I’ve seen that work well, and I’ve seen it fail miserably.
Officially, it’s not a supported configuration - which does not mean it won’t work, but if anything breaks and we think it’s due to the F5, you’re a bit on your own.
A lot will depend on your relationship with the F5 admins and how much cooperation you’ll get.
Some considerations to note - the balancing algorithm needs to be very sticky, but I forget their terminology for that. The Internet client performs the Relay Authentication only during Registration.
If the client gets switched to a different Relay after it registers it will get 403 Forbidden errors from the new relay when it tries to gather sites or post reports. Since each gather/post is a separate HTTP session the F5 might switch the client to a different relay for each session depending on the algorithm. The load-balance algorithm needs to be based on the client IP address, not session or port numbers.
Ideally you could approach it slowly - set up the F5 balancer to the relays, but still allow clients to also talk directly to the relays. Switch only a few clients, manually, to use the F5 name or IP as their relay, and watch their logs over several days.
When you’re satisfied with testing you could configure a Relay Name Override on your DMZ relays so they advertise a name that maps to the F5, and add FailoverRelayList options on your clients for that name as well.
Some of the health-check content will not work as expected, since it is based on the clients reporting the name of their relay, and they will all report the F5 as their relay. The health checks will display that as an overloaded relay, thinking it has more clients than are healthy. I’m working on custom content based on the RelayChain info under the client’s __BESData/__Global/RelayChain
logs, which show the real relay name and computer ID in that case. Requires 9.5.13 or higher on clients and relays.
That’s what I have off the top of my head. I’d love to see more feedback from anyone else using the F5 configuration and their experiences with it.