Forum Discussion

VinceBlack's avatar
VinceBlack
Icon for Altocumulus rankAltocumulus
Feb 12, 2023

Looking for Setup Advice

Hello,

I am looking for some advise for setting up a F5 Big-IP that can accomplish the following things. 

I only have one public IP address but will be hosting muliple services.  I am looking at setting up one VIP that's open to public with ports that are required then when hitting FQDN that it redirects to VIP that is hosting service.  Example mysite1.domain.com goes to VIP 10.10.10.100, mysite2.domain.com goes to VIP 10.10.10.110, so on.  Is this done by iRule, reverse proxy, or policy. What's the best pratice for setting something up like this.  Thanks in advance for the help.

  • You need a first match strategy here. And while it is technically possible to forward to another VS, forwarding directly to the pool member is sufficient here unless you have reasons to forward to a secondary VS.

    The flow is: client --> VS (with policy attached) --> pool (selected by policy)

    Example:

     

8 Replies

  • Hey Guys, Thank you very much for the response and suggestions.  I have gotten the basic working with simple service (plain vanilla website) however trying to get a streaming service to work.   I am looking how to best troublshoot and what the cause might be.  This is a homelab and trying my best to understand F5 more. I trully appreciate all the help and patience.

    • Leslie_Hubertus's avatar
      Leslie_Hubertus
      Ret. Employee

      Hey VinceBlack - glad you got the first bit of help you needed. Are you getting a specific error message on the streaming? May be worth starting a new thread for that challenge with your homelab. 

  • VinceBlack Do you have a topology of how the F5 will be in your network and any devices between you and your ISP connection? If you only have 1 public IP it makes it a bit difficult for you to balance the client requests to two different private IPs based on a NAT.

  • Hi,

    This is not an uncommon scenario. You can have one public IP and use it for a bunch of applications as long as you use different hostnames for your apps. 

    The best solution here is to use a local traffic policy which checks the HTTP hostanme and forward the request to the relevant pool, one rule per application, plus a default rule which either denies traffic or forwards it to a default pool.

    Note that in this scenario you don't need to use different ports for your published apps, because the differentiator is the hostanme. Also whether your public IP is on your firewall (NATed to F5 vip) or directly configured on F5, this also doesn't matter. 

  • Hello Amine,

    Could you give me an example?  

    I have tired setting a polices "Match all... HTTP Host>host>is>any of>mysite1.domain.com>request". Then "Do the follow...Forward traffic>virtual server >"VIP I created>request.  I am trying to figure out how to create another rule that when it hit "mysite2.domain.com that it goes to the correct pool.

    My thought process is this.  VIP that's accessible externally, then it redirects it the correct pool but I am lost on creating a default rule that denies traffic or forwards it to a default pool.  Thank you for the help an explantion. I'm trying to wrap my head around F5. 

    • Amine_Kadimi's avatar
      Amine_Kadimi
      Icon for MVP rankMVP

      You need a first match strategy here. And while it is technically possible to forward to another VS, forwarding directly to the pool member is sufficient here unless you have reasons to forward to a secondary VS.

      The flow is: client --> VS (with policy attached) --> pool (selected by policy)

      Example:

       

    • Try searching for f5 vip targetting vip.
      In theory you should see this,
      Vip Targeting Vip Solutions - YouTube

      It's basically what you are trying to do.

      A LTP (local traffic policy) is all you need, linked to a front virtual service. That hold your extneral IP.
      And then internal virtual servers are linked by that policy.
      when creating the internal virtual servers they need a IP, that can be any ip it doesn't need to be routable/accessable if you don't want it to be, But you can't create a Virtual server without a ip.