Create and Advertise Virtual Host

See Endpoint guide for more information.

• In Console, select the Multi-Cloud App Connect service.

Figure: Homepage

• Select Namespace or create a namespace where an endpoint needs to be created.

• Select Manage > Virtual Host > Endpoints.

• Select Add Endpoint.

Figure: Endpoints

• Enter the values per the following guidelines:

  • Name: Provide a name for identifying the endpoint object.

  • Labels: Associate multiple labels from known keys/known labels or custom keys/labels.

  • Description: Provide a description for the endpoint object.

Figure: Configure Endpoint Metadata

• Enable the Show Advanced Fields option in the Origin Server(Endpoint) section.

• From the Endpoint Specifier menu, select an option from the following:

  • Endpoint IP Address: This is the IP address of the origin server. For example, if a server/service is running in a public cloud platform, like AWS, this provides the publicly reachable IP address. Enter the IP address in the Endpoint IP Address field.

  • Endpoint Name: The endpoint's IP address is discovered using DNS name resolution. Enter the fully qualified domain name (FQDN) in the Endpoint Name field.

  • Service Selector Info: Select this option to directly discover a service running on F5 Kubernetes service or any other public cloud Kubernetes services, such as EKS, AKS, or GCP. An explicit Service Discovery object has to be created if the selected service is running on public cloud Kubernetes services. There is no need to create a Service Discovery object if the service is deployed using F5® Distributed Cloud App Stack Site (vK8s). From the Discovery menu, select whether a service is discovered from a K8s cluster or HashiCorp Consul service. For Kubernetes, use this when you deploy the service on F5 Kubernetes Service or any public cloud platform (EKS/AKS/GCP). Configure an extra object in case a public cloud platform is involved. If the service is hosted on F5 Kubernetes Service, then F5 seamlessly enables service discovery. For HashiCorp Consul, use this option when you have an existing Consul cluster, or create a Consul cluster for service discovery where F5 reads discovery information directly from Consul. This requires you to create a discovery object with Consul connection information.

Figure: Endpoint Specifier Options

Port refers to the port on which the service is serving and protocol refers to the protocol that the application uses.

• Protocol: Default value is TCP. Both TCP and UDP protocols are supported.

• Port: Port on which the application is serving. For example, a web service application serving on port 8080.

A selector can be a site, virtual site, virtual network, or known network. This defines the location from which the origin service is discovered.

• From the Virtual-Site or Site or Network drop-down menu, select an option.

• From the Reference and Network Type drop-down menus, select an option.

Select Save and Exit to create the endpoint.

• In the Multi-Cloud App Connect service, select the namespace in which the associated endpoint is located.

• Select Manage > Virtual Host > Clusters.

• Select Add Cluster.

Figure: Add Cluster

• Enter the values per the following guidelines:

  • Name: Provide a name for identifying the cluster object.

  • Labels: Associate multiple labels from known keys/known labels or custom keys/labels.

  • Description: Provide a description for the cluster object.

Figure: Add Cluster Metadata

Endpoints refer to a list of endpoints that are mapped to a specific cluster. A cluster can point to one or more endpoints.

• In the Origin Servers(Endpoints) section, click Add Item.

• From the Endpoints drop-down menu, select an endpoint. Use Add Item to add new endpoints.

Figure: Select Cluster Endpoint

The load balancer algorithm refers to a specific method of load-balancing applied on the cluster object.

• Enable the Show Advanced Fields option.

• From the LoadBalancer Algorithm menu, choose from the supported algorithms. If no value is configured, the default value Load Balancer Override is applied.

• Under Health Checks, click Add Item.

• From the drop-down menu that appears, click Add Item. Or select an existing object.

Figure: Cluster Health Check Selection

• Enter Name, enter Labels, and Description as needed.

• Configure all other options as needed.

• Click Continue.

• From the Endpoint Selection drop-down menu, select an option:

  • All Endpoints: Consider both remote and local endpoints for load balancing.

