Virtual Hosts

Objective

This guide provides instructions on how to create and advertise a Virtual Host. A F5® Distributed Cloud Services virtual host is a reverse proxy that provides reachability to destinations that are in the inside network and clients are in the outside network. To know more about virtual host and associated key system entities, see Virtual Host.

Note: It is recommended that you use virtual hosts only for advanced configuration.

Using the instructions provided in this guide, you can create a virtual host that advertises a service deployed on a site and provide reachability to the endpoint where the service is available.


Prerequisites

The following prerequisites apply:

  • Node or Cluster Image in case of creating virtual host to deploy load-balancing and/or other networking and security services within your cloud or edge location.

Configuration

The following image shows the virtual host creation workflow:

FlowChart
Figure: Setting up a VirtualHost

Configuration Sequence

Creating and advertising a virtual host requires performing the following sequence of actions:

Phase Description
Discover Service Discover a service from a Site or a Virtual Site. Sites are in the system namespace. Virtual Sites can be created in a namespace.
Create Endpoint Create an Endpoint object which requires an endpoint address type. Endpoint address can be of type IP or DNS Name or Service Info.
Create Cluster Create a cluster object which points to one or more endpoints in that namespace.
Create Route Create a Route object which maps to one or more Clusters in that namespace.
Create Advertise Policy Create an Advertise Policy object where the service can be advertised on Site or Virtual Site or Virtual Network (including the Public Internet).
Create Virtual Host Creates a Virtual Host object in a namespace where above Advertise Policy and Route are associated.

Create Endpoint

Features can be viewed, and managed in multiple services.

This example shows Virtual Host setup in Load Balancers.

Note: It is recommended that you use virtual hosts only for advanced configuration and most of the virtual host functionality is now available through the HTTP Load Balancer or TCP Load Balancer.

Step 1: Open F5® Distributed Cloud Console, select Endpoints.
  • Open F5® Distributed Cloud Console > select Load Balancers box.

Note: Homepage is role based, and your homepage may look different due to your role customization. Select All Services drop-down menu to discover all options. Customize Settings: Administration > Personal Management > My Account > Edit work domain & skills button > Advanced box > check Work Domain boxes > Save changes button.

NEW HOME PAGE C
Figure: Homepage

Note: Confirm Namespace feature is in correct namespace, drop-down selector located in upper-left corner. Not available in all services.

  • Select Manage in left-menu > select Virtual Hosts > Endpoints.

Note: If options are not showing available, select Show link in Advanced nav options visible in bottom left corner. If needed, select Hide to minimize options from Advanced nav options mode.

  • Select Add Endpoint button.

VIRTUALHOSTS ENDPOINTS2
Figure: Endpoints

See Endpoint for more information on Endpoints.

Step 2: Select a desired namespace, or create a namespace where endpoint needs to be created.

NavNS
Figure: Navigate to Namespace

Step 3: Select and add endpoints.
  • In Load Balancers.

  • Select Manage > Endpoints.

  • Select + Add endpoint button.

  • The Add endpoint form loads.

EndptCreate
Figure: Create an Endpoint

Step 4: Enter values for Name, Labels, and Description.
  • Enter Name, enter Labels and Description as needed.

EPConfig
Figure: Configure an Endpoint

Note: Enter the values as per the following guidelines:

Name: Provide a name for identifying the endpoint object on the F5® Distributed Cloud Console.

Labels: Associate multiple labels from either known keys/known labels or custom keys and labels.

Description: Provide a description to the endpoint object.

Step 5: Enter endpoint address by selecting one of the three options as shown in the image.
  • Toggle Show Advanced Fields to populate Endpoint Name (Advanced) option in drop-down menu.

  • Endpoint IP Address: IP Address of the origin service. For example, if a service is running in public cloud platform like AWS, provide the publicly reachable IP address in the IP field.

