For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

3DWine's avatar
3DWine
Icon for Nimbostratus rankNimbostratus
Apr 29, 2020

PBR Transparent Proxy Pool

Hi all

 

Trying to establish the best way to achieve a Transparent proxy pool on an F5 VIP if it is possible.

 

Essentially want webtraffic directed to the F5 to be load balanced to a pool of transparent proxies.

 

Router doing Policy Based routing to send any LAN TRAFFIC 80+443 traffic to a VIP on an F5. This i would require PBR on the F5 as well as the VIP is advertised from a selfIP on the F5.

 

Even with both PBRs in place is this something that is achievable on the F5?

 

what type of VIP would be required for this?

 

----------------------------------------------------------

HOST: 1.1.1.1 [website.com 5.5.5.5:80]

1.1.1.1 >> 1.1.1.2

RTR: 1.1.1.2 [PBR - 1.1.1.1 DST 80 nexthop set 3.3.3.3]

2.2.2.1 >> 2.2.2.2

F5: 2.2.2.2 [PBR - 1.1.1.1 DST 80 nexthop set 3.3.3.3]

2.2.2.2 >> 3.3.3.3

F5: 3.3.3.3 [VIP with Transparent Proxy Pool 4.4.4.0l]

----------------------------------------------------------

 

application delivery
BIG-IP

1 Reply

  • Simon_Blakely's avatar
    Simon_Blakely
    Icon for Employee rankEmployee
    Apr 30, 2020

    The BigIP lets you create 0.0.0.0:80/0.0.0.0:443 fastl4 listeners that captures all traffic with a destination port of 80/443 that is sent to the floating self-IP (i.e as a gateway) (that does not match a more specific listener).

     

    The listeners then forward the traffic to the pool of proxies (with or without address translation as required).