": "10.230.15.214/32"
},
"health_check_monitor": {
"name": "http",
"health_check_type": "HTTP",
"port": 80,
"interval": 30,
"timeout": 5,
"retry": 3
},
"certificate_profiles": [
{
"name": "clientssl-fedcheck.app-strong",
"certificate_file_path": "fedcheck.app.crt",
"key_file_path": "fedcheck.app.key",
"cipher": ""
}
],
"load_balancer_pool": {
"name": "pool_live_ident_admin_web_http",
"health_check_monitor": {
"name": "http",
"health_check_type": "HTTP",
"port": 80,
"interval": 30,
"timeout": 5,
"retry": 3
},
"load_balancer_pool_members": [
{
"port": 9280,
"ip_address": {
"address": "10.230.32.121/32"
}
},
{
"port": 9280,
"ip_address": {
"address": "10.230.32.122/32"
}
},
{
"port": 9280,
"ip_address": {
"address": "10.230.32.123/32"
}
}
]
}
}
]
}
}
{% for virtual_server in data.virtual_servers %}
ltm virtual-address /Common/{{ virtual_server.vip.address.split('/')[0] }} {
address {{ virtual_server.vip.address.split('/')[0] }}
arp enabled
mask 255.255.255.255
route-advertisement selective
}
ltm profile client-ssl /Common/{{ virtual_server.certificate_profiles[0].name }} {
app-service none
cert-key-chain {
default {
cert {{ virtual_server.certificate_profiles[0].certificate_file_path }}
key {{ virtual_server.certificate_profiles[0].key_file_path }}
}
}
ciphers {{ virtual_server.certificate_profiles[0].cipher or "DEFAULT" }}
defaults-from /Common/clientssl
}
ltm virtual /Common/{{ virtual_server.name }} {
destination /Common/{{ virtual_server.vip.address.split('/')[0] }}:{{ virtual_server.port }}
ip-protocol {{ virtual_server.protocol | lower }}
mask 255.255.255.255
pool /Common/{{ virtual_server.load_balancer_pool.name }}
profiles {
/Common/{{ virtual_server.certificate_profiles[0].name }} { context clientside }
/Common/http { }
/Common/tcp { }
}
source 0.0.0.0/0
source-address-translation { type automap }
translate-address enabled
translate-port enabled
vlans-enabled
}
ltm pool /Common/{{ virtual_server.load_balancer_pool.name }} {
members {
{% for member in virtual_server.load_balancer_pool.load_balancer_pool_members %}
/Common/{{ member.ip_address.address.split('/')[0] }}:{{ member.port }} {
address {{ member.ip_address.address.split('/')[0] }}
}
{% endfor %}
}
monitor /Common/{{ virtual_server.load_balancer_pool.health_check_monitor.name }}
}
{% for member in virtual_server.load_balancer_pool.load_balancer_pool_members %}
ltm node /Common/{{ member.ip_address.address.split('/')[0] }} {
address {{ member.ip_address.address.split('/')[0] }}
}
{% endfor %}
{% endfor %}
Sample output from the template¶
You can use the Jinja Renderer at the bottom of Nautobot with your JSON output and the sample Jinja2 template:
ltm virtual-address /Common/10.230.15.214 {
address 10.230.15.214
arp enabled
mask 255.255.255.255
route-advertisement selective
}
ltm profile client-ssl /Common/clientssl-fedcheck.app-strong {
app-service none
cert-key-chain {
default {
cert fedcheck.app.crt
key fedcheck.app.key
}
}
ciphers DEFAULT
defaults-from /Common/clientssl
}
ltm virtual /Common/vs_live_ident_admin_web_https {
destination /Common/10.230.15.214:443
ip-protocol tcp
mask 255.255.255.255
pool /Common/pool_live_ident_admin_web_http
profiles {
/Common/clientssl-fedcheck.app-strong { context clientside }
/Common/http { }
/Common/tcp { }
}
source 0.0.0.0/0
source-address-translation { type automap }
translate-address enabled
translate-port enabled
vlans-enabled
}
ltm pool /Common/pool_live_ident_admin_web_http {
members {
/Common/10.230.32.121:9280 {
address 10.230.32.121
}
/Common/10.230.32.122:9280 {
address 10.230.32.122
}
/Common/10.230.32.123:9280 {
address 10.230.32.123
}
}
monitor /Common/http
}
ltm node /Common/10.230.32.121 {
address 10.230.32.121
}
ltm node /Common/10.230.32.122 {
address 10.230.32.122
}
ltm node /Common/10.230.32.123 {
address 10.230.32.123
}
Representing Vendor-Specific F5 Configuration¶
This example focuses on core F5 elements that are modeled directly using the Load Balancer data model:
- Certificate Profiles for SSL termination
- Health Check Monitors for backend availability
- Load Balancer Pools and Load Balancer Pool Members
- Virtual Servers using VIPs and ports
- Basic SNAT behavior using template logic (
automapin the rendered output)
These components are configured directly in Nautobot and shown in the step-by-step configuration and Jinja2 output above.
In real-world F5 deployments, additional platform-specific features are often needed but are not part of the core data model. These include:
- iRules (e.g., header rewrites, redirects)
- Persistence profiles (e.g., source-IP, cookie)
- HTTP or SSL profile references
- Advanced SNAT configuration
- Routing or rewrite policies
To capture these, you can define Custom Fields in Nautobot on models like VirtualServer or LoadBalancerPoolMember. Depending on the use case:
- Use a multi-select Custom Field when users need to choose from a list of known options (e.g., iRule names or profile types).
- Use a JSON Custom Field to store structured vendor-specific configuration, such as SNAT policies or fallback persistence logic.
Both field types and many more types are defined are defined through Nautobot’s Custom Field system and will appear in the UI, API, and Jinja2 templates. This provides a flexible, vendor-specific extension mechanism without altering the core data model.