EPIPAddr
Figure: Endpoint Address IP option

  • Endpoint Name: Endpoint's IP address is discoverd using DNS name resolution the DNS name of the origin service. For example, if a service called webapp has a resolvable DNS name webapp.customer1.net associated with it, provide the DNS name in the DNS field.

  • Service Selector Info: Kubernetes Service Selector information of the origin service. Select this option to directly discover a service running on F5 Kubernetes Service or any other public cloud kubernetes services such as EKS, AKS and GCP. An explicit ‘Service Discovery’ object has to be created if selected service is running on public cloud kubernetes services. There is no need to create ‘Service Discovery’ object if the service is deployed using F5® Distributed Cloud App Stack (Virtual Kubernetes Service). Enter the service name in the <Name of the Kubernetes Service>.<Namespace in which the Kubernetes Service is placed> format.

The Service Selector Info field has options in Discovery drop-down option:

  • Kubernetes: Discover from Kubernetes cluster. Use this when you deploy the service on F5 Kubernetes Service or any public cloud platform (EKS/AKS/GCP). Configure an extra object in case a public cloud platform is involved. If the service is hosted on F5 Kubernetes Service, then F5 seamlessly enables the service discovery.

  • HashiCorp Consul: Discover from Consul service. Use this option when you have an existing Consul cluster, or create a Consul cluster for service discovery where F5 reads discovery information directly from Consul. This requires you to create a discovery object with Consul connection information.

  • Service Selector Info: Kubernetes Service Selector information of the origin service. Select this option to directly discover a service running on F5 Kubernetes Service or any other public cloud kubernetes services such as EKS, AKS and GCP. An explicit ‘Service Discovery’ object has to be created if selected service is running on public cloud kubernetes services. There is no need to create ‘Service Discovery’ object if the service is deployed using F5® Distributed Cloud App Stack (Virtual Kubernetes Service). Enter the service name in the <Name of the Kubernetes Service>.<Namespace in which the Kubernetes Service is placed> format.

Step 6: Configure protocol and port.

Port refers to the port on which the service is serving and protocol refers to the protocol that the application uses.

EPPortProto
Figure: Endpoint Port and Protocol

Configure the port and protocol.

  • Protocol: Defaults value is TCP. Both TCP and UDP protocols are supported.

  • Port: port on which the application is serving. For example a web service application serving on port 8080.

The Service Selector Info field has two options in Discovery drop-down option:

  • Kubernetes: Discover from Kubernetes cluster. Use this when you deploy the service on F5 Kubernetes Service or any public cloud platform (EKS/AKS/GCP). Configure an extra object in case a public cloud platform is involved. If the service is hosted on F5 Kubernetes Service, then F5 seamlessly enables the service discovery.

  • HashiCorp Consul: Discover from Consul service. Use this option when you have an existing Consul cluster, or create a Consul cluster for service discovery where F5 reads discovery information directly from Consul. This requires you to create a discovery object with Consul connection information.

  • Service Selector Info: Kubernetes Service Selector information of the origin service. Select this option to directly discover a service running on F5 Kubernetes Service or any other public cloud kubernetes services such as EKS, AKS and GCP. An explicit ‘Service Discovery’ object has to be created if selected service is running on public cloud kubernetes services. There is no need to create ‘Service Discovery’ object if the service is deployed using F5® Distributed Cloud App Stack (Virtual Kubernetes Service). Enter the service name in the <Name of the Kubernetes Service>.<Namespace in which the Kubernetes Service is placed> format.

Step 7: Configure Virtual-Site, Site, or Network.

A selector can be a site, virtual site, virtual network, or known network. This defines the location from which origin service is discovered.

  • Select Virtual-Site, Site, or Virtual Network drop-down menu option.

EPRefSel
Figure: Configure Virtual-Site, Site, or Network

EPPortProto
Figure: Endpoint Port and Protocol

Configure the port and protocol.

  • Protocol: Defaults value is TCP. Both TCP and UDP protocols are supported.

  • Port: port on which the application is serving. For example a web service application serving on port 8080.

