Virtual Hosts

Objective

This guide provides instructions on how to create and advertise a Virtual Host. A F5® Distributed Cloud Services virtual host is a reverse proxy that provides reachability to destinations that are in the inside network and clients are in the outside network. To know more about virtual host and associated key system entities, see Virtual Host.

Note: It is recommended that you use virtual hosts only for advanced configuration.

Using the instructions provided in this guide, you can create a virtual host that advertises a service deployed on a site and provide reachability to the endpoint where the service is available.


Prerequisites

The following prerequisites apply:

  • Node or Cluster Image in case of creating virtual host to deploy load-balancing and/or other networking and security services within your cloud or edge location.

Configuration

The following image shows the virtual host creation workflow:

FlowChart
Figure: Setting up a VirtualHost

Configuration Sequence

Creating and advertising a virtual host requires performing the following sequence of actions:

PhaseDescription
Discover ServiceDiscover a service from a Site or a Virtual Site. Sites are in the system namespace. Virtual Sites can be created in a namespace.
Create EndpointCreate an Endpoint object which requires an endpoint address type. Endpoint address can be of type IP or DNS Name or Service Info.
Create ClusterCreate a cluster object which points to one or more endpoints in that namespace.
Create RouteCreate a Route object which maps to one or more Clusters in that namespace.
Create Advertise PolicyCreate an Advertise Policy object where the service can be advertised on Site or Virtual Site or Virtual Network (including the Public Internet).
Create Virtual HostCreates a Virtual Host object in a namespace where above Advertise Policy and Route are associated.

Create Endpoint

Features can be viewed, and managed in multiple services.

This example shows Virtual Host setup in Multi-Cloud App Connect.

Note: It is recommended that you use virtual hosts only for advanced configuration and most of the virtual host functionality is now available through the HTTP Load Balancer or TCP Load Balancer.

Step 1: Open F5 Distributed Cloud Console, select Endpoints.
  • Open F5 Distributed Cloud Console > select Multi-Cloud App Connect box.

Note: Homepage is role based, and your homepage may look different due to your role customization. Select All Services drop-down menu to discover all options. Customize Settings: Administration > Personal Management > My Account > Edit work domain & skills button > Advanced box > check Work Domain boxes > Save changes button.

NEW HOMEPAGE 22
Figure: Homepage
  • Select Namespace or create a namespace where endpoint needs to be created, located in drop-down selector in upper-left corner.

  • Select Manage in left-menu > select Virtual Hosts > Endpoints.

  • Select Add Endpoint button.

VIRTUALHOSTS ENDPOINTS2 2 4 6
Figure: Endpoints

Note: If options are not showing available, select Show link in Advanced nav options visible in bottom left corner. If needed, select Hide to minimize options from Advanced nav options mode.

See Endpoint for more information on Endpoints.

Step 2: Select a desired namespace, or create a namespace where endpoint needs to be created.
VIRTUALHOSTS ENDPOINTS2 2 4 6
Figure: Endpoints
Step 3: Select and add endpoints.
  • In Multi-Cloud App Connect.

  • Select Manage > Virtual Host > Endpoints.

  • Select Add Endpoint button.

EPConfig
Figure: Create an Endpoint
Step 4: Setup Endpoint.
  • Enter Name.

  • Enter Labels and Description as needed.

EPConfig
Figure: Configure an Endpoint

Note: Enter the values as per the following guidelines:

Name: Provide a name for identifying the endpoint object on the F5® Distributed Cloud Console.

Labels: Associate multiple labels from either known keys/known labels or custom keys and labels.

Description: Provide a description to the endpoint object.

Step 5: Enter endpoint address by selecting one of the three options as shown in the image.
  • Toggle Show Advanced Fields to populate Endpoint Name (Advanced) option in drop-down menu.

  • Endpoint IP Address: IP Address of the origin service. For example, if a service is running in public cloud platform like AWS, provide the publicly reachable IP address in the IP field.

EPIPAddr
Figure: Endpoint Address IP option
  • Endpoint Name: Endpoint's IP address is discovered using DNS name resolution the DNS name of the origin service. For example, if a service called webapp has a resolvable DNS name webapp.customer1.net associated with it, provide the DNS name in the DNS field.

