Virtual Hosts

• Open F5 Distributed Cloud Console > select Multi-Cloud App Connect box.

Note: Homepage is role based, and your homepage may look different due to your role customization. Select All Services drop-down menu to discover all options. Customize Settings: Administration > Personal Management > My Account > Edit work domain & skills button > Advanced box > check Work Domain boxes > Save changes button.

• Select Namespace or create a namespace where endpoint needs to be created, located in drop-down selector in upper-left corner.

• Select Manage in left-menu > select Virtual Hosts > Endpoints.

• Select Add Endpoint button.

Note: If options are not showing available, select Show link in Advanced nav options visible in bottom left corner. If needed, select Hide to minimize options from Advanced nav options mode.

See Endpoint for more information on Endpoints.

• In Multi-Cloud App Connect.

• Select Manage > Virtual Host > Endpoints.

• Select Add Endpoint button.

• Enter Name.

• Enter Labels and Description as needed.

Note: Enter the values as per the following guidelines:

Name: Provide a name for identifying the endpoint object on the F5® Distributed Cloud Console.

Labels: Associate multiple labels from either known keys/known labels or custom keys and labels.

Description: Provide a description to the endpoint object.

• Toggle Show Advanced Fields to populate Endpoint Name (Advanced) option in drop-down menu.

• Endpoint IP Address: IP Address of the origin service. For example, if a service is running in public cloud platform like AWS, provide the publicly reachable IP address in the IP field.

• Endpoint Name: Endpoint's IP address is discovered using DNS name resolution the DNS name of the origin service. For example, if a service called webapp has a resolvable DNS name webapp.customer1.net associated with it, provide the DNS name in the DNS field.

• Service Selector Info: Kubernetes Service Selector information of the origin service. Select this option to directly discover a service running on F5 Kubernetes Service or any other public cloud kubernetes services such as EKS, AKS and GCP. An explicit ‘Service Discovery’ object has to be created if selected service is running on public cloud kubernetes services. There is no need to create ‘Service Discovery’ object if the service is deployed using F5® Distributed Cloud App Stack (Virtual Kubernetes Service). Enter the service name in the <Name of the Kubernetes Service>.<Namespace in which the Kubernetes Service is placed> format.

• Endpoint Name (Advanced): Specifies name and TTL used for DNS resolution.

The Service Selector Info field has options in Discovery drop-down option:

• Kubernetes: Discover from Kubernetes cluster. Use this when you deploy the service on F5 Kubernetes Service or any public cloud platform (EKS/AKS/GCP). Configure an extra object in case a public cloud platform is involved. If the service is hosted on F5 Kubernetes Service, then F5 seamlessly enables the service discovery.

• HashiCorp Consul: Discover from Consul service. Use this option when you have an existing Consul cluster, or create a Consul cluster for service discovery where F5 reads discovery information directly from Consul. This requires you to create a discovery object with Consul connection information.

• Service Selector Info: Kubernetes Service Selector information of the origin service. Select this option to directly discover a service running on F5 Kubernetes Service or any other public cloud kubernetes services such as EKS, AKS and GCP. An explicit ‘Service Discovery’ object has to be created if selected service is running on public cloud kubernetes services. There is no need to create ‘Service Discovery’ object if the service is deployed using F5® Distributed Cloud App Stack (Virtual Kubernetes Service). Enter the service name in the <Name of the Kubernetes Service>.<Namespace in which the Kubernetes Service is placed> format.

Port refers to the port on which the service is serving and protocol refers to the protocol that the application uses.

Configure the port and protocol.

• Protocol: Defaults value is TCP. Both TCP and UDP protocols are supported.

• Port: port on which the application is serving. For example a web service application serving on port 8080.

A selector can be a site, virtual site, virtual network, or known network. This defines the location from which origin service is discovered.

• Select Virtual-Site, Site, or Virtual Network drop-down menu option.

• Select Reference and Network Type drop-down menu options.

• Select Save and Exit button to create the endpoint.

After all the parameters are entered in the respective fields, selecting Save and Exit adds the endpoint object to the F5 Console.

• Select the Namespace in which the associated endpoint is located in Multi-Cloud App Connect.

• In Multi-Cloud App Connect.

• Select Manage > Virtual Host > select Clusters.

• Select Add Cluster button.

sa

• Enter Name: Provide a name for identifying cluster object.

• Enter Labels: Associate multiple labels from either known keys/known labels or custom keys and labels.

• Enter Description: Provide a description to the cluster object.

Endpoints refer to list of endpoints that are mapped to a specific cluster. A cluster can point to one or more endpoints.