  • Service Selector Info: Kubernetes Service Selector information of the origin service. Select this option to directly discover a service running on F5 Kubernetes Service or any other public cloud kubernetes services such as EKS, AKS and GCP. An explicit ‘Service Discovery’ object has to be created if selected service is running on public cloud kubernetes services. There is no need to create ‘Service Discovery’ object if the service is deployed using F5® Distributed Cloud App Stack (Virtual Kubernetes Service). Enter the service name in the <Name of the Kubernetes Service>.<Namespace in which the Kubernetes Service is placed> format.

The Service Selector Info field has two options in Discovery drop-down option:

  • Kubernetes: Discover from Kubernetes cluster. Use this when you deploy the service on F5 Kubernetes Service or any public cloud platform (EKS/AKS/GCP). Configure an extra object in case a public cloud platform is involved. If the service is hosted on F5 Kubernetes Service, then F5 seamlessly enables the service discovery.

Choose a Virtual Network from the Reference pane once the Selector type is chosen.

  • HashiCorp Consul: Discover from Consul service. Use this option when you have an existing Consul cluster, or create a Consul cluster for service discovery where F5 reads discovery information directly from Consul. This requires you to create a discovery object with Consul connection information.
Step 7: Configure Virtual-Site, Site, or Network.

A selector can be a site, virtual site, virtual network, or known network. This defines the location from which origin service is discovered.

  • Select Virtual-Site, Site, or Virtual Network drop-down menu option.
Step 8: Create endpoint.
  • Select Save and Exit to create the endpoint.

After all the parameters are entered in the respective fields, selecting Save and Exit adds the endpoint object to the F5 Console.

EPCreated
Figure: Endpoint Created


Create Cluster

See Cluster for more information.

Step 1: Select the Namespace in which the associated endpoint is located.
  • Select the Namespace in which the associated endpoint is located.

NavtoNS
Figure: Navigate to Namespace

Step 2: Add Clusters.
  • In Load Balancers.

  • Select Manage > Virtual Host > select Clusters.

  • Select Add cluster button.

AddClust
Figure: Add Cluster

Step 3: The Add cluster form loads.

ConfigClust
Figure: Add Cluster Form

Step 4: Configure name, labels, and description.
  1. Name: Provide a name for identifying cluster object.

  2. Labels: Associate multiple labels from either known keys/known labels or custom keys and labels.

  3. Description: Provide a description to the cluster object.

Step 5: Configure endpoints associated with the cluster.

Endpoints refer to list of endpoints that are mapped to a specific cluster. A cluster can point to one or more endpoints.

  • + Select Endpoint button in the List of Endpoint Origin Servers(Endpoints) box.

  • Select + Add new endpoint or select existing endpoints by checking the boxes.

  • Select Endpoint button to add new endpoints.

ConfigClust
Figure: Add Cluster Form

ClustEPSel
Figure: Cluster Endpoint Selection

Step 6: Configure health checks associated with the cluster.

Health check refers to configuring checks to ensure underlying endpoints are available. It is required to configure a health check object first to list them while creating the cluster.

  • Toggle Show Advanced Fields to show more options in Origin Pool(cluster) Parameters section.

ClustHC
Figure: Cluster Health Check

Step 7: Select the health check object created.
  • Select the health check object created, or select + Add new Healthcheck button.

  • Select Health Check button to add, and return to cluster configuration page.

  • Enter Name, enter Labels and Description as needed.

ClustHCSel
Figure: Cluster Health Check Selection

Step 8: Configure load-balancer algorithm.

The Load balancer algorithm refers to a specific method of load-balancing to be applied on cluster object. Choose from the supported algorithms Round_Robin, Least_Request, Ring_Hash, Random, and Load Balancer Override. If no value is configured, the default value Round_Robin is applied .

  • Select Endpoint Selection in drop-down menu:

    • All Endpoints: Consider both remote and local endpoints for load balancing.