  • Service Selector Info: Kubernetes Service Selector information of the origin service. Select this option to directly discover a service running on F5 Kubernetes Service or any other public cloud kubernetes services such as EKS, AKS and GCP. An explicit ‘Service Discovery’ object has to be created if selected service is running on public cloud kubernetes services. There is no need to create ‘Service Discovery’ object if the service is deployed using F5® Distributed Cloud App Stack (Virtual Kubernetes Service). Enter the service name in the <Name of the Kubernetes Service>.<Namespace in which the Kubernetes Service is placed> format.

  • Endpoint Name (Advanced): Specifies name and TTL used for DNS resolution.

The Service Selector Info field has options in Discovery drop-down option:

  • Kubernetes: Discover from Kubernetes cluster. Use this when you deploy the service on F5 Kubernetes Service or any public cloud platform (EKS/AKS/GCP). Configure an extra object in case a public cloud platform is involved. If the service is hosted on F5 Kubernetes Service, then F5 seamlessly enables the service discovery.

  • HashiCorp Consul: Discover from Consul service. Use this option when you have an existing Consul cluster, or create a Consul cluster for service discovery where F5 reads discovery information directly from Consul. This requires you to create a discovery object with Consul connection information.

  • Service Selector Info: Kubernetes Service Selector information of the origin service. Select this option to directly discover a service running on F5 Kubernetes Service or any other public cloud kubernetes services such as EKS, AKS and GCP. An explicit ‘Service Discovery’ object has to be created if selected service is running on public cloud kubernetes services. There is no need to create ‘Service Discovery’ object if the service is deployed using F5® Distributed Cloud App Stack (Virtual Kubernetes Service). Enter the service name in the <Name of the Kubernetes Service>.<Namespace in which the Kubernetes Service is placed> format.

Step 6: Configure protocol and port.

Port refers to the port on which the service is serving and protocol refers to the protocol that the application uses.

EPPortProto
Figure: Endpoint Port and Protocol

Configure the port and protocol.

  • Protocol: Defaults value is TCP. Both TCP and UDP protocols are supported.

  • Port: port on which the application is serving. For example a web service application serving on port 8080.

Step 7: Configure Virtual-Site, Site, or Network.

A selector can be a site, virtual site, virtual network, or known network. This defines the location from which origin service is discovered.

  • Select Virtual-Site, Site, or Virtual Network drop-down menu option.

  • Select Reference and Network Type drop-down menu options.

EPRefSel
Figure: Configure Virtual-Site, Site, or Network
Step 8: Create Endpoint.
  • Select Save and Exit button to create the endpoint.

After all the parameters are entered in the respective fields, selecting Save and Exit adds the endpoint object to the F5 Console.

EPCreated
Figure: Endpoint Created

Create Cluster

See Cluster for more information.

Step 1: Select the Namespace in which the associated endpoint is located.
  • Select the Namespace in which the associated endpoint is located in Multi-Cloud App Connect.
NavtoNS
Figure: Navigate to Namespace
Step 2: Add Clusters.
  • In Multi-Cloud App Connect.

  • Select Manage > Virtual Host > select Clusters.

  • Select Add Cluster button.

AddClust
Figure: Add Cluster

sa

Step 3: Setup cluster.
  • Enter Name: Provide a name for identifying cluster object.

  • Enter Labels: Associate multiple labels from either known keys/known labels or custom keys and labels.

  • Enter Description: Provide a description to the cluster object.

ConfigClust
Figure: Add Cluster Form
Step 4: Configure endpoints associated with the cluster.

Endpoints refer to list of endpoints that are mapped to a specific cluster. A cluster can point to one or more endpoints.

  • + Add Item button in Origin Servers(Endpoints) box.
ConfigClust
Figure: Add Cluster Form
  • Select Item drop-down, + Add Item button to add new endpoints.
ClustEPSel
Figure: Cluster Endpoint Selection
Step 5: Configure load-balancer algorithm.

The Load balancer algorithm refers to a specific method of load-balancing to be applied on cluster object. Choose from the supported algorithms.