• + Add Item button in Origin Servers(Endpoints) box.

• Select Item drop-down, + Add Item button to add new endpoints.

The Load balancer algorithm refers to a specific method of load-balancing to be applied on cluster object. Choose from the supported algorithms.

• Select LoadBalancer Algorithm drop-down menu option:

  • Round_Robin

  • Least_Request

  • Ring_Hash

  • Random

  • Load Balancer Override

  Note: If no value is configured, the default value Round_Robin is applied.

  

Health check refers to configuring checks to ensure underlying endpoints are available. It is required to configure a health check object first to list them while creating the cluster.

• Select + Add Item button in Health Checks box.

• Select Item drop-down menu that appears.

• Select Health Check.

• Select + Add Item to open Health Check Parameters form.

• Enter Name, enter Labels and Description as needed.

• Configure form as needed.

• Select Continue button.

• Select Endpoint Selection in drop-down menu:

  • All Endpoints: Consider both remote and local endpoints for load balancing.

  • Local Endpoints Only: Consider only local endpoints for load balancing Enable this policy to load balance ONLY among locally discovered endpoints.

  • Local Endpoints Preferred: Prefer the local endpoints for load balancing. If local endpoints are not present remote endpoints will be considered.

You can set TLS version and configure TLS certificates for the cluster object using the TLS parameters.

• Select Configure link in TLS Parameters box in Origin in Pool(cluster) Parameters.

• Upstream TLS Parameters form SNI Selection drop-down menu > enter SNI Value > Configure link in Common Parameters > Form > Apply button.

• Toggle Show Advanced Fields to show Connection Timeout, HTTP Idle Timeout, and HTTP Protocol Configuration Panic Threshold Header transformation options under TLS Parameters.

• Select No Panic threshold or Panic threshold in drop-down box.

• Toggle Show Advanced Fields to open Circuit Breakers box.

• Input Priority, Connection limit, Pending Requests, Retry Count, Maximum Request Count as needed.

• Input Outlier Detection information as needed.

Endpoint subset is a subset of endpoints grouped together using a key/value pair. Provide multiple keys and associate a label to group available endpoints. These are used in setting fallback policy.

• Toggle Show Advanced Fields to open Endpoint Subsets box.

• Select Configure link in Endpoint Subsets.

• Select Default Subset label in drop-down menu.

• Select Configure link in Fallback Policy.

After all the parameters are entered in the respective fields, select Save and Exit. This adds the cluster object to the F5 console.

• Select Save and Exit button after all the parameters are entered in the respective fields to add the cluster object to the F5 console.

• In Multi-Cloud App Connect > select Manage > Virtual Host.

• Select Routes.

• Select Add Route button.

• The Add Route form gets loaded.

• Enter Name.

• Enter Labels and Description as needed.

Enter the values as per the following guidelines:

1. Name: Provide a name for identifying route object on F5® Cloud Console.

2. Labels: You can associate multiple labels from either known keys/known labels or custom keys and labels.

3. Description: Provide a description to the route object.

• Select Configure link in List of Routes box on bottom of Route form to open the Routes configuration form for different routing options.

• Select + Add Item button in Routes page.

• Select Configure link in Request Match box to implement traffic match patterns and rules based on different HTTP methods.

• Select + Add Item button in Match page.

• Select HTTP Method in drop-down menu: ANY (HTTP method), GET, HEAD, POST, PUT, DELETE, OPTIONS, TRACE, and PATCH.

• Select Path Match drop-down menu option in Match Condition box.

Choose one of the three available match patterns:

• Prefix > enter Prefix value in box.

• Path > enter Path value in box.

• Regex > enter Regex value in box.

You can also specify an optional combination Query Parameters and Headers.

• Select + Add Item button.

• Enter the configuration parameters in new page.

• Select Add Item button.

• Select Apply button.

Route Action: Route action specifies the action executed when this route object is accessed. You can choose one of the three options:

• Select Action in drop-down menu options:

  • Destination List: Route destination enables you to map one or more cluster objects to this specific route.

    • Select Configure in Destination List > + Add Item in Destination Origin pools (cluster) > select Cluster and setup as needed > Apply button.

    Note: Selecting Destination List in route action provides with options to associate one or more clusters to the destination.

  • Redirect: Route redirect enables you to redirect requests received by this route.

    • Enter info in all boxes you want to customize.

  • Direct Response: Route direct response enables you to provide a response code.

    • Select Configure in Direct Response.

• Toggle Show Advanced Fields in Actions box to show Headers options if needed.

• Toggle Show Advanced Fields to expand box and configure Advanced Options.