    • Local Endpoints Only: Consider only local endpoints for load balancing Enable this policy to load balance ONLY among locally discovered endpoints.

    • Local Endpoints Preferred: Prefer the local endpoints for load balancing. If local endpoints ar enot present remote endpoints will be considered.

ClustLBAlgo
Figure: Cluster Load Balance Algorithm

Step 9: Configure TLS for cluster object.

You can set TLS version and configure TLS certificates for the cluster object using the TLS parameters.

  • Select Configure link in TLS Parameters Origin in Pool(cluster) Parameters.

  • Upstream TLS Parameters form*** SNI Selection drop-down menu > enter SNI Value > Configure link in Common Parameters > Form > Apply button.

  • Toggle Show Advanced Fields to show Connection Timeout, HTTP Idle Timeout, and HTTP2 Enabled options under TLS Parameters.

ClustTLS
Figure: Cluster TLS Config

Step 10: Configure Circuit Breakers.
  • Toggle Show Advanced Fields to open Circuit Breakers box.

  • Input Priority, limits, requests, and counts as needed.

  • Input Outlier Detection information as needed.

Step 11: Configure Endpoint Subsets box for fallback policy.

Endpoint subset is a subset of endpoints grouped together using a key/value pair. Provide multiple keys and associate a label to group available endpoints. These are used in setting fallback policy.

  • Toggle Show Advanced Fields to open Endpoint Subsets box.

  • Select Configure link in Endpoint Subsets.

  • Select Default Subset label in drop-down menu.

  • Select Configure link in Fallback Policy.

ClustEPSubSet
Figure: Cluster Endpoint Subsets

Step 12: Configure Panic Threshold.
  • Toggle Show Advanced Fields to open Panic Threshold box.

  • Select No Panic threshold or Panic threshold in drop-down box.

Step 13: Add the cluster object to the F5® Distributed Cloud Console.

After all the parameters are entered in the respective fields, select Save and Exit. This adds the cluster object to the F5 console.

  • Select Save and Exit button after all the parameters are entered in the respective fields to add the cluster object to the F5 console.

ClustCreated
Figure: Cluster Created


Create Route

See Route for more information.

Step 1: Select the Namespace in which the associated cluster object is located.

NavNS
Figure: Navigate to Namespace

Step 2: Add Route.
  • In Load Balancers.

  • Select Manage > Virtual Host > select Routes.

  • Select Add Route button.

  • The Add route form gets loaded.

AddRoute
Figure: Add Route

Step 3: Enter the values for Name, Labels, and Description.
  • Enter values for Name, Labels, and Description.

AddRouteConfig
Figure: Add Route Config Options

Enter the values as per the following guidelines:

  1. Name: Provide a name for identifying route object on F5® Cloud Console.

  2. Labels: You can associate multiple labels from either known keys/known labels or custom keys and labels.

  3. Description: Provide a description to the route object.

Step 4: Configure routes associated with the route object.
  • Select Configure link in List of Routes box on bottom of Route form to open the Routes configuration form for different routing options.

AddRouteConfig
Figure: Add Route Config Options

  • Select + Add Item button.

ConfRoutesforRouteObj
Figure: Configure Routes for Route Object

Step 5: Implement traffic match patterns, and rules based on different HTTP methods.
  • Select Configure link in Request Match box to implement traffic match patterns and rules based on different HTTP methods.

  • Select + Add Item button in Match page.

  • Select HTTP Method in drop-down menu: ANY (HTTP method), GET, HEAD, POST, PUT, DELETE, OPTIONS, TRACE, and PATCH.

  • Select Patch Match drop-down menu option in Match Condition box.

Choose one of the three available match patterns:

  • Prefix > enter Prefix value in box.

  • Path > enter Path value in box.

  • Regex > enter Regex value in box.

You can also specify an optional combination Query Parameters and Headers.

  • Select + Add Item button.

RouteMatch
Figure: Route Match Options

  • Enter the configuration parameters in new page.

  • Select Add Item button.

  • Select Add Item button.

