Handling Contract Violations (Traffic or QPS) in F5 Distributed Cloud Services
Hello everyone, I’m currently evaluating F5 Distributed Cloud Services for our organization’s needs and I have a question regarding the management of contract violations, specifically in terms of web traffic or queries per second (QPS). Could someone please explain how F5 Distributed Cloud Services handles scenarios where the agreed traffic or QPS limits are exceeded? Are there automated mechanisms in place to manage or mitigate these violations? What kind of alerts or notifications are provided? Is there a provision for throttling or other corrective actions to prevent service degradation? How does this impact billing or service continuity? Any insights or detailed explanations would be greatly appreciated. Thank you!13Views0likes0CommentsHow to check tenant billing license start date and Expiry date in F5 Distributed Cloud Console
Hello Everyone, I would like to know about license start date and expiry date in F5 Distributed Cloud Console. I can't find license start date and expiry date. That's why, please give me guide line and suggest. Thanks.17Views0likes0CommentsF5 XC | Rewrite Redirect functionality
Hi together, for the migration to F5 XC we need to change the location header for certain responses (301,302) to match the hostname of the XC instance. Is there currently a way to configure a rewrite redirect to an F5 XC virtual server? I also couldn't find a configuration option that allows response header manipulation. I am grateful for any hint. Update: i found a feature Request for that functionality: https://www.f5cloudideas.com/ideas/MESH-I-149 but if there are any other ideas pls share with me 🙂1.4KViews0likes8CommentsA quick post on how F5 XC Health Checks are different from BIG-IP
F5 Distributed Cloud (F5 XC) HTTP Health Checks (HC) behave differently from the basic HTTP Health Check from the beloved BIG-IP platform that F5 is known for. Because of this difference, some of your testing and real-world experiences may be a little different. One issue you may encounter is the difference in TCP/HTTP connection handling. On BIG-IP, the HTTP HC sends a HTTP/0.9 style GET request. With HTTP/0.9, there is no persistent TCP session, and every check is a brand-new request. By default, in F5 XC, XC will send HTTP/1.1 requests with the default behaviour of Connection: keep-alive set. This may result in Health Checks continuing to work even though new client sessions may be blocked. If this isn't desired for your health checks, you can change to a single use style health check by adding the HTTP header: Connection: Close to your health check. Here's a table that shows the GET requests and responses between BIG-IP and XC. HTTP Requests BIG-IP Basic HTTP XC Basic HTTP Get Request Hypertext Transfer Protocol GET /\r\n \r\n [HTTP request 1/1] Hypertext Transfer Protocol GET / HTTP/1.1\r\n host: demo.com\r\n user-agent: Envoy/HC\r\n \r\n [Full request URI: http://demo.com/] [HTTP request 1/1] Response Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n X-Frame-Options: ALLOW-FROM \r\n Content-Type: text/html; charset=utf-8\r\n Vary: Accept-Encoding\r\n Date: Tue, 21 Mar 2023 15:59:11 GMT\r\n Connection: close\r\n \r\n [HTTP response 1/1] [Time since request: 0.001904999 seconds] [Request in frame: 14] [Request URI: /] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n X-Frame-Options: ALLOW-FROM \r\n Content-Type: text/html; charset=utf-8\r\n Vary: Accept-Encoding\r\n Date: Tue, 21 Mar 2023 16:18:44 GMT\r\n Connection: keep-alive\r\n Keep-Alive: timeout=5\r\n Transfer-Encoding: chunked\r\n \r\n [HTTP response 1/1] [Time since request: 0.080959858 seconds] [Request in frame: 4] [Request URI: http://demo.com/] HTTP chunked response Here is the JSON payload to create your own Health Check with the Connection Close header set: { "metadata": { "name": "hc-http-connectionclose-200-302", "namespace": "shared", "labels": {}, "annotations": {}, "disable": false }, "spec": { "http_health_check": { "use_origin_server_name": {}, "path": "/", "use_http2": false, "headers": { "Connection": "Close" }, "request_headers_to_remove": [], "expected_status_codes": [ "200", "302" ] }, "timeout": 3, "interval": 15, "jitter": 0, "unhealthy_threshold": 1, "healthy_threshold": 3, "jitter_percent": 30 } } Thanks for reading and best of luck in your journey with F5 Distributed Cloud.1.6KViews8likes2CommentsAcronyms
