Forum Discussion

Nikoolayy1's avatar
Oct 23, 2022

F5 Distributed Cloud(XC) Site Edge/Customer Sites without Regional Edge capabilities question.

Hello,

 

I decided to finally read about the the F5 Distributed Cloud and I had some questions about using only Site Edge Nodes (Customer Sites) without Regional Edge Nodes.

 

Is layer 7 DOS/DDOS protection still an option without Regional Edge ? For me this should work as only for Layer 3/4 DOS/DDOS the Regional Edge is needed as a scrubbing center.

 

Also is it possible to make ipsec/ssl tunnels between Site Edge Nodes full mesh? From I read in https://docs.cloud.f5.com/docs/about-f5-distributed-cloud/mesh  this should be correct if I am reading it right "Using an industry-proven network stack with most advanced BGP implementation, we are able to provide full-mesh or hub-and-spoke connectivity across cloud or edge sites. The nodes automatically create secure IPSec/SSL tunnels with each other if they have direct IP reachability or securely connect to multiple nearest global PoPs. Using application or policy-based routing, traffic can be load balanced for optimal performance across this network. In addition, you can enable a network firewall and forward proxy capabilities to control and filter traffic to and from the applications."  

  • Nikoolayy1 yes,  you can configure site-to-site full-mesh connectivity with F5 Distributed Cloud.

    Depending on your use case, you'll either want to use:

    Cheers,
    Nico

  • Nikoolayy1 yes,  you can configure site-to-site full-mesh connectivity with F5 Distributed Cloud.

    Depending on your use case, you'll either want to use:

    Cheers,
    Nico

    • Nikoolayy1's avatar
      Nikoolayy1
      Icon for MVP rankMVP

      The other question was not actually a question but a suggestion for a cool feature that could be added in the future and this is actually a real question about the current options.