  • Select Apply button.

Route Action: Route action specifies the action executed when this route object is accessed. You can choose one of the three options:

  • Select Action in drop-down menu options:

    • Destination List: Route destination enables you to map one or more cluster objects to this specific route.

    • Redirect: Route redirect enables you to redirect requests received by this route.

    • Direct Response: Route direct response enables you to provide a response code.

Configuring Route Destination:

Selecting Destination List in route action provides with options to associate one or more clusters to the destination.

  • Select Apply button.

  • Select Action in drop-down menu options:

    • Destination List: Route destination enables you to map one or more cluster objects to this specific route.
  • Select Action in drop-down menu options:

    • Destination List: Route destination enables you to map one or more cluster objects to this specific route.
  • Select Action in drop-down menu options:

    • Destination List: Route destination enables you to map one or more cluster objects to this specific route.

    • Redirect: Route redirect enables you to redirect requests received by this route.

    • Direct Response: Route direct response enables you to provide a response code.

Configuring Route Destination:

Selecting Destination List in route action provides with options to associate one or more clusters to the destination.

  • Select Apply button.

RouteAction
Figure: Route Action Options

Step 6: Apply Advanced Options, and Add Route.
  • Toggle Show Advanced Fields to expand box and configure Advanced Options.

  • Select WAF Config drop-down menu in WAF box to apply Application Firewall option.

  • Check box for Service Policy if needed.

  • Select Add Item to add the route object to the F5 Cloud Console.

Route
Figure: Route Options

  • Select Apply button in Routes > Global Configuration Specification page.

Route
Figure: Route Options

  • Select Save and Exit button to add route.

Route
Figure: Route Created


Create Advertise Policy

See Advertise Policies for more information.

Step 1: Select the namespace in which the advertise policy needs to be created.
  • Select the namespace in which the advertise policy needs to be created.

NavNS
Figure: Navigate to Namespace

Step 2: Add advertise policy.
  • In Load Balancers.

  • Select Manage > Virtual Host > select Advertise Policies.

  • Select Advertise Policies button.

  • The Add route form gets loaded.

AddAdvPol
Figure: Add Advertise Policy

Step 3: Enter name, labels, and description in the Add advertise policy form.
  • Enter name, labels, and description in the Add advertise policy form.
  1. Name: Provide a name for identifying advertise policy.

  2. Labels: Users can associate multiple labels from either Known Keys/Know Labels or custom keys and labels.

  3. Description: Users can provide a description to Advertise policy object.

ConfAdvPolOpt
Figure: Advertise Policy Config Options

Step 4: Enter Where to advertise the service.

Enter Where to advertise the service.

The field Where enables you to advertise a service on a site, virtual site, and virtual network. For example, if multiple sites are spatially distributed across regions (cloud and physical), you can discover a service from one site and advertise the same on one or more sites.

  • Toggle Show Advanced Fields in Advertise Policy box to show more options.

  • Select Virtual-Site, Site, or Virtual Network drop-down menu in Advertise Policy box.

    • Site: A site registered and listed in the Site List in the system namespace.

    • Virtual Site: One or more sites grouped into a virtual site using key/label. If a virtual site has more than one site, advertise policy will announce the services on all the sites.

    • Virtual Network: A Virtual network created by user. Advertise policy advertises the service on all devices which comprise the chosen virtual network.

  • Select Reference and Network Type options in drop-down menu options.

AdvPolWhere
Figure: Advertise Policy Where Options

Step 5: Enter port and protocol.
  • Toggle Show Advanced Fields in Advertise Policy box to show more options.

  • Select Protocol in drop-down menu, TCP or UPD.

    • Protocol: Refers to protocol that the service supports. Default is TCP
  • Enter TCP/UDP Port number in box.

    • Port: Refers to port on which the discovered service is advertised. This can be a different port than the originally discovered port from the ‘Endpoint’ object. Advertising on public networks is supported for only ports 80 and 443.

