Forum Discussion

John_Heyer_1508's avatar
John_Heyer_1508
Icon for Cirrostratus rankCirrostratus
Jun 07, 2017

BigIP-VE in AWS: Multiple external IPs?

So I have built a "Good" BigIP-VE inside an existing AWS VPC, using this guide:

 

BIG-IP Virtual Edition 12.1.0 and Amazon Web Services: Multi-NIC Setup

 

I've assigned an Elastic IP to the external NIC, created a VS on the external NIC's IP, and everything works fine.

 

Problem is, the BigIP-VE needs to host multiple websites, which have different domains and thus different SSL certificates. It seems like I would need the external NIC to have multiple IP addresses, then map a new Elastic IP to each IP address.

 

Is this possible, or is there a different way I need to go about it?

 

application delivery
AWS
cloud
LTM

3 Replies

  • Greg_Crosby_319's avatar
    Greg_Crosby_319
    Historic F5 Account
    Jun 15, 2017

    Yes, you can assign multiple ip's to a single big-ip interface which you then use for another virtual server:443. Once the private ip has been configured on your big-ip interface you map another EIP addresses to the newly created big-ip secondary address.

     

    Here is an alternative option for using a single vs with SNI feature:

     

    https://support.f5.com/csp/article/K13452

     

    • John_Heyer_1508's avatar
      John_Heyer_1508
      Icon for Cirrostratus rankCirrostratus
      Jun 28, 2017

      Thanks for the reply.

       

      I was stuck on where/how to assign the secondary IP address(es) to be used for the Virtual server(s) as the documentation is very light at that step. Here's the process:

       

      1. In EC2 console, under "Network Interfaces", find the external interface for the BigIP
      2. Right click and select "Manage IP Addresses"
      3. Assign new IP (10.0.1.202 in their example)
      4. Go to "Elastic IPs", Associate Address. Select the Network interface, and in the Private IP drop-down you'll see the secondary IP address
      5. On the BigIP, create a Virtual Server with IP address 10.0.1.202
      6. Modify security groups according to allowing whatever ports are used by the Virtual Server

      Now, what I don't understand is how this would work with HA. It seems since the Virtual Server IPs are mapping to a specific instance, failover would not take place for Virtual Server IP addresses.

       

  • Allan_Maia's avatar
    Allan_Maia
    Icon for Nimbostratus rankNimbostratus
    Sep 17, 2018

    Hello,

     

    Related to this situation, every ec2 type has a limit of ipv4 private addresses that can be assingned to a interface (we can have up to 50 private addresses associated to a ENI).

     

    Knowing that we'll have a lot of virtual servers, does someone ever surpassed this situation?

     

    Thanks.