  • Local Endpoints Only: Consider only local endpoints for load balancing. Enable this policy to load balance only among locally-discovered endpoints.

  • Local Endpoints Preferred: Prefer the local endpoints for load balancing. If local endpoints are not present, remote endpoints will be considered.

You can set TLS version and configure TLS certificates for the cluster object using TLS Parameters.

• Select Configure link in TLS Parameters box.

• From the SNI Selection drop-down menu, select an option. Enter the corresponding if you selected SNI Value.

• From the TLS Parameters menu, Inline TLS Parameters.

• Click Configure. See Blindfold your TLS Certificates guide for more information.

• Select Apply.

• Select Apply.

• Optionally, enable the Show Advanced Fields option in the Origin Pool(cluster) Parameters section to configure Connection Timeout, HTTP Idle Timeout, HTTP Protocol Configuration, and Panic Threshold.

• Enable the Show Advanced Fields option to open the Circuit Breakers section.

• Enter values for Priority, Connection limit, Pending Requests, Retry Count, and Maximum Request Count as needed.

• Configure Outlier Detection information as needed.

An endpoint subset is a subset of endpoints grouped together using a key/value pair. Provide multiple keys and associate a label to group available endpoints. These are used in setting fallback policies.

Select Save and Exit after all the parameters are entered in the respective fields.

• In Multi-Cloud App Connect service, select Manage > Virtual Host.

• Select Routes.

• Select the namespace in which the associated cluster object is located.

• Select Add Route.

Figure: Add Route

• Enter Name, Labels, and Description as needed. Enter the values per the following guidelines:

  • Name: Provide a name for identifying the route object.

  • Labels: Associate multiple labels from known keys/known labels or custom keys/labels.

  • Description: Provide a description to the route object.

Figure: Route Metadata Configuration

• Select Configure link in List of Routes section.

• Select Add Item.

Figure: Add Route

• Select Configure link in Request Match section to implement traffic match patterns and rules based on different HTTP methods.

• Select Add Item.

• From the HTTP Method drop-down menu, select an HTTP method option.

• From the Path Match drop-down menu, select an option to match the HTTP method previously selected. Choose one of the three available match patterns:

  • Prefix: enter Prefix value in box.

  • Path: enter Path value in box.

  • Regex: enter Regex value in box.

• Optionally, specify key-value pairs using Add Item for Query Parameters and Headers options.

• From the Port Match menu, select an option to match using ports.

• Click Apply to save route match conditions.

• Click Apply to add match conditions.

After you configure the match criteria in the previous step, you must configure what to do (action) after a match is made.

• Enable the Show Advanced Fields option in the Actions section.

• From the Action menu, select an option from the following:

  • Destination List: Route destination enables you to map one or more cluster objects to this specific route. Click Configure to set up a destination to send the request to.

  • Redirect Redirect enables you to redirect requests received by this route. Configure the options for the redirect response.

  • Direct Response: Direct response enables you to provide a response code. Click Configure to set up a response code and response body.

• Enable the Show Advanced Fields option in the Advanced Actions section.

• From the WAF Config drop-down menu, enable a web application firewall (WAF).

• From the Service Policy Configuration field, check the box to disable a service policy at the route level but not virtual host level.

• After you finish, click Apply.

• Click Apply.

Select Save and Exit.

Select the namespace in which the advertise policy needs to be created.

• In Multi-Cloud App Connect > select Manage > Virtual Host.

• Select Advertise Policies.

• Select Add Advertise Policy.

Figure: Add Advertise Policy

• Enter a name, labels, and description in the form:

  • Name: Provides a name for identifying the advertise policy.

  • Labels: Associates multiple labels from known keys/know labels or custom keys/labels.

  • Description: Provides a description for the advertise policy object.

Figure: Advertise Policy Metadata

The Where section enables you to advertise a service on a site, virtual site, and virtual network. For example, if multiple sites are spatially distributed across regions (cloud and physical), you can discover a service from one site and advertise the same on one or more sites.

• Enable the Show Advanced Fields option in the Advertise Policy section.

