Virtual Hosts
On This Page:
Objective
This guide provides instructions on how to create and advertise a Virtual Host. A F5® Distributed Cloud Services virtual host is a reverse proxy that provides reachability to destinations that are in the inside network and clients are in the outside network. To know more about virtual host and associated key system entities, see Virtual Host.
Note: It is recommended that you use virtual hosts only for advanced configuration.
Using the instructions provided in this guide, you can create a virtual host that advertises a service deployed on a site and provide reachability to the endpoint where the service is available.
Prerequisites
The following prerequisites apply:
- A valid Account is required.
- Note: If you do not have an account, see Create an Account.
- Node or Cluster Image in case of creating virtual host to deploy load-balancing and/or other networking and security services within your cloud or edge location.
Configuration
The following image shows the virtual host creation workflow:

Configuration Sequence
Creating and advertising a virtual host requires performing the following sequence of actions:
Phase | Description |
---|---|
Discover Service | Discover a service from a Site or a Virtual Site. Sites are in the system namespace. Virtual Sites can be created in a namespace. |
Create Endpoint | Create an Endpoint object which requires an endpoint address type. Endpoint address can be of type IP or DNS Name or Service Info. |
Create Cluster | Create a cluster object which points to one or more endpoints in that namespace. |
Create Route | Create a Route object which maps to one or more Clusters in that namespace. |
Create Advertise Policy | Create an Advertise Policy object where the service can be advertised on Site or Virtual Site or Virtual Network (including the Public Internet). |
Create Virtual Host | Creates a Virtual Host object in a namespace where above Advertise Policy and Route are associated. |
Create Endpoint
Features can be viewed, and managed in multiple services.
This example shows Virtual Host
setup in Multi-Cloud App Connect
.
Note: It is recommended that you use virtual hosts only for advanced configuration and most of the virtual host functionality is now available through the HTTP Load Balancer or TCP Load Balancer.
Step 1: Open F5 Distributed Cloud Console, select Endpoints.
- Open
F5 Distributed Cloud Console
> selectMulti-Cloud App Connect
box.
Note: Homepage is role based, and your homepage may look different due to your role customization. Select
All Services
drop-down menu to discover all options. Customize Settings:Administration
>Personal Management
>My Account
>Edit work domain & skills
button >Advanced
box > checkWork Domain
boxes >Save changes
button.

-
Select
Namespace
or create a namespace where endpoint needs to be created, located in drop-down selector in upper-left corner. -
Select
Manage
in left-menu > selectVirtual Hosts
>Endpoints
. -
Select
Add Endpoint
button.

Note: If options are not showing available, select
Show
link inAdvanced nav options visible
in bottom left corner. If needed, selectHide
to minimize options from Advanced nav options mode.
See Endpoint for more information on Endpoints.
Step 2: Select a desired namespace, or create a namespace where endpoint needs to be created.

Step 3: Select and add endpoints.
-
In
Multi-Cloud App Connect
. -
Select
Manage
>Virtual Host
>Endpoints
. -
Select
Add Endpoint
button.

Step 4: Setup Endpoint.
-
Enter
Name
. -
Enter
Labels
andDescription
as needed.

Note: Enter the values as per the following guidelines:
Name: Provide a name for identifying the endpoint object on the F5® Distributed Cloud Console.
Labels: Associate multiple labels from either known keys/known labels or custom keys and labels.
Description: Provide a description to the endpoint object.
Step 5: Enter endpoint address by selecting one of the three options as shown in the image.
-
Toggle
Show Advanced Fields
to populateEndpoint Name (Advanced)
option in drop-down menu. -
Endpoint IP Address: IP Address of the origin service. For example, if a service is running in public cloud platform like AWS, provide the publicly reachable IP address in the
IP
field.