• Select WAF Config drop-down menu in WAF box to apply Application Firewall option.

• Check box for Service Policy if needed.

• Select Add Item to add the route object to the F5 Cloud Console.

• Select Apply button in Routes > Global Configuration Specification page.

• Select Save and Exit button to add route.

• Select the namespace in which the advertise policy needs to be created.

• In Multi-Cloud App Connect > select Manage > Virtual Host.

• Select Advertise Policies.

• Select Add Advertise Policy button.

• Enter name, labels, and description in the Add advertise policy form.

1. Name: Provide a name for identifying advertise policy.

2. Labels: Users can associate multiple labels from either Known Keys/Know Labels or custom keys and labels.

3. Description: Users can provide a description to Advertise policy object.

Enter Where to advertise the service.

The field Where enables you to advertise a service on a site, virtual site, and virtual network. For example, if multiple sites are spatially distributed across regions (cloud and physical), you can discover a service from one site and advertise the same on one or more sites.

• Toggle Show Advanced Fields in Advertise Policy box to show more options.

• Select Virtual-Site, Site, or Virtual Network drop-down menu in Advertise Policy box.

  • Virtual Site: One or more sites grouped into a virtual site using key/label. If a virtual site has more than one site, advertise policy will announce the services on all the sites.

  • Site: A site registered and listed in the Site List in the system namespace.

  • Virtual Network: A Virtual network created by user. Advertise policy advertises the service on all devices which comprise the chosen virtual network.

• Select Reference and Network Type options in drop-down menus.

• Toggle Show Advanced Fields in Advertise Policy box to show more options.

• Select Protocol in drop-down menu, TCP or UPD.

  • Protocol: Refers to protocol that the service supports. Default is TCP

• Enter TCP/UDP Port number in box.

  • Port: Refers to port on which the discovered service is advertised. This can be a different port than the originally discovered port from the Endpoint object. Advertising on public networks is supported for only ports 80 and 443.

• Select or enter VIP, TLS Parameters, Disable X-Forwarded-For Header, and List of Public IP sections as needed.

• After entering all required parameters in the respective fields, select Save and Exit button to add the advertise policy object to F5.

Select the Namespace in which virtual host needs to be created.

• In Multi-Cloud App Connect > select Manage > Virtual Host

• Select Virtual Hosts.

• Select + Virtual Host or Add Virtual Host button.

• Enter name, labels, and description as needed.

1. Name: Provide a name for identifying advertise policy object on F5 platform.

2. Labels: You can associate multiple labels from either known keys/known labels or custom keys and labels.

3. Description: Provide a description to advertise policy object.

• Select a value for the Proxy Type drop-down menu.

  • UDP Proxy: Install UDP proxy.

  • Secret Management Access Proxy: Install Secret Management Access proxy.

Note: Proxy type enables you to configure specific type of proxy on the virtual host.

Note: The virtual host of the UDP Proxy type can be monitored in the Virtual Hosts > HTTP Connect & DRP page in your application namespace. The UDP Proxy type does not support extensive monitoring that other types of virtual hosts support.

• Select + Add item in Domains box.

Note: Domain is used to access the virtual host. A virtual host can have one or more domains associated with it.

• + Select Route button in Routes box to associate one or more routes with the virtual host.

• Check existing Route or + Add new Route, configure as needed.

• Select Route button to add and return to previous page.

• + Select Advertise Policy button in Routes box to associate an advertise policy with the virtual host.

• Check existing Advertise Policy or + Add new Advertise Policy, configure as needed.

• Select Advertise Policy button to add and return to previous page.

• Select or enter other sections as needed.

• TLS Parameters

• WAF Config

• Dynamic Reverse Proxy

• Authentication Details

• Add Request Headers

• Remove Request Headers

• Buffer Policy

• CORS Policy Configuration

• Add Location

• Retry Policy

• Compression Parameters

• Custom Error Responses

• Disable default error pages

• Maximum Request Header Size (KiB)

• Select Type of Challenge

• Rate Limiter

• Maximum Request Header Size (KiB)

• Select Type of Challenge

• Rate Limiter

• Maximum Request Header Size (KiB)

• Select Type of Challenge

• Rate Limiter

• Rate Limiter Allowed Prefixes

• User Identification Policy

• Idle timeout (in milleseconds)

• Disable DNS resolution

• Server Header value to be used in response

• Path normalize

• Rate Limiter Allowed Prefixes

• User Identification Policy

• Idle timeout (in milleseconds)

• After entering all required parameters, select Save and Exit button to create a virtual host object.