Forum Discussion
Gilles_LHérault
Nimbostratus
NimbostratusURI rewrite like ISA 2006 / TMG 2010
Hi folks, I searched on dev central but there does not seem to be a definitive answer to our question. I think a cookbook might help.
Our situation is this:
We're replacing an aging ISA 2006 farm that handles our reverse proxy needs. BigIP with APM has been touted as the do it all magic solution to pick up that role now that Microsoft has left us hanging (thanks for nothing MS btw)
Our ISAs are configured so they answer on the "public" side with adresses like "Application1.MyCompany.com" and then ISA ,through a rule, will forward that to "Application1.Internal.MyCompany.com". ISA resolutly lives in a layer 7 world the rule that I just described relies heavily on DNS to work and it does what it does very well. It also does something incredibly useful in that it translates the URIs from the "public" name to the "Private" name.
Now being a "server" guy (like my network admins like to taunt at me), I too live in a layer 7 world but is seems that the BigIP doesn't. In fact the features of ISA are not so easily done on BigIP. Now we're stuck trying to converts hundreds of those ISA rules and recreate them on F5 but we hand up having really "weird" conversation with the network guys managing our BigIPs. Conversations like:
Server guy: Yeah so I need Bob.mycompany.com to translate to Gary.internal.mycompany.com and forward all traffic to it.
Network guy: So what's the IP for Gary.internal.mycompany.com
Server guy: Uhh, do we care?
Network guy: Yeah, I gotta create a VS in APM and that VS directs traffic to a pool that contains nodes and I gotta know the IP from those nodes.
Server guy: That kinda sucks doesn't it? ISA never asks us for IPs...
Network guy: I'm not done, that URL rewrite thingy? We don't do that.
Server guy: But my web site is all configured to listen on "Gary.internal.mycompany.com" and my webmasters all use fixed url instead of relative and we don'T have the budget to fix it all
Network guy: Not my problem!
And thus the great divide endures... I don't know who's wrong here, is it my network guys just being difficult or is ISA/TMG truly a unique product that will disappear forever only to be remembered as a magical artifact that could perform fantastical feats such a URI rewriting and only the elders of our tribe remembers the ancient and arcane knowledge required to use it!
So what are my options here, call F5 get our money back? The device and the software seem more that capable to handle what we're trying to do but there doesn't seem to be a definitive guide or cookbook to achieve it.
Thanks in advance for all your help!
nitass_89166Noctilucent
i never did tmg before, so i cannot comment on it. anyway, hope this information is helpful.
Manual Chapter: Configuring the BIG-IP System as a Reverse Proxy Server
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-4-0/21.htmlabout the fqdn, prior to 11.6.0, it can be done using irule. in 11.6.0, it is natively supported.
Dynamic Pool Members with DNS resolution
https://devcentral.f5.com/questions/dynamic-pool-members-with-dns-resolutionPopulate pools by FQDN This release includes the ability to configure a BIG-IP system with nodes and pool members that are identified with fully-qualified domain names (FQDNs). When configuring pool members with FQDN, addresses dynamically follow DNS changes. Fully dynamic DNS-managed pools may even be created.Release Note: BIG-IP LTM and TMOS 11.6.0
https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ltm-11-6-0.html
DenisGR_21754Cirrus
thx to provide
";
Helped me a lot to remove my ISA2006 server
nitassEmployee
i never did tmg before, so i cannot comment on it. anyway, hope this information is helpful.
Manual Chapter: Configuring the BIG-IP System as a Reverse Proxy Server
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-4-0/21.htmlabout the fqdn, prior to 11.6.0, it can be done using irule. in 11.6.0, it is natively supported.
Dynamic Pool Members with DNS resolution
https://devcentral.f5.com/questions/dynamic-pool-members-with-dns-resolutionPopulate pools by FQDN This release includes the ability to configure a BIG-IP system with nodes and pool members that are identified with fully-qualified domain names (FQDNs). When configuring pool members with FQDN, addresses dynamically follow DNS changes. Fully dynamic DNS-managed pools may even be created.Release Note: BIG-IP LTM and TMOS 11.6.0
https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ltm-11-6-0.html- DenisGR_21754
thx to provide
";
Helped me a lot to remove my ISA2006 server
- Gilles_LHérault
Thanks we'll definatly give it a try. I had heard about the Dynamic pool DNS story being added with 11.6 but frankly I am a bit shocked that this would constitute a "new" feature.
So I guess we need to work out a plan to update our bigIPs :(
Again many thanks!