-
Endpoint Name: Endpoint's IP address is discovered using DNS name resolution the DNS name of the origin service. For example, if a service called
webapp
has a resolvable DNS namewebapp.customer1.net
associated with it, provide the DNS name in theDNS
field. -
Service Selector Info: Kubernetes Service Selector information of the origin service. Select this option to directly discover a service running on F5 Kubernetes Service or any other public cloud kubernetes services such as EKS, AKS and GCP. An explicit ‘Service Discovery’ object has to be created if selected service is running on public cloud kubernetes services. There is no need to create ‘Service Discovery’ object if the service is deployed using F5® Distributed Cloud App Stack (Virtual Kubernetes Service). Enter the service name in the
<Name of the Kubernetes Service>.<Namespace in which the Kubernetes Service is placed>
format. -
Endpoint Name (Advanced): Specifies name and TTL used for DNS resolution.
The Service Selector Info
field has options in Discovery
drop-down option:
-
Kubernetes: Discover from Kubernetes cluster. Use this when you deploy the service on F5 Kubernetes Service or any public cloud platform (EKS/AKS/GCP). Configure an extra object in case a public cloud platform is involved. If the service is hosted on F5 Kubernetes Service, then F5 seamlessly enables the service discovery.
-
HashiCorp Consul: Discover from Consul service. Use this option when you have an existing Consul cluster, or create a Consul cluster for service discovery where F5 reads discovery information directly from Consul. This requires you to create a discovery object with Consul connection information.
-
Service Selector Info: Kubernetes Service Selector information of the origin service. Select this option to directly discover a service running on F5 Kubernetes Service or any other public cloud kubernetes services such as EKS, AKS and GCP. An explicit ‘Service Discovery’ object has to be created if selected service is running on public cloud kubernetes services. There is no need to create ‘Service Discovery’ object if the service is deployed using F5® Distributed Cloud App Stack (Virtual Kubernetes Service). Enter the service name in the
<Name of the Kubernetes Service>.<Namespace in which the Kubernetes Service is placed>
format.
Step 6: Configure protocol and port.
Port refers to the port on which the service is serving and protocol refers to the protocol that the application uses.

Configure the port and protocol.
-
Protocol: Defaults value is
TCP
. Both TCP and UDP protocols are supported. -
Port: port on which the application is serving. For example a web service application serving on port 8080.
Step 7: Configure Virtual-Site, Site, or Network.
A selector can be a site, virtual site, virtual network, or known network. This defines the location from which origin service is discovered.
-
Select
Virtual-Site
,Site
, orVirtual Network
drop-down menu option. -
Select
Reference
andNetwork Type
drop-down menu options.

Step 8: Create Endpoint.
- Select
Save and Exit
button to create the endpoint.
After all the parameters are entered in the respective fields, selecting Save and Exit
adds the endpoint object to the F5 Console.

Create Cluster
See Cluster for more information.
Step 1: Select the Namespace in which the associated endpoint is located.
- Select the
Namespace
in which the associated endpoint is located inMulti-Cloud App Connect
.

Step 2: Add Clusters.
-
In
Multi-Cloud App Connect
. -
Select
Manage
>Virtual Host
> selectClusters
. -
Select
Add Cluster
button.

sa
Step 3: Setup cluster.
-
Enter
Name
: Provide a name for identifying cluster object. -
Enter
Labels
: Associate multiple labels from either known keys/known labels or custom keys and labels. -
Enter
Description
: Provide a description to the cluster object.

Step 4: Configure endpoints associated with the cluster.
Endpoints refer to list of endpoints that are mapped to a specific cluster. A cluster can point to one or more endpoints.
+ Add Item
button inOrigin Servers(Endpoints)
box.

Select Item
drop-down,+ Add Item
button to add new endpoints.

Step 5: Configure load-balancer algorithm.
The Load balancer algorithm refers to a specific method of load-balancing to be applied on cluster object. Choose from the supported algorithms.
-
Select
LoadBalancer Algorithm
drop-down menu option:-
Round_Robin
-
Least_Request
-
Ring_Hash
-
Random
-
Load Balancer Override
Note: If no value is configured, the default value
Round_Robin
is applied.Figure: Cluster Load Balance Algorithm -
Step 6: Configure health checks associated with the cluster.
Health check refers to configuring checks to ensure underlying endpoints are available. It is required to configure a health check object first to list them while creating the cluster.
- Select
+ Add Item
button inHealth Checks
box.

-
Select Item
drop-down menu that appears. -
Select
Health Check
. -
Select
+ Add Item
to openHealth Check Parameters
form.

-
Enter
Name
, enterLabels
andDescription
as needed. -
Configure form as needed.
-
Select
Continue
button.

Step 7: Endpoint Selection.
-
Select
Endpoint Selection
in drop-down menu:-
All Endpoints
: Consider both remote and local endpoints for load balancing. -
Local Endpoints Only
: Consider only local endpoints for load balancing Enable this policy to load balance ONLY among locally discovered endpoints. -
Local Endpoints Preferred
: Prefer the local endpoints for load balancing. If local endpoints are not present remote endpoints will be considered.
-

Step 8: Configure TLS for cluster object.
You can set TLS version and configure TLS certificates for the cluster object using the TLS parameters
.
- Select
Configure
link inTLS Parameters
box inOrigin in Pool(cluster) Parameters
.
-
Upstream TLS Parameters
formSNI Selection
drop-down menu > enterSNI Value
>Configure
link inCommon Parameters
> Form >Apply
button. -
Toggle
Show Advanced Fields
to showConnection Timeout
,HTTP Idle Timeout
, andHTTP Protocol Configuration
Panic Threshold
Header transformation
options underTLS Parameters
.
Step 9: Configure Panic Threshold.
- Select
No Panic threshold
orPanic threshold
in drop-down box.
Step 10: Configure Circuit Breakers.
-
Toggle
Show Advanced Fields
to openCircuit Breakers
box. -
Input
Priority
,Connection limit
,Pending Requests
,Retry Count
,Maximum Request Count
as needed. -
Input
Outlier Detection
information as needed.
Step 11: Configure Endpoint Subsets box for fallback policy.
Endpoint subset is a subset of endpoints grouped together using a key/value pair. Provide multiple keys and associate a label to group available endpoints. These are used in setting fallback policy.
-
Toggle
Show Advanced Fields
to openEndpoint Subsets
box. -
Select
Configure
link inEndpoint Subsets
. -
Select
Default Subset
label in drop-down menu. -
Select
Configure
link inFallback Policy
.