  • Select LoadBalancer Algorithm drop-down menu option:

    • Round_Robin

    • Least_Request

    • Ring_Hash

    • Random

    • Load Balancer Override

    Note: If no value is configured, the default value Round_Robin is applied.

    ClustLBAlgo
    Figure: Cluster Load Balance Algorithm
Step 6: Configure health checks associated with the cluster.

Health check refers to configuring checks to ensure underlying endpoints are available. It is required to configure a health check object first to list them while creating the cluster.

  • Select + Add Item button in Health Checks box.
ClustHC
Figure: Cluster Health Check
  • Select Item drop-down menu that appears.

  • Select Health Check.

  • Select + Add Item to open Health Check Parameters form.

ClustHCSel
Figure: Cluster Health Check Selection
  • Enter Name, enter Labels and Description as needed.

  • Configure form as needed.

  • Select Continue button.

ClustHCSel
Figure: Cluster Health Check Selection
Step 7: Endpoint Selection.
  • Select Endpoint Selection in drop-down menu:

    • All Endpoints: Consider both remote and local endpoints for load balancing.

    • Local Endpoints Only: Consider only local endpoints for load balancing Enable this policy to load balance ONLY among locally discovered endpoints.

    • Local Endpoints Preferred: Prefer the local endpoints for load balancing. If local endpoints are not present remote endpoints will be considered.

ClustHC
Figure: Endpoint Selection
Step 8: Configure TLS for cluster object.

You can set TLS version and configure TLS certificates for the cluster object using the TLS parameters.

  • Select Configure link in TLS Parameters box in Origin in Pool(cluster) Parameters.
  • Upstream TLS Parameters form SNI Selection drop-down menu > enter SNI Value > Configure link in Common Parameters > Form > Apply button.

  • Toggle Show Advanced Fields to show Connection Timeout, HTTP Idle Timeout, and HTTP Protocol Configuration Panic Threshold Header transformation options under TLS Parameters.

Step 9: Configure Panic Threshold.
  • Select No Panic threshold or Panic threshold in drop-down box.
Step 10: Configure Circuit Breakers.
  • Toggle Show Advanced Fields to open Circuit Breakers box.

  • Input Priority, Connection limit, Pending Requests, Retry Count, Maximum Request Count as needed.

  • Input Outlier Detection information as needed.

Step 11: Configure Endpoint Subsets box for fallback policy.

Endpoint subset is a subset of endpoints grouped together using a key/value pair. Provide multiple keys and associate a label to group available endpoints. These are used in setting fallback policy.

  • Toggle Show Advanced Fields to open Endpoint Subsets box.

  • Select Configure link in Endpoint Subsets.

  • Select Default Subset label in drop-down menu.

  • Select Configure link in Fallback Policy.

ClustEPSubSet
Figure: Cluster Endpoint Subsets
Step 12: Add the cluster object to the F5 Distributed Cloud Console.

After all the parameters are entered in the respective fields, select Save and Exit. This adds the cluster object to the F5 console.

  • Select Save and Exit button after all the parameters are entered in the respective fields to add the cluster object to the F5 console.

Create Route

See Route for more information.

Step 1: Add Route.
  • In Multi-Cloud App Connect > select Manage > Virtual Host.

  • Select Routes.

  • Select Add Route button.

  • The Add Route form gets loaded.

AddRoute
Figure: Add Route
Step 2: Select the Namespace in which the associated cluster object is located.
NavNS
Figure: Navigate to Namespace
Step 3: Enter the values for Name, Labels, and Description.
  • Enter Name.

  • Enter Labels and Description as needed.

AddRouteConfig
Figure: Add Route Config Options

Enter the values as per the following guidelines:

  1. Name: Provide a name for identifying route object on F5® Cloud Console.

  2. Labels: You can associate multiple labels from either known keys/known labels or custom keys and labels.

  3. Description: Provide a description to the route object.

Step 4: Configure routes associated with the route object.
  • Select Configure link in List of Routes box on bottom of Route form to open the Routes configuration form for different routing options.
AddRouteConfig
Figure: Add Route Config Options
  • Select + Add Item button in Routes page.
ConfRoutesforRouteObj
Figure: Configure Routes for Route Object
ConfRoutesforRouteObj
Figure: Configure Routes for Route Object
Step 5: Implement traffic match patterns, and rules based on different HTTP methods.
  • Select Configure link in Request Match box to implement traffic match patterns and rules based on different HTTP methods.