Acronyms, are used all the time and the author /presentor is usually convinced that everyone in the audience understands what they mean, but every once in a while you hear or read something that you are not sure of the meaning. We are all professionals, that do not want to look like we are the only one in the room who does not know. So after hearing a talk or reading an article we often find ourselves looking it up; this can become confusing because acronyms mean different things when we search outside our field. For example CEwhat does it mean? The letters "CE" are the abbreviation of French phrase "ConformitéEuropéene" which literally means "European Conformity". In the dictionary you will probably find CE meaningCommon Era or ChristianEra.When looking for a more modern meaning, we will find it may mean Consumer Electronics. But here in our community, when someone writes CE, they mean Customer Edge. Here, you have, at your fingertips a list of acronyms, unconfused with other fields. Please let me know ifI missedany acronyms so I can add them to our list. A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | A ACL - Access Control List ADC -Application Delivery Controller ADN -Application delivery network ADO - Application Delivery Optimization ALG - Application Layer Gateway AI - Artificial Intelligence AJAX - Asynchronous JavaScript and XML API - Application Programming Interface APM - Access Policy Manager ASM - Application Security Manager (F5’s Application Security Manager™ ASM is also known as BD) AWAF - Advanced Web Application Firewall AWS - Amazon Web Services B BaDos -Behaviour AniDDoS (Behaviour AniDDoS, an F5 product that is used against DDoS) BDM -- Business Decision Maker BGP - Border Gateway Protocol BOO - Build Once Only C CDN -Content Delivery Network CE - Customer Edge CGNAT - Carrier Grade NAT CIA triad - Confidentiality, Integrity,Availability (triad Security model) CIFS - Common Internet file system CRS - Core RuleSet CRUD -Create , Read, Update, Delete CSRF - Cross-Site Request Forgery, also known as XSRF CUPS - Control Plane and User Plane Separation CVE - Common Vulnerabilities and exposures CVSS - Common Vulnerability Scoring System D DAP - Digital Adoption Plateform DAST - Dynamic testing. (Examples of such tools Qualys and Nessus) DB - Database DC - Direct Communication / Direct Connect DDoS - Distributed Denial-of-Service DGW - Default Gateway Weight Settings Protocol (DGW) DHCP - Dynamic Host Configuration Protocol DIO - Distribution Initiated Opportunity DLP - Data Loss Protection DMZ - Demilitarized Zone [Demilitarized Zone DNS - Domain Name System DoH - DNS over HTTP DoT - DNS over TLS DPIAs - Data Protection Impact Assessment DRP - Disaster Recovery Plan DSR - Data Subject Rights E ELA - Enterprise License Agreement EDPB - European Data Protection Board EDR - Endpoint Detection and Response EPP - Endpoint Protection Platforms EUSA - End User Software Agreement F FIPS - Federal Information Processing Standards FPGA - field-programmable gate array FQDN - Fully Qualified Domain Name FRR - FRRouting G GDPR - General Data Protection Regulations GKE - Google Kubernetes Engine GPU - Graphic Processing Unit GSLB - Volterra’s Global Load Balancing gRPC - Google Remote Procedure Call H HIPAA - Health Insurance Portability & Accountability Act HMAC -Hash-based message authentication HSL - High-Speed Logging HTTP - Hypertext Transfer HTTPS - Hypertext Transfer Protocol I IANA- Internet Assigned Numbers Authority IBD - Integrated Bot Defense ICO - Information Commission Office IDS - Intrusion Detection System IIoT -Industrial Internet of Things ILM - Information Lifecycle Management IoT - Internet of Things IPAM- IP Address Management IPSec - Internet Protocol Security IR - Incidence Response ISO - Standardization Organization ISP- Internet Service Provider J JS - Javascript K KMS - Key Management Service / Key Management System KPI - Key Performance Indicator KV - Key Value k8s - Kubernetics L L7 - Layer 7 - The application layer LB - Load Balancer LBaaS - Load Balancing as a Service LDAP -Lightweight Directory Access Protocol LFI - Local File Exclusion attack LTM - Local Traffic Manager M MAM - Mobile Application Management MDM - Mobile Device Management MFA - Multi-Factor Authentication MitM - Man in the Middle ML - Machine Learning MSA - Master Service Agreement MSP - Managed Service Provider MT - Managed Tenant mTLS - Mutual Transport Layer Security MUD - Malicious User Detection MUM - Malicious User Mitigation N NAP - Network access point NAS - Network-Attached Storage NAT- Network Address Translation NIC - NetworkInterface Cards NFV - Network functions NFVI - Network functions virtualization NPU - Network Processing Units O OAS - OpenAPI Specification (Swagger) OPA - Open Policy Agent OT - Original Tenant OWASP - Open Web Application Security Project P PAAS - Platform as a service (PaaS PBD - Proactive Bot Defence. PCI DSS - Payment Card Industry Data Security Standard. PBD - Privacy by Design PE - Portable executable PFS - Perfect Forward Secrecy PIA - Privacy Impact Assessments PII - Personally identifiable information POP - Point of Presence Q QoS -Quality of Service R RBAC - Role based Access control RCE - Remote Code Execution RDP- Remote Desktop Protocol RE - Routing Engine, Regional Edges REST - Representational State Transfer *[[Rest API -Representational State Transfer]]* RFI - Request For Information OR Remote File Inclusion vulnerability attack RFP - Request for Proposal RPC - Remote Procedure Call RSA – (Rivest–Shamir–Adleman) is a public-key cryptosystem RTT - Round Trip Time S SAM - Security Accounts Manager SAML - Security Assertion Markup Language SCIM - System for Cross-domain Identity Management SCP - Secure Copy Protocol SCP - Server Communication Proxy SDC - F5 Security and Distributed Cloud SDK - Software Development Kit SDN - Software Defined Network SE - Solutions Engineer SIEM - Security Information & Event Management SLA - Service Level Availability SLED -State,Local Government and Education SLI - Service Level Indicator SNAT- Source Network Address Translation SOC - Security Operations Center SP - Service Provider SPK - Service Proxy for Kubernetes SRE - Site reliability engineering SRT - Security Research Team at F5 SSD - Solid State Drive SSL - Secure Sockets Layer SSO - Single Sign On SSRF - Server-side request forgery STRIDE - Spoofing, Tampering,Repudiation,Information Leakage, Denial of Service, Elevation of Privilege (a TMA Model) T TCL - Tool Command Language TCP - [Transmission Control Protocol TDM -Technical Decision Maker TLS - Transport layer Security TMA - Threat Model Assessment TO - Tenant Owner TOCTOU - Time of Check vs Time of Use TOI - Transfer of Information TTFB - Time to First Bit TTL - Time to Live U UAM - User Access Management UI - User Interface URI - Uniform Resource URL - Uniform Resource Locator UX - User Experience V VER - Volterra Edge Router VES - Volterra Edge Services VIF - virtual interface VIP - Virtual IP address VM - Virtual Machine Vnet - Virtual network VPC - Virtual Private Cloud VPN - Virtual Private Network VRS - Volterra Rules Set W WAAP - Web Application& API Protection WAF - Web application firewall WPA3 - Wi-Fi Alliance Access 3 X XML - Extensible Markup Language [XML - Wikipedia](https://en.wikipedia.org/wiki/XML) XSS - Cross Site Scripting XSRF - Cross-Site Request Forgery, also known as CSRF Y Z ZTNA -Zero Trust Network Access ZTP - Zero-Touch Provisioning ZTS - Zero Trust Security4.8KViews5likes5CommentsF5 XC | Stuck at VIRTUAL_HOST_PENDING_A_RECORD
I have a running OWASP Juice Shop in Azure and have assigned a public IP on it. Trying to build a load balancer using XC. I am stuck at theVIRTUAL_HOST_PENDING_A_RECORD status. Question is do I need to use my own DNS to create a domain name entry for my load balancer? Can I do anything to bypass this or any workaround you may have?Solved2.9KViews0likes6CommentsGlobal Log Receiver
Hey, I'm trying to configure an HTTP Load Balancer with a Global Log Receiever, I saw that it is unavailable in the Free Plan so I switch to the Individual Plan but the Global Log Receiver feature is still locked. What do I need in order to unlock it? Thanks!Solved1.6KViews0likes3CommentsXC Backup via API
Hi Floks, I would like to automate the backup (and restore if needed!) of my XC configurations via the API. What is the best way, can I save all the configurations at once, should I save the namespaces completely, one by one or should I save each object of a namespace (pool, healthcheck, HTTP LB, App FW...)? Or maybe it's doable per service? In short, what is the smartest way to make a complete backup of the confs? Thanks.Solved1.4KViews1like3Comments