Forum Discussion
F5 Distributed Cloud(XC) Site Edge/Customer Sites without Regional Edge capabilities question.
Hello,
I decided to finally read about the the F5 Distributed Cloud and I had some questions about using only Site Edge Nodes (Customer Sites) without Regional Edge Nodes.
Is layer 7 DOS/DDOS protection still an option without Regional Edge ? For me this should work as only for Layer 3/4 DOS/DDOS the Regional Edge is needed as a scrubbing center.
Also is it possible to make ipsec/ssl tunnels between Site Edge Nodes full mesh? From I read in https://docs.cloud.f5.com/docs/about-f5-distributed-cloud/mesh this should be correct if I am reading it right "Using an industry-proven network stack with most advanced BGP implementation, we are able to provide full-mesh or hub-and-spoke connectivity across cloud or edge sites. The nodes automatically create secure IPSec/SSL tunnels with each other if they have direct IP reachability or securely connect to multiple nearest global PoPs. Using application or policy-based routing, traffic can be load balanced for optimal performance across this network. In addition, you can enable a network firewall and forward proxy capabilities to control and filter traffic to and from the applications."
Nikoolayy1 yes, you can configure site-to-site full-mesh connectivity with F5 Distributed Cloud.
Depending on your use case, you'll either want to use:
- DC Cluster Group: for Cloud Sites connected over a private backbone
- Site Mesh Group: for Public Cloud sites
Cheers,
Nico
- NCartronEmployee
Nikoolayy1 yes, you can configure site-to-site full-mesh connectivity with F5 Distributed Cloud.
Depending on your use case, you'll either want to use:
- DC Cluster Group: for Cloud Sites connected over a private backbone
- Site Mesh Group: for Public Cloud sites
Cheers,
Nico Nikoolayy1 - was this addressed in your similar question in the DistributedCloudUsers forum?
If not - I'll move this question there.
If so - I'll probably freeze/archive this question and redirect any travellers to that one?The other question was not actually a question but a suggestion for a cool feature that could be added in the future and this is actually a real question about the current options.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com