Step 12: Add the cluster object to the F5 Distributed Cloud Console.
After all the parameters are entered in the respective fields, select Save and Exit
. This adds the cluster object to the F5 console.
- Select
Save and Exit
button after all the parameters are entered in the respective fields to add the cluster object to the F5 console.
Create Route
See Route for more information.
Step 1: Add Route.
-
In
Multi-Cloud App Connect
> selectManage
>Virtual Host
. -
Select
Routes
. -
Select
Add Route
button. -
The
Add Route
form gets loaded.

Step 2: Select the Namespace in which the associated cluster object is located.

Step 3: Enter the values for Name, Labels, and Description.
-
Enter
Name
. -
Enter
Labels
andDescription
as needed.

Enter the values as per the following guidelines:
-
Name
: Provide a name for identifying route object on F5® Cloud Console. -
Labels
: You can associate multiple labels from either known keys/known labels or custom keys and labels. -
Description
: Provide a description to the route object.
Step 4: Configure routes associated with the route object.
- Select
Configure
link inList of Routes
box on bottom ofRoute
form to open theRoutes
configuration form for different routing options.

- Select
+ Add Item
button in Routes page.


Step 5: Implement traffic match patterns, and rules based on different HTTP methods.
-
Select
Configure
link inRequest Match
box to implement traffic match patterns and rules based on different HTTP methods. -
Select
+ Add Item
button inMatch
page. -
Select
HTTP Method
in drop-down menu: ANY (HTTP method), GET, HEAD, POST, PUT, DELETE, OPTIONS, TRACE, and PATCH. -
Select
Path Match
drop-down menu option inMatch Condition
box.
Choose one of the three available match patterns:
-
Prefix
> enterPrefix
value in box. -
Path
> enterPath
value in box. -
Regex
> enterRegex
value in box.
You can also specify an optional combination Query Parameters
and Headers
.
- Select
+ Add Item
button.

-
Enter the configuration parameters in new page.
-
Select
Add Item
button. -
Select
Apply
button.
Route Action: Route action specifies the action executed when this route object is accessed. You can choose one of the three options:
-
Select
Action
in drop-down menu options:-
Destination List
: Route destination enables you to map one or more cluster objects to this specific route.-
Select
Configure
inDestination List
>+ Add Item
inDestination Origin pools (cluster)
> selectCluster
and setup as needed >Apply
button.
Note: Selecting
Destination List
in route action provides with options to associate one or more clusters to the destination. -
-
Redirect: Route
redirect enables you to redirect requests received by this route.- Enter info in all boxes you want to customize.
-
Direct Response
: Route direct response enables you to provide a response code.- Select
Configure
inDirect Response
.
- Select
-
-
Toggle
Show Advanced Fields
inActions
box to showHeaders
options if needed.

Step 6: Apply Advanced Options, and Add Route.
-
Toggle
Show Advanced Fields
to expand box and configureAdvanced Options
. -
Select
WAF Config
drop-down menu inWAF
box to applyApplication Firewall
option. -
Check box for
Service Policy
if needed. -
Select
Add Item
to add the route object to the F5 Cloud Console.

- Select
Apply
button inRoutes
>Global Configuration Specification
page.

- Select
Save and Exit
button to add route.

Create Advertise Policy
See Advertise Policies for more information.
Step 1: Select the namespace in which the advertise policy needs to be created.
- Select the namespace in which the advertise policy needs to be created.

Step 2: Add advertise policy.
-
In
Multi-Cloud App Connect
> selectManage
>Virtual Host
. -
Select
Advertise Policies
. -
Select
Add Advertise Policy
button.

Step 3: Enter name, labels, and description in the Add advertise policy form.
- Enter name, labels, and description in the
Add advertise policy
form.
-
Name: Provide a name for identifying advertise policy.
-
Labels: Users can associate multiple labels from either Known Keys/Know Labels or custom keys and labels.
-
Description: Users can provide a description to Advertise policy object.