  • Select + Add Item button in Match page.

  • Select HTTP Method in drop-down menu: ANY (HTTP method), GET, HEAD, POST, PUT, DELETE, OPTIONS, TRACE, and PATCH.

  • Select Path Match drop-down menu option in Match Condition box.

Choose one of the three available match patterns:

  • Prefix > enter Prefix value in box.

  • Path > enter Path value in box.

  • Regex > enter Regex value in box.

You can also specify an optional combination Query Parameters and Headers.

  • Select + Add Item button.
RouteMatch
Figure: Route Match Options
  • Enter the configuration parameters in new page.

  • Select Add Item button.

  • Select Apply button.

Route Action: Route action specifies the action executed when this route object is accessed. You can choose one of the three options:

  • Select Action in drop-down menu options:

    • Destination List: Route destination enables you to map one or more cluster objects to this specific route.

      • Select Configure in Destination List > + Add Item in Destination Origin pools (cluster) > select Cluster and setup as needed > Apply button.

      Note: Selecting Destination List in route action provides with options to associate one or more clusters to the destination.

    • Redirect: Route redirect enables you to redirect requests received by this route.

      • Enter info in all boxes you want to customize.
    • Direct Response: Route direct response enables you to provide a response code.

      • Select Configure in Direct Response.
  • Toggle Show Advanced Fields in Actions box to show Headers options if needed.

RouteAction
Figure: Route Action Options
Step 6: Apply Advanced Options, and Add Route.
  • Toggle Show Advanced Fields to expand box and configure Advanced Options.

  • Select WAF Config drop-down menu in WAF box to apply Application Firewall option.

  • Check box for Service Policy if needed.

  • Select Add Item to add the route object to the F5 Cloud Console.

Route
Figure: Route Options
  • Select Apply button in Routes > Global Configuration Specification page.
Route
Figure: Route Options
  • Select Save and Exit button to add route.
Route
Figure: Route Created

Create Advertise Policy

See Advertise Policies for more information.

Step 1: Select the namespace in which the advertise policy needs to be created.
  • Select the namespace in which the advertise policy needs to be created.
NavNS
Figure: Navigate to Namespace
Step 2: Add advertise policy.
  • In Multi-Cloud App Connect > select Manage > Virtual Host.

  • Select Advertise Policies.

  • Select Add Advertise Policy button.

AddAdvPol
Figure: Add Advertise Policy
Step 3: Enter name, labels, and description in the Add advertise policy form.
  • Enter name, labels, and description in the Add advertise policy form.
  1. Name: Provide a name for identifying advertise policy.

  2. Labels: Users can associate multiple labels from either Known Keys/Know Labels or custom keys and labels.

  3. Description: Users can provide a description to Advertise policy object.

ConfAdvPolOpt
Figure: Advertise Policy Config Options
Step 4: Enter Where to advertise the service.

Enter Where to advertise the service.

The field Where enables you to advertise a service on a site, virtual site, and virtual network. For example, if multiple sites are spatially distributed across regions (cloud and physical), you can discover a service from one site and advertise the same on one or more sites.

  • Toggle Show Advanced Fields in Advertise Policy box to show more options.

  • Select Virtual-Site, Site, or Virtual Network drop-down menu in Advertise Policy box.

    • Virtual Site: One or more sites grouped into a virtual site using key/label. If a virtual site has more than one site, advertise policy will announce the services on all the sites.

    • Site: A site registered and listed in the Site List in the system namespace.

    • Virtual Network: A Virtual network created by user. Advertise policy advertises the service on all devices which comprise the chosen virtual network.

  • Select Reference and Network Type options in drop-down menus.

AdvPolWhere
Figure: Advertise Policy Where Options
Step 5: Enter port and protocol.
  • Toggle Show Advanced Fields in Advertise Policy box to show more options.

  • Select Protocol in drop-down menu, TCP or UPD.

