Configure CDN Distribution (Public Preview)

Objective

This guide provides instructions on how to configure Content Delivery Network (CDN) Distribution using the F5 Distributed Cloud CDN service. Using the CDN service, you can enhance application performance by caching content across a geographically distributed network of servers that serve content with high scale and low latency.

The F5 Distributed Cloud CDN service can be deployed with the following TLS configurations:

  • HTTP distribution
  • HTTPS distribution with your own TLS certificate (also known as HTTPS with custom certificate)
  • HTTPS distribution with automatic TLS certificate (minted by F5® Distributed Cloud Services)

Using the instructions provided in this guide, you can perform the following:

  • Create and deploy an HTTP CDN distribution
  • Create and deploy an HTTPS CDN distribution with your TLS certificate or with the certificate minted by Distributed Cloud Services

Note: Currently the CDN service is a public preview service. This means the following apply:

  • The standard support SLAs may not apply.
  • APIs in public preview service may not be backward-compatible.

Prerequisites

The following prerequisites apply:

  • A Distributed Cloud Services Account. If you do not have an account, see Create an Account.

  • A valid DNS domain delegated to Distributed Cloud Services in case you want Distributed Cloud Services to act as domain name server (DNS). For instructions on how to delegate your domain to Distributed Cloud Services, see Delegate Domain.

  • TLS certificates in case of using HTTPS distribution with custom certificates.

  • Origin server with a valid DNS name and reachable by F5 Distributed Cloud Services.

Note: Ensure that the origin server hosts the content that needs to be served using the CDN Distribution.


Configuration

Perform the following to create your CDN distribution:

Step 1: Log into Console and create new CDN distribution.
  • Select the Content Delivery Network service. The CDN distribution configuration page opens.

  • Go to Manage > Distributions.

Distributions
Figure: CDN Distributions Page

  • Select Add Distribution.
Step 2: Configure metadata, domains, and distribution type.
  • In the Name field, enter a name for the distribution.

  • Optionally, select a label and enter a description.

  • Go to Basic Configuration and enter a domain name in the Domains field. Ensure that you enter an FQDN.

  • Select Add item to add more domains, if needed.

  • Select an option for the Select Type of CDN Distribution. The following options are supported:

    • Select HTTP to create the HTTP Distribution. Select the Automatically Manage DNS Records checkbox if your domain is delegated to F5 Distributed Cloud. Else, ensure in your DNS provider configuration that your domain is resolved.

    • Select HTTPS with Automatic Certificate to create the HTTPS Distribution with an automatic TLS certificate. Ensure that the domain is delegated to F5 Distributed Cloud. Optionally, select HTTP Redirect to HTTPS and Add HSTS Header checkboxes to enable those functions. You can also select TLS security level to be high or medium.

    • Select HTTPS with Custom Certificate to create the HTTPS Distribution with your custom TLS certificate.

  • If you are using the HTTPS with Custom Certificate option:

    • Set the TLS configuration using the Configure option under the TLS Parameters field.

    • From the TLS Security Level drop-down menu, select the desired level.

    • In the TLS Certificates section, Select Add Item.

    • For the certificate URL encoding, select PEM or base64(binary), and then enter the certificate URL.

    • To configure the private key, Select Configure.

    • Under the Secret section, enter your private key in Text type, Select Blindfold, wait for the Blindfold operation to complete, and then Select Apply.

    • Select Add Item.

    • In the TLS Parameters section, Select Apply.

    Note: You can add more than one certificate using the Add Item option.

This example configures a CDN Distribution of type HTTPS with Automatic Certificates.

DistributionType
Figure: Distribution of Type HTTPS with Automatic Certficate

Step 3: Configure CDN origin pool.
  • Select Configure in the CDN Origin Pools section. The CDN origin pool configuration page opens.

  • Enter the CDN origin domain name in the DNS Name field. The requests to origin servers use this name in the host header.

  • Select a TLS choice in the Enable TLS for Origin Servers field. Ensure that this matches your origin server configuration.

  • Select Add Item in the List of Origin Servers section. In the origin servers page, enter public DNS name or public IP of your origin server. Select Apply.

  • Select Apply in the CDN origin pool configuration page.

Origin Pool Configuration
Figure: Origin Pool Configuration

Step 4: Optionally, configure advanced options to control your content delivery operation.

Advanced configuration consists of options such as header control, security, cache control, etc. Go to Advanced Configuration section and perform the following:

  • Select Show Advanced Fields toggle to display the advanced configuration options.

  • Select Add Location checkbox to append the location header in the response. Value for this header is the Regional Edge Site name that serves your request.

Step 4.1: Configure header control.

Select Configure in the Header Control field and do the following:

Add Request Headers
  • Select Configure in Add Origin Request Headers. Select Add Item in the next screen, and enter a name for the header to be added.