• From the Virtual-Site or Site or Network drop-down menu, select an option from the following:

  • Virtual Site: One or more sites grouped into a virtual site using key/label. If a virtual site has more than one site, the advertise policy will announce the services on all the sites.

  • Site: A site registered and listed in the Site List in the system namespace.

  • Virtual Network: A virtual network created by a user. The advertise policy advertises the service on all devices which make up the chosen virtual network.

• From the Reference drop-down menu, select an option.

• From the Network Type drop-down menu, select an option.

• If you selected Virtual Site or Site, select the Enable advertise on internet vip option from the Internet VIP Choice drop-down menu.

Figure: Advertise Policy Where Options

• Enable Show Advanced Fields to show more options.

• From the Protocol drop-down menu, select TCP or UDP.

• From the TCP/UDP Port menu, choose to configure a single port or port ranges.

Note: TCP/UDP Port Refers to port on which the discovered service is advertised. This can be a different port than the originally discovered port from the Endpoint object. Advertising on public networks is supported only for ports 80 and 443.

Figure: Advertise Policy Protocol and Port

• Optionally, enter IP address for VIP. Must be an IPv4 or IPv6 address.

• Under TLS Parameters, select Configure link to apply custom TLS parameters for the advertise policy.

• Optionally, choose to disable the X-Forwarded-For header.

• After entering all required parameters, click Save and Exit to add the advertise policy object.

In the Multi-Cloud App Connect service, select the namespace to create the virtual host in.

Figure: Select Namespace

• Select Manage > Virtual Host > Virtual Hosts.

• Select Add Virtual Host.

Figure: Add Virtual Host

• Enter name, labels, and description as needed:

  • Name: Provide a name for identifying the virtual host object.

  • Labels: Associate multiple labels from known keys/known labels or custom keys/labels.

  • Description: Provide a description for the object.

Figure: Virtual Host Configuration

• From the Proxy Type drop-down menu, select a value. See the following options:

  • UDP Proxy: Installs a UDP proxy.

  • Secret Management Access Proxy: Installs a Secret Management Access proxy.

Note: The proxy type enables you to configure specific types of proxies on the virtual host. The virtual host of the UDP Proxy type can be monitored in the Virtual Hosts > HTTP Connect & DRP page in your application namespace. The UDP Proxy type does not support extensive monitoring that other types of virtual hosts support.

Figure: Proxy Type Options

The domain is used to access the virtual host. A virtual host can have one or more domains associated with it.

• Under the Domains box, click Add item.

• Enter the domain name that the virtual host will be associated with.

Figure: Domain Configuration

From the Routes menu, select one or more routes to associate with the virtual host. Use Add Item to select an existing route or configure a new route.

From the Advertise Policies menu, select an advertise policy. Use Add Item to select an existing policy or configure a new policy.

Many include optional configurations or default configurations.

• From the WAF Config menu, choose to enable a web application firewall (WAF) for your virtual host.

• Under Dynamic Reverse Proxy, choose to configure your virtual host to resolve endpoints dynamically.

• From the Authentication Details menu, choose to configure authentication to your virtual host.

• In the Add Request Headers section, configure whether you want to add or remove request headers for HTTP requests.

• In the Add Response Headers section, configure whether you want to add or remove response headers for HTTP responses.

• Under Buffer Policy, choose to configure a buffer policy for requests to the virtual host.

• Under CORS Policy, choose to configure options to have the origin domain request selected resources from another server at a different origin.

• Under Retry Policy, choose to configure the retry policy.

• Under Compression Parameters, choose to configure the compression of dispatched data for the load balancer.

• Under Custom Error Responses, choose to configure error codes for HTTP responses.

• From the Select Type of Challenge menu, choose to enable a JavaScript or Captcha challenge. The default option is No Challenge.

• From the Total Request Timeout menu, configure the amount of time the server spends on the request stream before canceling the request.

• Configure all other options as needed.

After you finish, select Save and Exit to create the virtual host object.