Create Origin Pools

• Log into Console.

• Click Multi-Cloud App Connect.

Figure: Console Homepage

• Change to your application namespace.

• Click Manage > Load Balancers > Origin Pools.

• Click Add Origin Pool to open the creation form.

Figure: Navigation to Origin Pools

• In the Name field, enter a name.

• Optionally, add labels and enter a description for your origin pool.

Figure: Origin Pool Name

• Select from the left menu or scroll to the Origin Servers section and perform the following:

  • Click Add Item.

  • From the Select Type of Origin Server menu, select a type of origin server per the following guidelines:

    • Select Public IP of Origin Server to specify the origin server with its public IP address. Enter the IP address in the Public IP field.

    • Select IP address of Origin Server on given Sites to specify the origin server with its private or public IP address. Enter the IP address in the IP field. Select Site or Virtual Site option in the Site or Virtual Site menu. Select a site or virtual site according to the displayed Site or Virtual Site menus. Select the Inside Network, Outside Network, or Segment option for the Select Network on the site menu. For Segment, select the segment from the drop-down menu.

    • Select Public DNS Name of Origin Server to specify the origin server with its public DNS name. Enter the DNS name in the DNS Name field.

    • Select DNS Name of Origin Server on given Sites to specify the origin server with its private or public DNS name. Enter the DNS name in the DNS Name field. Select Site or Virtual Site option in the Site or Virtual Site menu. Select a site or virtual site according to the displayed Site or Virtual Site menus. Select the Inside Network, Outside Network, or Segment option for the Select Network on the site menu. For Segment, select the segment from the drop-down menu.

    • Select K8s Service Name of Origin Server on given Sites to specify the origin server with its K8s service name. Enter the service name in the Service Name field. Select Site or Virtual Site option in the Site or Virtual Site menu. Select a site or virtual site according to the displayed Site or Virtual Site menu. Select inside or outside network option for the Select Network on the site menu.

    • Select Consul Service Name of Origin Server on given Sites to specify the origin server with its consul service name. Enter the service name in the Service Name field in the <servicename.k8snamespace> format. Select Site or Virtual Site option in the Site or Virtual Site menu. Select a site or virtual site according to the displayed Site or Virtual Site menu. Select inside or outside network option for the Select Network on the site menu.

    • Select IP address on Virtual Network to specify the origin server with its virtual network IP address. Enter the IP address in the IP field. Select the virtual network from the Virtual Network menu.

    • Select Name on Virtual Network to specify the origin server with its virtual network name. Enter a DNS name for the virtual server in the DNS Name field. Select the virtual network from the Virtual Network menu.

    • Select Custom Endpoint Object for Origin Server to specify the origin server on an endpoint object. Select the reference to the endpoint from the Endpoint menu. An existing endpoint object is required for this.

  • Click Apply.

Figure: Configure Origin Server

Note: You can use the Add Item option to add more than one origin server.

Note: If you have created an internet VIP in order to use the AWS Internet Network Load Balancer (NLB) VIP, the origin server type must be set to either Public DNS Name of Origin Server or DNS Name of Origin Server on given Sites. For more information, see Create AWS Site.

• Use the Origin server Port drop-down menu to select a port type:

  • Port: Enter a port number in the Port field.
  • Automatic Port: For Consul service discovery, the port will be automatically discovered as part of service discovery. For other origin server types, the port will be automatically set to 443 if TLS is enabled or 80 if TLS is disabled.
  • Loadbalancer port: The endpoint is selected based on the load balancer port.

• From the Select upstream connection pool reuse state menu, optionally choose to disable the upstream connection pool reuse state for every downstream connection. Connection pool reuse is enabled by default. When connection pool reuse is enabled, Distributed Cloud can reuse existing upstream connections to proxy the requests from multiple downstream connections. This eliminates the time needed to open a new server-side connection for every client connection and reduces the overall latency. When connection pool reuse is disabled, Distributed Cloud opens a new upstream connection for every downstream connection. This feature is only available for HTTPS load balancers.

• From the Port used for health check menu, select an option.

• Select an option from the LoadBalancer Algorithm and Endpoint Selection menus.

Note: See Discovery - HashiCorp Consul for information on how to discover Consul services.

• Select from the left menu or scroll down to the Health Checks section.

• Click Add item.

• From the Health Check object menu, select an existing healthcheck object or click Add Item to create a new object.

Figure: Configure Health Check

• To create a new healthcheck, perform the following:

  • Enter a name. Optionally, set labels and add a description in the Metadata section.

  • From the Health Check menu, select an option. Then click View Configuration to complete the setup.

  • Enter values in seconds for the Timeout and Interval fields, respectively.

  • Enter numbers for the unhealthy and healthy threshold attempts for the Unhealthy Threshold and Healthy Threshold fields, respectively.

  • Click Continue.

• From the left menu, select TLS.

• From the TLS menu, select Enable. The default option is set to Disable.

Figure: Configure TLS

• From the SNI Selection menu, select an option. If you select SNI Value, then you must enter a corresponding value. You can disable SNI selection by selecting No SNI.

• From the TLS Security Level menu, select a security level. High security is selected by default. If you select Custom, complete the parameters.

• From the Origin Server Verification menu, select an option for the trusted CA URL. If you select Use Custom CA List, you can enter it in certain formats by choosing from the options available. You can also skip origin server verification by selecting Skip Verification.

• From the mTLS with Origin Servers menu, choose an option from the following:

  • Disable: Default option. Client authentication is not required.

  • Select/add a TLS Certificate object for client authentication: This option enables you to create a new TLS certificate or select an existing TLS certificate from Certificates Management.

  • Upload a client authentication certificate specifically for this Origin Pool: This option enables you to upload a TLS certificate for this origin pool specifically. To upload, click Configure.

• Select from the left menu or scroll down to the Other Settings section.

• Click Configure.

• Configure the options marked with an asterisk (*).

• In the Origin Server Subsets section, choose an option to enable or disable subset load balancing.

• In the Miscellaneous Options section, choose to enable the HTTP 2 protocol for upstream connections.

Note: Protocol extensions such as “X-Forwarded-For” header for HTTP require knowledge of the underlying protocol (such as HTTP). For layer 4 applications, F5 Distributed Cloud Load Balancers now support versions 1 (human-readable format) and version 2 (binary format) of the PROXY protocol (PROXY protocol spec), which conveys the original connection parameters, such as the client IP address, to the back-end servers. Use the Proxy Protocol Configuration drop-down menu to select the appropriate version.

• Click Apply.

Click Save and Exit to complete creating the origin pool.