  • Select Value or Secret for the header value. If it is value, enter a string value for the header. In case of secret, select Configure in the Secret Value field, enter the secret using the Text type, select Blindfold, wait for the encryption to complete, and select Apply.

  • Select Apply in the Headers to Add page.

  • Select Apply in the Add Origin Request Headers page.

Note: Use the Add Item option to add more headers.

Remove Request Headers
  • Select Configure in Remove Origin Request Headers.

  • Select Add Item and enter a name for the header to be removed.

  • Select Apply.

Note: Use the Add Item option to specify more headers to be removed.

Add Response Headers
  • Select Configure in Add Response Headers. Select Add Item in the next screen, and enter a name for the header to be added.

  • Select Value or Secret for the header value. If it is value, enter a string value for the header. In case of secret, select Configure in the Secret Value field, enter the secret using the Text type, select Blindfold, wait for the encryption to complete, and select Apply.

  • Select Apply in the Headers to Add page.

  • Select Apply in the Add Response Headers page.

Note: Use the Add Item option to add more headers.

Remove Response Headers
  • Select Configure in Remove Origin Request Headers.

  • Select Add Item and enter a name for the header to be removed.

  • Select Apply.

Note: Use the Add Item option to specify more headers to be removed.

Select Apply to apply header control settings.

Step 4.2: Configure security settings.

Select Configure in the Security Options field and do the following:

Client IP Filtering Options
  • Select Configure in Client IP filtering Options.

  • Select whether IP filtering type is allow list or deny list.

  • Enter IP prefix in the IP prefix list section.

  • Select Add Item to add more IP prefixes.

  • Select Apply.

Client Geo filtering Options
  • Select Configure in Client Geo filtering Options.

  • Select whether Geo filtering type is allow list or deny list.

  • Select countries from list in the Country Codes List field. You can select more than one country.

  • Select Apply.

Authentication Options
  • Select Configure in Authentication Options.

  • Select JWT Token Authentication for authentication type.

  • Enter the secret in the Text box of the Secret field. Select Blindfold and wait for the operation to complete.

  • Specify a source for the token. You can select header value or cookie name or query parameter name or set it as bearer-token.

  • Select Apply.

Select Apply to apply security settings.

Step 4.3: Configure logging options.

Select Configure in the Logging Options field and do the following:

Client IP Filtering Options
  • Select Configure in Client Request Headers to Log.

  • Select Add Item and add headers for logging.

  • Select Apply.

Origin Response Headers to Log
  • Select Configure in Origin Response Headers to Log.

  • Select Add Item and add headers for logging.

  • Select Apply.

Select Apply to apply logging option settings.

Step 4.4: Configure cache TTL.
  • Select Configure in the Cache TTL field.

  • Select an option for the Cache TTL Settings field as per the following guidelines:

    • Select Default Cache TTL if the origin server does not provide a TTL value. Set the value in the Default Cache TTL field.
    • Select Override Cache TTL if the origin server provides a TTL in the response and you want to override it. Set the value in the Override Cache TTL field.
  • Select Apply.

Step 5: Complete creating the distribution.

Select Save and Exit.

Step 6: Verify the distribution status.

It might take a few minutes for your CDN Distribution to be deployed and to be ready to cache and serve content at Regional Edges. Select > against your distribution object and expand its JSON view. Verify that the service domain is created. Select ... > Show Global Status against your CDN object and ensure that the Site Status section shows status as DEPLOYMENT_STATUS_DEPLOYED.

Delegated Domain with Automatic Certificates:
  • Wait for the DNS Info and Certificate status to display the VIRTUAL_HOST_READY and Certificate Valid values.

CDN Created
Figure: Distribution Created

  • Verify that the requests to your CDN domain are processed, and the content is returned.
Delegated Domain with No Automatic Certificates:

Verify that the requests to your CDN domain are processed, and the content is returned.

Non-Delegated Domain:

Verify that the requests to your CDN domain are processed and the content is returned.

Note: In case of content updates in your origin servers, you can force the CDN servers to fetch the updated content using the purge option. Select ... > Purge for your distribution object and the CDN service initiates purge for all the cache servers.

Step 6: Monitor performance for your distributions.

You can view your distribution performance dashboards either via the Manage > Distributions page or Monitoring > Performance page. Click on your distribution name from the list of displayed distributions to open the monitoring view.

The view offers the following:

  • Time series view for statisitcs such as Requests, Data Transfer, and Bandwidth. This is shown in a graph where hits and misses are displayed.

  • Donut chart for cache hit versus miss ratio.

  • HTTP response codes

  • TLS statistics

  • Latency

  • HTTP Version

MonitorCDN
Figure: Distribution Monitoring View


Concepts


API References