    • Protocol: Refers to protocol that the service supports. Default is TCP
  • Enter TCP/UDP Port number in box.

    • Port: Refers to port on which the discovered service is advertised. This can be a different port than the originally discovered port from the Endpoint object. Advertising on public networks is supported for only ports 80 and 443.
AdvPolPortProto
Figure: Advertise Policy Protocol and Port
Step 6: Add configurations as needed, and advertise policy object to the F5 Console.
  • Select or enter VIP, TLS Parameters, Disable X-Forwarded-For Header, and List of Public IP sections as needed.

  • After entering all required parameters in the respective fields, select Save and Exit button to add the advertise policy object to F5.

AdvPol
Figure: Advertise Policy

Create Virtual Host

See Virtual Host for more information.

Step 1: Select the Namespace in which virtual host needs to be created.

Select the Namespace in which virtual host needs to be created.

NavNS
Figure: Navigate to Namespace
Step 2: Add virtual host.
  • In Multi-Cloud App Connect > select Manage > Virtual Host

  • Select Virtual Hosts.

  • Select + Virtual Host or Add Virtual Host button.

AddVHost
Figure: Add Virtual Host
Step 3: Enter name, labels, and description in the Add virtual host form.
  • Enter name, labels, and description as needed.
  1. Name: Provide a name for identifying advertise policy object on F5 platform.

  2. Labels: You can associate multiple labels from either known keys/known labels or custom keys and labels.

  3. Description: Provide a description to advertise policy object.

AddVHConf
Figure: Virtual Host Config Options
Step 4: Select a value for the Proxy Type.
  • Select a value for the Proxy Type drop-down menu.

    • UDP Proxy: Install UDP proxy.

    • Secret Management Access Proxy: Install Secret Management Access proxy.

Note: Proxy type enables you to configure specific type of proxy on the virtual host.

VHProxType
Figure: Virtual Host Proxy Type Options

Note: The virtual host of the UDP Proxy type can be monitored in the Virtual Hosts > HTTP Connect & DRP page in your application namespace. The UDP Proxy type does not support extensive monitoring that other types of virtual hosts support.

Step 5: Select Add domain in Domains.
  • Select + Add item in Domains box.

Note: Domain is used to access the virtual host. A virtual host can have one or more domains associated with it.

VHDomConf
Figure: Virtual Host Domain Config
Step 6: Select route to associate one or more routes with the virtual host.
  • + Select Route button in Routes box to associate one or more routes with the virtual host.

  • Check existing Route or + Add new Route, configure as needed.

  • Select Route button to add and return to previous page.

VHRouteSel
Figure: Virtual Host Route Selection
Step 7: Select advertise policy to associate an advertise policy with the virtual host.
  • + Select Advertise Policy button in Routes box to associate an advertise policy with the virtual host.

  • Check existing Advertise Policy or + Add new Advertise Policy, configure as needed.

  • Select Advertise Policy button to add and return to previous page.

VHAdvPol
Figure: Virtual Host Advertise Policy Selection
Step 8: Additional Virtual Host options.
  • Select or enter other sections as needed.

  • TLS Parameters

  • WAF Config

  • Dynamic Reverse Proxy

  • Authentication Details

  • Add Request Headers

  • Remove Request Headers

  • Buffer Policy

  • CORS Policy Configuration

  • Add Location

  • Retry Policy

  • Compression Parameters

  • Custom Error Responses

  • Disable default error pages

  • Maximum Request Header Size (KiB)

  • Select Type of Challenge

  • Rate Limiter

  • Maximum Request Header Size (KiB)

  • Select Type of Challenge

  • Rate Limiter

  • Maximum Request Header Size (KiB)

  • Select Type of Challenge

  • Rate Limiter

  • Rate Limiter Allowed Prefixes

  • User Identification Policy

  • Idle timeout (in milleseconds)

  • Disable DNS resolution

  • Server Header value to be used in response

  • Path normalize

  • Rate Limiter Allowed Prefixes

  • User Identification Policy

  • Idle timeout (in milleseconds)

Step 9: Add virtual host to create a virtual host object.
  • After entering all required parameters, select Save and Exit button to create a virtual host object.

Concepts


API References