Service Discovery - Classic BIG-IP

Published April 5, 2023 | Last modified January 17, 2025

Objective

Service discovery enables you to discover endpoints available on a given platform. This document provides instructions on how to configure Service Discovery of type Classic BIG-IP. This enables customers to use F5 Distributed Cloud as the DMZ for public-facing applications, facilitates easy app migrations across diverse infrastructures, and enhances the visibility of APIs being used for these apps, empowering BIG-IP users to optimize their multi-cloud strategy effectively.

This enables the F5 Distributed Cloud platform to discover Virtual Servers configured on your classic BIG-IP devices and provides quick actions to enable various Distributed Cloud Services for the discovered applications.

Prerequisites

The following prerequisites apply:

Note: If you do not have an account, see Create an Account.

  • A Secure Mesh Site deployed with reachability to the BIG-IP instances. Refer to Infrastructure Requirements section for more details.

  • BIG-IP admin credentials (required) and certificate (optional).

Infrastructure Requirements

The management and data interfaces of BIG-IP devices must be routable from the SNI interfaces of the CE. It is recommended to deploy the CE with two SNI interfaces; one to reach the BIG-IP Management interface and the other to reach the data interface. This keeps the config and data path separate and the data path performance is not affected by config traffic.

Figure: Infrastructure Requirements

Figure: Infrastructure Requirements

The feature also works with one SNI interface on the CE with reachability to both BIG-IP interfaces.

Figure: Infrastructure Requirements

Figure: Infrastructure Requirements

Note: The same service discovery configuration can discover from multiple BIG-IP clusters that are reachable from the CE site's SLI interface.

Configuration Sequence

Discovering BIG-IP applications and enabling Distributed Cloud services for them requires performing the following actions:

  • Configure service discovery.

    • Add BIG-IP instances or HA clusters.

    • Configure Virtual Server Filters to selectively discover required applications.

    • Configure Namespace Mapping to select BIG-IP partitions to discover from.

  • Verify the discovered applications.

  • Create an HTTP load balancer to advertise the app.

    OR

  • Enable Visibility to make it available in the WAAP workspace where users can enable and monitor API discovery.

Configuring Discovery for Shared vs Dedicated BIG-IP Resources

The service discovery tool discovers the BIG-IP apps into Distributed Cloud App Connect Namespaces. The feature provides an option to discover apps from different BIG-IP partitions into single or multiple Distributed Cloud App Connect Namespaces.

If the requirement is to discover all BIG-IP Apps into the same App Connect Namespace, for example: when the BIG-IP is a dedicated resource and all partitions on it are owned by a single team, the Service Discovery object can be configured in the App Connect namespace to which the team has access.

Figure: Service discovery created in application namespace (example: team-1)

Figure: Service discovery created in application namespace (example: team-1)

If the requirement is to discover apps from certain BIG-IP partitions to corresponding App Connect Namespace (for example: when different BIG-IP partitions are owned by different teams), the Service Discovery object must be configured in the Shared Configurations workspace. The namespace mapping configuration can be used to map the required BIG-IP partitions to the corresponding App Connect Namespace. The applications from the BIG-IP partitions will be discovered only to the mapped App Connect Namespace, maintaining the management isolation.

Figure: Service discovery created in shared namespace

Figure: Service discovery created in shared namespace

Configure Service Discovery for Classic BIG-IP

The steps to configure Classic BIG-IP service discovery are the same for the App namespace and Shared Configuration, except for the namespace mapping step. Follow the steps below to configure the Service Discovery object in the App Connect namespace:

Step 1: Create a new service discovery object.

  • Navigate to Multi Cloud App Connect > Manage > Service Discoveries.

  • On the BIG-IP tab, click on Add Service Discovery.

Figure: Add Service Discovery

Figure: Add Service Discovery

Step 2: Enter the metadata.

  • Enter Name.

  • Optionally enter Labels and Description.

Step 3: Select where the discovery is applicable.

  • In the Virtual-Site or Site or Network dropdown select Site.

  • From the Reference dropdown, select the CE site deployed with reachability to the BIG-IP.

  • From the Network type dropdown select Site Local Inside Network.

Figure: Site Local Inside Network

Figure: Site Local Inside Network

Step 4: Select the discovery method.
  • In the Select Discovery Method dropdown select Classic BIG-IP Discovery Configuration.
Step 5: Add BIG-IP Clusters.
  • Under Classic BIG-IP Clusters, click the Add Item button to add one cluster at a time.

Note: If you do not have a cluster and have an individual BIG-IP device, you can add it as a cluster of one device.

Figure: Add BIG-IP Clusters

Figure: Add BIG-IP Clusters

  • Enter the name and description of the BIG-IP cluster.
Step 6: Add BIG-IP Device.

  • Under Classic BIG-IP Devices click on Add Item.

    • Provide the device's Management IP.

    • Provide the device's Admin Credentials.

    • Under Root CA Certificate select Skip Verification if no certificate is configured on BIG-IP for authentication Or select Root CA Certificate and add/select the required certificate.