AdvPolPortProto
Figure: Advertise Policy Protocol and Port

Step 6: Add configurations as needed, and advertise policy object to the F5 Console.
  • Select or enter VIP, TLS Parameters, Disable X-Forwarded-For Header, and List of Public IP sections as needed.

  • After entering all required parameters in the respective fields, select Save and Exit button to add the advertise policy object to F5.

AdvPol
Figure: Advertise Policy


Create Virtual Host

See Virtual Host for more information.

Step 1: Select the Namespace in which virtual host needs to be created.

Select the Namespace in which virtual host needs to be created.

NavNS
Figure: Navigate to Namespace

Step 2: Add virtual host.
  • In Load Balancers.

  • Select Manage > Virtual Host > select Virtual Hosts.

  • Select + Virtual Host or Add Virtual Host button.

AddVHost
Figure: Add Virtual Host

Step 3: Enter name, labels, and description in the Add virtual host form.
  • Enter name, labels, and description as needed.
  1. Name: Provide a name for identifying advertise policy object on F5 platform.

  2. Labels: You can associate multiple labels from either known keys/known labels or custom keys and labels.

  3. Description: Provide a description to advertise policy object.

AddVHConf
Figure: Virtual Host Config Options

Step 4: Select a value for the Proxy Type.
  • Select a value for the Proxy Type drop-down menu.

    • UDP Proxy: Install UDP proxy.

    • Secret Management Access Proxy: Install Secret Management Access proxy.

Note: Proxy type enables you to configure specific type of proxy on the virtual host.

VHProxType
Figure: Virtual Host Proxy Type Options

Note: The virtual host of the UDP Proxy type can be monitored in the Virtual Hosts > HTTP Connect & DRP page in your application namespace. The UDP Proxy type does not support extensive monitoring that other types of virtual hosts support.

Step 5: Select Add domain in Domains.
  • Select + Add item in Domains box.

Note: Domain is used to access the virtual host. A virtual host can have one or more domains associated with it.

VHDomConf
Figure: Virtual Host Domain Config

Step 6: Select route to associate one or more routes with the virtual host.
  • + Select Route button in Routes box to associate one or more routes with the virtual host.

  • Check existing Route or + Add new Route, configure as needed.

`

  • Select Route button to add and return to previous page.

VHRouteSel
Figure: Virtual Host Route Selection

Step 7: Select advertise policy to associate an advertise policy with the virtual host.
  • + Select Advertise Policy button in Routes box to associate an advertise policy with the virtual host.

  • Check existing Advertise Policy or + Add new Advertise Policy, configure as needed.

  • Select Advertise Policy button to add and return to previous page.

VHAdvPol
Figure: Virtual Host Advertise Policy Selection

Step 8: Additional Virtual Host options.
  • Select or enter other sections as needed.

  • TLS Parameters

  • WAF Config

  • Dynamic Reverse Proxy

  • Authentication Details

  • Add Request Headers

  • Remove Request Headers

  • Buffer Policy

  • CORS Policy Configuration

  • Add Location

  • Retry Policy

  • Compression Parameters

  • Custom Error Responses

  • Disable default error pages

  • Maximum Request Header Size (KiB)

  • Select Type of Challenge

  • Rate Limiter

  • Maximum Request Header Size (KiB)

  • Select Type of Challenge

  • Rate Limiter

  • Maximum Request Header Size (KiB)

  • Select Type of Challenge

  • Rate Limiter

  • Rate Limiter Allowed Prefixes

  • User Identification Policy

  • Idle timeout (in milleseconds)

  • Disable DNS resolution

  • Server Header value to be used in response

  • Path normalize

  • Rate Limiter Allowed Prefixes

  • User Identification Policy

  • Idle timeout (in milleseconds)

Step 9: Add virtual host to create a virtual host object.
  • After entering all required parameters, select Save and Exit button to create a virtual host object.

  • After entering all required parameters, select Save and Exit button to create a virtual host object.


Concepts


API References