For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Steve_15498's avatar
Steve_15498
Icon for Nimbostratus rankNimbostratus
Oct 11, 2011

Redirect or Reverse Proxy or ??

I'm extremely new to the F5 community and fairly new to NLB in general..

 

 

I've got a secure web site live at one datacenter https://www.mine.com and we'll be moving this to a new data center behind an LTM and getting a new external IP. We have a 99% uptime SLA on this site.

 

 

Rather than dealing with DNS propagation and using a forwarder at the existing/old site post cut over. I was told by a coworker that we could do a relay or redirect at the new site with a web server and possibly with the F5 LTM allowing us to update the DNS record at any point prior to the cutover.

 

 

I was hoping someone here could help direct me not only with the correct terminology for this technology, but if and how it would work with the LTM.

 

 

My coworker calls it a relay, I've asked my dev guys and they're only familiar with redirects..

 

 

We need the host header to remain the same to prevent certificate issues prior to the cut over and to make the transition as seamless as possible with 0 downtime.

 

 

Thanks in advance..

 

application delivery
dev
devops
iRules

3 Replies

  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Oct 12, 2011
    Steve,

     

     

    I'm not 100% clear on what you're trying to achieve. You have 2 DCs, one app. That app is hosted in DC1 and is going to be moving to DC2, behind an LTM. That much I'm clear on.

     

     

    What is it you want to do within DC2 and the LTM to help facilitate the swing exactly?

     

     

    Colin
  • Steve_15498's avatar
    Steve_15498
    Icon for Nimbostratus rankNimbostratus
    Oct 12, 2011
    I was hoping to configure a "redirect" or "proxy" to point back to the other IP address at DC1. So I could make my DNS update to point to the IP address at DC2 and have the LTM direct traffic back to DC1 until the cutover date.

     

     

    My understanding of a standard redirect is that it alters the URL or header from https://www.mine.com to https://1.1.1.1 (redirected URL). This would cause a problem with the SSL cert not matching the header of https://1.1.1.1

     

     

    Maybe it's done easier by registering an additional DNS name. I just was told that a relay was possible, but I'm not familiar or finding much on a relay function of IIS or the LTM.

     

     

    I hope I'm making sense.. I start to confuse myself and I'm usually a pretty savvy guy.
  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Oct 12, 2011
    Hi Steve,

     

     

    I think I understand what you are after following your second explanation, but correct me if I am wrong. Do you you want your traffic to go like this:

     

     

    DNS -> IP Address at DC2 -> DC1 for application content

     

     

    If that is the case then consider / test this this:

     

     

    On the DC2 Virtual Server configure SNAT Automap.

     

    In the Pool that the DC2 Virtual Server is configured to use, add the IP Address of the application at DC1.

     

    Verify that when you access the Virtual Server IP Address at DC2, that the content is pulled from DC1.

     

    If testing successful, point your DNS to the Virtual Server IP Address at DC2 until your migration has been completed.

     

     

    This would negate the need for a redirect, but you are going to want to test it to make sure that everything works as designed (with the additional latency which can and will vary).

     

     

    Hope this helps.