Dynamic Reverse Proxy

Objective

This guide provides instructions on how to create a Dynamic Reverse Proxy (DRP) using the guided wizards in F5® Distributed Cloud Services.

A Dynamic Reverse Proxy operates between the sending Web server and your receiving Web client. It starts by attracting the requests to itself, instead of the final destination (meaning that traffic from a client will hit the Proxy itself), and then triggers a dynamic discovery of the requested endpoint by doing SNI routing or by using host headers.

Dynamic Reverse Proxy solves the problem of connecting to SaaS providers privately without the need of creating complex routing relationships and especially without the need to advertise Public IP Space inside Organizations' Corporate Networks.

On the reverse direction, Dynamic Reverse Proxy also solves the problem related to the need of advertising Organizations' Private IP Space into the SaaS Provider's Network by implementing Forward Proxy and NAT Capabilities.

image1
Figure: DRP Overview

Using the instructions provided in this guide, you will be able to create a Dynamic Reverse Proxy.


Prerequisites

The following prerequisites apply:

Note: If you do not have an account, see Create an Account.


Configuration

Create a Dynamic Reverse Proxy (DRP)

Features can be viewed, and managed in multiple services.

This example shows Dynamic Reverse Proxy setup in Load Balancers.

Step 1: Log into F5® Distributed Cloud Console, start DRP object creation.
  • Open F5® Distributed Cloud Console > select Load Balancers box.

Note: Homepage is role based, and your homepage may look different due to your role customization. Select All Services drop-down menu to discover all options. Customize Settings: Administration > Personal Management > My Account > Edit work domain & skills button > Advanced box > check Work Domain boxes > Save changes button.

NEW HOME PAGE C
Figure: Homepage

Note: Confirm Namespace feature is in correct namespace, drop-down selector located in upper-left corner. Not available in all services.

  • Change to your application namespace in the namespace selector in the primary navigation bar.

  • Select Manage in left-menu > select Load Balancers > HTTP Connect & DPRs.

Note: If options are not showing available, select Show link in Advanced nav options visible in bottom left corner. If needed, select Hide to minimize options from Advanced nav options mode.

  • Select Add HTTP Connect & DRP button.

DRP 7 2
Figure: HTTP Connect & DRP

Step 2: Configure meta data, and proxy type.

Enter the configuration parameters.

  • Set a name for your DRP object in the Name box.

  • Optionally, set label key-value pairs in the Labels box.

DRP7 4
Figure: Proxy Type

  • In Proxy type, HTTP Connect Proxy or Dynamic Reverse Proxy has HTTP Connect Proxy and Dynamic Reverse Proxy as options.

  • Select Dynamic Reverse Proxy.

  • Enter list of Domains to be proxies.

Note: Wildcards are supported.

  • Select + Add Item to add more domains to your list.

  • Select one of the following in the Select Method to determine Destination drop-down menu:

    • SNI proxy: Destination discovered based on SNI in TLS Connections.

    • HTTP Proxy: Destination discovered based on Host Header in HTTP Connections.

    • HTTPS Proxy: Destination discovered based on SNI in TLS Connections and Host Headers in HTTP Connections.

  • Enter Idle Timeout.

  • Select one of the following for the Select DNS Masquerade for Domains drop-down menu:

    • Enable DNS Masquerade: DNS queries for proxy domains will be resolved to proxy VIP.

    • Disable DNS Masquerade: DNS queries for proxy domains will not be resolved to proxy VIP.

DRP PROXYTYPE7 6
Figure: Proxy Type

Step 3: Set sites or virtual sites for proxy.

Select sites or virtual sites where you want to install this proxy.

  • The Select Sites for Proxy drop-down menu has Sites or Virtual Sites populated by default.

Note:Do Not Instantiate is the other Site Proxy option in the drop-down menu.

  • Select Configure link in Site or Virtual Site section.

DRP PROXYTYPE7 6
Figure: Sites or Virtual Sites Configuration

  • The Custom Advertise VIP Configuration page opens.

  • Select + Add Item button.

DRP VIP7 8
Figure: Sites or Virtual Sites Custom Advertise VIP Configuration

  • Select Where to Advertise option in drop-down menu:

    • Select Site to install the proxy on a site.

    • Select Virtual Site to install the proxy on a virtual site.

  • Select one of the following options for the Site Network drop-down menu:

    • Inside and Outside Network

    • Inside Network

    • Outside Network

    • vK8s Service Network

  • Select Virtual Site Reference or Site Reference drop-down menu option.

Note: Option dependent on Select Where to Advertise option selected.

Note: Select Virtual Site you have created, or + Create new Virtual Site with button at the bottom of pop-up menu.

  • Toggle Show Advanced Fields option to show IP Address box.

Note: IP Address box is only available when Site option is selected.

  • TCP Listen Port Choice drop-down menu populates with TCP Listen Port option by default. Use Default Listen Port option available.

  • Select the port for your DRP in TCP Listen Port box.

Note: Default is port 80 for HTTP requests or port 443 for HTTPS requests.

Note: This is the port for your HTTP Connect Proxy to listen to requests.

  • Select Add Item button.

Note: You can add more sites or virtual sites to advertise using the Add item option.

DRP VIP ADD7 8 2
Figure: Advertise policy configuration

Step 4: Set network for upstream connections.

Select which network is going to be used to discover and send the request to your final endpoint.

  • Select Upstream Network option in drop-down menu in Upstream Network section.

    • Site Local Network (Outside): Real endpoint is reachable via outside interface.

    • Site Local Network Inside: Real endpoint is reachable via inside interface.

DRP UPSTREAM7NETWORK7 8
Figure: Upstream Network

Step 5: Configure proxy policy.

Configure policies for this proxy. Go to Proxy Policy section, and select an option for the Manage Proxy Policy field.

  • Select Manage Proxy Policies option in drop-down menu:

    • Disable proxy policy: With this option, no policies are installed on this proxy.

    • Active proxy policies: To set a policy. From the options for the Forward Proxy Policies field, select an existing forward proxy policy, or select Create new forward proxy policy to create and apply a new policy.

DRP HTTP7 5
Figure: Proxy Policy

Step 6: Complete creating the DRP object.

Select Save and Exit to complete creating the DRP object.

Note: You can monitor the DRP in the F5® Distributed Cloud Console. Navigate to the Virtual Hosts > HTTP Connect & DRP page in your application namespace and select on your DRP object in the displayed list of objects.


Concepts


API References