For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Nikoolayy1's avatar
Oct 23, 2022
Solved

F5 Distributed Cloud(XC) Site Edge/Customer Sites without Regional Edge capabilities question.

Hello,

 

I decided to finally read about the the F5 Distributed Cloud and I had some questions about using only Site Edge Nodes (Customer Sites) without Regional Edge Nodes.

 

Is layer 7 DOS/DDOS protection still an option without Regional Edge ? For me this should work as only for Layer 3/4 DOS/DDOS the Regional Edge is needed as a scrubbing center.

 

Also is it possible to make ipsec/ssl tunnels between Site Edge Nodes full mesh? From I read in https://docs.cloud.f5.com/docs/about-f5-distributed-cloud/mesh  this should be correct if I am reading it right "Using an industry-proven network stack with most advanced BGP implementation, we are able to provide full-mesh or hub-and-spoke connectivity across cloud or edge sites. The nodes automatically create secure IPSec/SSL tunnels with each other if they have direct IP reachability or securely connect to multiple nearest global PoPs. Using application or policy-based routing, traffic can be load balanced for optimal performance across this network. In addition, you can enable a network firewall and forward proxy capabilities to control and filter traffic to and from the applications."  

  • Nikoolayy1 yes,  you can configure site-to-site full-mesh connectivity with F5 Distributed Cloud.

    Depending on your use case, you'll either want to use:

    Cheers,
    Nico

3 Replies

  • Nikoolayy1 yes,  you can configure site-to-site full-mesh connectivity with F5 Distributed Cloud.

    Depending on your use case, you'll either want to use:

    Cheers,
    Nico

    • Nikoolayy1's avatar
      Nikoolayy1
      Icon for MVP rankMVP

      The other question was not actually a question but a suggestion for a cool feature that could be added in the future and this is actually a real question about the current options.