Step 4: Enter Where to advertise the service.
Enter Where
to advertise the service.
The field Where
enables you to advertise a service on a site, virtual site, and virtual network. For example, if multiple sites are spatially distributed across regions (cloud and physical), you can discover a service from one site and advertise the same on one or more sites.
-
Toggle
Show Advanced Fields
inAdvertise Policy
box to show more options. -
Select
Virtual-Site
,Site
, orVirtual Network
drop-down menu inAdvertise Policy
box.-
Virtual Site
: One or more sites grouped into a virtual site using key/label. If a virtual site has more than one site, advertise policy will announce the services on all the sites. -
Site
: A site registered and listed in theSite List
in thesystem
namespace. -
Virtual Network
: A Virtual network created by user. Advertise policy advertises the service on all devices which comprise the chosen virtual network.
-
-
Select
Reference
andNetwork Type
options in drop-down menus.

Step 5: Enter port and protocol.
-
Toggle
Show Advanced Fields
inAdvertise Policy
box to show more options. -
Select
Protocol
in drop-down menu,TCP
orUPD
.- Protocol: Refers to protocol that the service supports. Default is
TCP
- Protocol: Refers to protocol that the service supports. Default is
-
Enter
TCP/UDP Port
number in box.- Port: Refers to port on which the discovered service is advertised. This can be a different port than the originally discovered port from the
Endpoint
object. Advertising on public networks is supported for only ports 80 and 443.
- Port: Refers to port on which the discovered service is advertised. This can be a different port than the originally discovered port from the

Step 6: Add configurations as needed, and advertise policy object to the F5 Console.
-
Select or enter
VIP
,TLS Parameters
,Disable X-Forwarded-For Header
, andList of Public IP
sections as needed. -
After entering all required parameters in the respective fields, select
Save and Exit
button to add the advertise policy object to F5.

Create Virtual Host
See Virtual Host for more information.
Step 1: Select the Namespace in which virtual host needs to be created.
Select the Namespace in which virtual host needs to be created.

Step 2: Add virtual host.
-
In
Multi-Cloud App Connect
> selectManage
>Virtual Host
-
Select
Virtual Hosts
. -
Select
+ Virtual Host
orAdd Virtual Host
button.

Step 3: Enter name, labels, and description in the Add virtual host form.
- Enter name, labels, and description as needed.
-
Name: Provide a name for identifying advertise policy object on F5 platform.
-
Labels: You can associate multiple labels from either known keys/known labels or custom keys and labels.
-
Description: Provide a description to advertise policy object.

Step 4: Select a value for the Proxy Type.
-
Select a value for the
Proxy Type
drop-down menu.-
UDP Proxy
: Install UDP proxy. -
Secret Management Access Proxy
: Install Secret Management Access proxy.
-
Note: Proxy type enables you to configure specific type of proxy on the virtual host.

Note: The virtual host of the
UDP Proxy
type can be monitored in theVirtual Hosts
>HTTP Connect & DRP
page in your application namespace. TheUDP Proxy
type does not support extensive monitoring that other types of virtual hosts support.
Step 5: Select Add domain in Domains.
- Select
+ Add item
inDomains
box.
Note: Domain is used to access the virtual host. A virtual host can have one or more domains associated with it.

Step 6: Select route to associate one or more routes with the virtual host.
-
+ Select Route
button inRoutes
box to associate one or more routes with the virtual host. -
Check existing
Route
or+ Add new Route
, configure as needed. -
Select Route
button to add and return to previous page.

Step 7: Select advertise policy to associate an advertise policy with the virtual host.
-
+ Select Advertise Policy
button inRoutes
box to associate an advertise policy with the virtual host. -
Check existing
Advertise Policy
or+ Add new Advertise Policy
, configure as needed. -
Select Advertise Policy
button to add and return to previous page.

Step 8: Additional Virtual Host options.
-
Select or enter other sections as needed.
-
TLS Parameters
-
WAF Config
-
Dynamic Reverse Proxy
-
Authentication Details
-
Add Request Headers
-
Remove Request Headers
-
Buffer Policy
-
CORS Policy Configuration
-
Add Location
-
Retry Policy
-
Compression Parameters
-
Custom Error Responses
-
Disable default error pages
-
Maximum Request Header Size (KiB)
-
Select Type of Challenge
-
Rate Limiter
-
Maximum Request Header Size (KiB)
-
Select Type of Challenge
-
Rate Limiter
-
Maximum Request Header Size (KiB)
-
Select Type of Challenge
-
Rate Limiter
-
Rate Limiter Allowed Prefixes
-
User Identification Policy
-
Idle timeout (in milleseconds)
-
Disable DNS resolution
-
Server Header value to be used in response
-
Path normalize
-
Rate Limiter Allowed Prefixes
-
User Identification Policy
-
Idle timeout (in milleseconds)
Step 9: Add virtual host to create a virtual host object.
- After entering all required parameters, select
Save and Exit
button to create a virtual host object.