Figure: Add BIG-IP Access Details

Figure: Add BIG-IP Access Details

Step 7: Optionally Configure Virtual Server Filter.

Virtual server filter can be optionally used to select only the required BIG-IP virtual servers that need to be onboarded to Distributed Cloud App Connect and exclude others.

  • Virtual servers that are disabled on BIG-IP are not discovered by default. Check the Discover Disabled Virtual Servers checkbox to allow discovering these if required.

  • In the Regex To Match Virtual Server Name provide a regex string to match the required virtual server names.

For example, if non-production virtual servers are named with the prefix “dev-” you can enter “^dev-*” as the regex.

  • In the Regex To Match Virtual Server Description provide a regex string to match the required virtual server Description.

Note: You can add labels in the virtual server description on BIG-IP and use this to discover these virtual servers.

  • In Port Ranges enter comma-separated ports/port ranges to match the required virtual server (Example: 80,8080,5000-5050).
Figure: Configure Virtual Server Filter

Figure: Configure Virtual Server Filter

Note:

  • If any field is left blank, it is treated as select any.

  • The virtual server will be discovered if it matches any of the configured criteria (logical OR between the configured criteria).

Step 8: Configure Namespace Mapping.

  • Under the Namespace Mapping Choice dropdown select one of the following:

    • Automatic - if you want to discover virtual servers from all BIG-IP partitions.

    • Custom - if you want to select the BIG-IP partitions to discover from.

    Click Add Item to add regex to match the partition name.

    Figure: Namespace Mapping

    Figure: Namespace Mapping

    Note: If you are configuring the Service Discovery object in the Shared Configurations workspace, you must also select the App Connect Namespace to which the discovered virtual servers will be deposited.

    Figure: Namespace Mapping Virtual Server

    Figure: Namespace Mapping Virtual Server

Step 9: Save the instance configuration.

  • Click Apply to save the BIG-IP instance.

  • Go back to Step 6 to add more BIG-IP instances to the cluster.

Step 10: Save the cluster configuration.

  • Click Apply to save the BIG-IP cluster.

  • Go back to Step 5 to add more BIG-IP clusters to discover from.

Step 11: Save the service discovery configuration.
  • Click Save and Exit to save the configuration.

Verify the Discovered Applications

Once the service discovery configuration is saved, the number of discovered BIG-IP virtual servers is shown in the “Services” column next to each discovery object.

Figure: SD Object Configured

Figure: SD Object Configured

Note: This is not shown when the service discovery is configured in the Shared Configuration workspace. To view this, navigate to Multi Cloud App Connect > Manage > Service Discoveries on one of the namespaces to which the partitions are mapped.

You can click on the number to navigate to the Multi Cloud App Connect > Discovered Services dashboard to view the list of discovered applications for that Service Discovery object.

Figure: Discovered Services

Figure: Discovered Services

The console provides a quick wizard to easily advertise the discovered application to the internet or other Sites using F5 Distributed Cloud App Connect by creating an HTTP load balancer.

The below example shows the steps to advertise the discovered HTTP application to the internet:

  • Navigate to Multi Cloud App Connect > Discovered Services.

  • Click on ... (ellipsis) icon in the Actions column of the discovered service you want to advertise.

  • Select Add HTTP Load Balancer.

Figure: Add HTTP LB

Figure: Add HTTP LB

  • Enter a name for the LB.

  • Enter a domain name.

  • In the Load balancer Type dropdown select HTTPS with Automatic Certificate.

  • In the Root CA Certificate of Origin Server dropdown, select Skip Verification.

  • Click Save and Exit.

Figure: Advertise the Discovered Applications

Figure: Advertise the Discovered Applications

This gives a quick way to advertise the discovered objects. The Load balancer and Origin pool objects for the service are automatically created and can be managed directly by navigating to Multi Cloud App Connect > Manage > Load Balancers > HTTP Load Balancers.

Enable Visibility in All Workspaces

The “Enable Visibility in All Workspace” action promotes the discovered app as a BIG-IP Virtual Server object in all Distributed cloud workspaces. This object provides a security dashboard similar to existing XC LB dashboards to enhance visibility into the security of the discovered app. In the current release, it supports enabling API visibility in the WAAP workspace.

Note: This option can be used for the use case where the client directly connects to the app on BIG-IP (CE is not inline on the data path) and the access logs for the visibility-enabled virtual server are streamed to the Global Controller via the CE.

Follow the below steps to enable visibility for a discovered app:

  • Navigate to Multi Cloud App Connect > Discovered Services.

  • Click on ... (ellipsis) icon in the Actions column of the discovered service and click Enable Visibility in All Workspace.

Figure: Enable Visibility

Figure: Enable Visibility

  • Click Enable Visibility in the popup to confirm your action.

A popup at the bottom of the screen shows if the action was successfully performed and the status in the “Visibility in Distributed Cloud” column changes to “Manage in WAAP”.

Users can click this status to redirect to the WAAP workspace and enable API discovery for the corresponding BIG-IP virtual server.

On this page: