Distributed Cloud Users

Discuss the integration of security, networking, and application delivery services

Featured Group Content

This section shows featured content the Group Owner has highlighted.

Group Content

Acronyms
Acronyms, are used all the time and the author /presentor is usually convinced that everyone in the audience understands what they mean, but every once in a while you hear or read something that you are not sure of the meaning. We are all professionals, that do not want to look like we are the only one in the room who does not know. So after hearing a talk or reading an article we often find ourselves looking it up; this can become confusing because acronyms mean different things when we search outside our field. For example CEwhat does it mean? The letters "CE" are the abbreviation of French phrase "ConformitéEuropéene" which literally means "European Conformity". In the dictionary you will probably find CE meaningCommon Era or ChristianEra.When looking for a more modern meaning, we will find it may mean Consumer Electronics. But here in our community, when someone writes CE, they mean Customer Edge. Here, you have, at your fingertips a list of acronyms, unconfused with other fields. Please let me know ifI missedany acronyms so I can add them to our list. A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | A ACL - Access Control List ADC -Application Delivery Controller ADN -Application delivery network ADO - Application Delivery Optimization ALG - Application Layer Gateway AI - Artificial Intelligence AJAX - Asynchronous JavaScript and XML API - Application Programming Interface APM - Access Policy Manager ASM - Application Security Manager (F5’s Application Security Manager™ ASM is also known as BD) AWAF - Advanced Web Application Firewall AWS - Amazon Web Services B BaDos -Behaviour AniDDoS (Behaviour AniDDoS, an F5 product that is used against DDoS) BDM -- Business Decision Maker BGP - Border Gateway Protocol BOO - Build Once Only C CDN -Content Delivery Network CE - Customer Edge CGNAT - Carrier Grade NAT CIA triad - Confidentiality, Integrity,Availability (triad Security model) CIFS - Common Internet file system CRS - Core RuleSet CRUD -Create , Read, Update, Delete CSRF - Cross-Site Request Forgery, also known as XSRF CUPS - Control Plane and User Plane Separation CVE - Common Vulnerabilities and exposures CVSS - Common Vulnerability Scoring System D DAP - Digital Adoption Plateform DAST - Dynamic testing. (Examples of such tools Qualys and Nessus) DB - Database DC - Direct Communication / Direct Connect DDoS - Distributed Denial-of-Service DGW - Default Gateway Weight Settings Protocol (DGW) DHCP - Dynamic Host Configuration Protocol DIO - Distribution Initiated Opportunity DLP - Data Loss Protection DMZ - Demilitarized Zone [Demilitarized Zone DNS - Domain Name System DoH - DNS over HTTP DoT - DNS over TLS DPIAs - Data Protection Impact Assessment DRP - Disaster Recovery Plan DSR - Data Subject Rights E ELA - Enterprise License Agreement EDPB - European Data Protection Board EDR - Endpoint Detection and Response EPP - Endpoint Protection Platforms EUSA - End User Software Agreement F FIPS - Federal Information Processing Standards FPGA - field-programmable gate array FQDN - Fully Qualified Domain Name FRR - FRRouting G GDPR - General Data Protection Regulations GKE - Google Kubernetes Engine GPU - Graphic Processing Unit GSLB - Volterra’s Global Load Balancing gRPC - Google Remote Procedure Call H HIPAA - Health Insurance Portability & Accountability Act HMAC -Hash-based message authentication HSL - High-Speed Logging HTTP - Hypertext Transfer HTTPS - Hypertext Transfer Protocol I IANA- Internet Assigned Numbers Authority IBD - Integrated Bot Defense ICO - Information Commission Office IDS - Intrusion Detection System IIoT -Industrial Internet of Things ILM - Information Lifecycle Management IoT - Internet of Things IPAM- IP Address Management IPSec - Internet Protocol Security IR - Incidence Response ISO - Standardization Organization ISP- Internet Service Provider J JS - Javascript K KMS - Key Management Service / Key Management System KPI - Key Performance Indicator KV - Key Value k8s - Kubernetics L L7 - Layer 7 - The application layer LB - Load Balancer LBaaS - Load Balancing as a Service LDAP -Lightweight Directory Access Protocol LFI - Local File Exclusion attack LTM - Local Traffic Manager M MAM - Mobile Application Management MDM - Mobile Device Management MFA - Multi-Factor Authentication MitM - Man in the Middle ML - Machine Learning MSA - Master Service Agreement MSP - Managed Service Provider MT - Managed Tenant mTLS - Mutual Transport Layer Security MUD - Malicious User Detection MUM - Malicious User Mitigation N NAP - Network access point NAS - Network-Attached Storage NAT- Network Address Translation NIC - NetworkInterface Cards NFV - Network functions NFVI - Network functions virtualization NPU - Network Processing Units O OAS - OpenAPI Specification (Swagger) OPA - Open Policy Agent OT - Original Tenant OWASP - Open Web Application Security Project P PAAS - Platform as a service (PaaS PBD - Proactive Bot Defence. PCI DSS - Payment Card Industry Data Security Standard. PBD - Privacy by Design PE - Portable executable PFS - Perfect Forward Secrecy PIA - Privacy Impact Assessments PII - Personally identifiable information POP - Point of Presence Q QoS -Quality of Service R RBAC - Role based Access control RCE - Remote Code Execution RDP- Remote Desktop Protocol RE - Routing Engine, Regional Edges REST - Representational State Transfer *[[Rest API -Representational State Transfer]]* RFI - Request For Information OR Remote File Inclusion vulnerability attack RFP - Request for Proposal RPC - Remote Procedure Call RSA – (Rivest–Shamir–Adleman) is a public-key cryptosystem RTT - Round Trip Time S SAM - Security Accounts Manager SAML - Security Assertion Markup Language SCIM - System for Cross-domain Identity Management SCP - Secure Copy Protocol SCP - Server Communication Proxy SDC - F5 Security and Distributed Cloud SDK - Software Development Kit SDN - Software Defined Network SE - Solutions Engineer SIEM - Security Information & Event Management SLA - Service Level Availability SLED -State,Local Government and Education SLI - Service Level Indicator SNAT- Source Network Address Translation SOC - Security Operations Center SP - Service Provider SPK - Service Proxy for Kubernetes SRE - Site reliability engineering SRT - Security Research Team at F5 SSD - Solid State Drive SSL - Secure Sockets Layer SSO - Single Sign On SSRF - Server-side request forgery STRIDE - Spoofing, Tampering,Repudiation,Information Leakage, Denial of Service, Elevation of Privilege (a TMA Model) T TCL - Tool Command Language TCP - [Transmission Control Protocol TDM -Technical Decision Maker TLS - Transport layer Security TMA - Threat Model Assessment TO - Tenant Owner TOCTOU - Time of Check vs Time of Use TOI - Transfer of Information TTFB - Time to First Bit TTL - Time to Live U UAM - User Access Management UI - User Interface URI - Uniform Resource URL - Uniform Resource Locator UX - User Experience V VER - Volterra Edge Router VES - Volterra Edge Services VIF - virtual interface VIP - Virtual IP address VM - Virtual Machine Vnet - Virtual network VPC - Virtual Private Cloud VPN - Virtual Private Network VRS - Volterra Rules Set W WAAP - Web Application& API Protection WAF - Web application firewall WPA3 - Wi-Fi Alliance Access 3 X XML - Extensible Markup Language [XML - Wikipedia](https://en.wikipedia.org/wiki/XML) XSS - Cross Site Scripting XSRF - Cross-Site Request Forgery, also known as CSRF Y Z ZTNA -Zero Trust Network Access ZTP - Zero-Touch Provisioning ZTS - Zero Trust Security
DinaS
Jul 06, 2022 Place XC Users Articles
4.8KViews
5likes
5Comments
Bypass WAF for X-forwarder IP in XC
We use the F5 XC and want to bypass the WAF rules if traffic comming from specific IP address in X-forwarder-for field, X-forwarder-for Field contail Multiple IP address and if any of the IP matches to the list , XC should bypass the WAF rules E.g. Http header x-forwarded-for : 1.1.1.1; 2.2.2.2 , requirement is to bypass WAF Rule for the IP 1.1.1.1
Solved
vikas_Patil
Dec 26, 2022 Place XC Users Forum
3.4KViews
0likes
6Comments
F5 XC | Stuck at VIRTUAL_HOST_PENDING_A_RECORD
I have a running OWASP Juice Shop in Azure and have assigned a public IP on it. Trying to build a load balancer using XC. I am stuck at theVIRTUAL_HOST_PENDING_A_RECORD status. Question is do I need to use my own DNS to create a domain name entry for my load balancer? Can I do anything to bypass this or any workaround you may have?
Solved
teemo_13
Mar 20, 2023 Place XC Users Forum
3KViews
0likes
6Comments
F5 Distributed Cloud(XC) Site Edge/Customer Sites without Regional Edge capabilities question.
Hello, I decided to finally read about the the F5 Distributed Cloud and I had some questions about using only Site Edge Nodes (Customer Sites) without Regional Edge Nodes. Is layer 7 DOS/DDOS protection still an option without Regional Edge ? For me this should work as only for Layer 3/4 DOS/DDOS the Regional Edge is needed as a scrubbing center. Also is it possible to make ipsec/ssl tunnels between Site Edge Nodes full mesh? From I read inhttps://docs.cloud.f5.com/docs/about-f5-distributed-cloud/mesh this should be correct if I am reading it right "Using an industry-proven network stack with most advanced BGP implementation, we are able to provide full-mesh or hub-and-spoke connectivity across cloud or edge sites. The nodes automatically create secure IPSec/SSL tunnels with each other if they have direct IP reachability or securely connect to multiple nearest global PoPs. Using application or policy-based routing, traffic can be load balanced for optimal performance across this network. In addition, you can enable a network firewall and forward proxy capabilities to control and filter traffic to and from the applications."
Solved
Nikoolayy1
Oct 23, 2022 Place XC Users Forum
3KViews
0likes
3Comments
Multiple CE nodes in vmware?
Hi all, I've been working through building out a lab for DXC in my local VMware ESXi environment. I've got a handle on one node pretty well, but trying to add an additional node to the cluster, it never seems to finish provisioning. I'm on the lowest paid tier, curious if anyone has made this work and hopefully has some pointers or a guide? Thanks! Josh
Solved
JoshBecigneul
Nov 18, 2022 Place XC Users Forum
2.5KViews
0likes
5Comments
Handle False Positive for files upload
Hi folks, I'm wondering how to handle uploading files through XC. For example, I have a URL used for uploading files to a web application, say /upload. The files appear to be scanned by XC which detects and triggers many attack signatures. According to my tests they are all false positives. A concrete example of trigered signature: Signature ID 200104770 name: JSP Expression Language Expression Injection (3) (Parameter) attack_type:ATTACK_TYPE_SERVER_SIDE_CODE_INJECTION matching_info:Matched 62 characters on offset 1 against value: "'F${F=;_V>`chRm]8L{go4*tQ$hy8vNOb0Q3~!OzWOBG*wp?:zA>S[e=}!u1^s4_'." The habit I had on ASM was to disable problematic signatures on this type of URL. Is there a more relevant way to handle these cases on XC? Many thanks.
Solved
AlsDevC
May 03, 2023 Place XC Users Forum
1.9KViews
0likes
6Comments
Inspecting HTTP LB traffic for security
Hi, I'm looking for an option to inspect the traffic that goes within my HTTP Load Balancers for security reasons. On BIGIP-LTM I have used the Clone Pool solution or developed my own iRules. Does the Distributed Cloud version suggest a similar feature? maybe a logs? Thanks
Solved
amnonb
Nov 22, 2022 Place XC Users Forum
1.7KViews
0likes
2Comments
Global Log Receiver
Hey, I'm trying to configure an HTTP Load Balancer with a Global Log Receiever, I saw that it is unavailable in the Free Plan so I switch to the Individual Plan but the Global Log Receiver feature is still locked. What do I need in order to unlock it? Thanks!
Solved
GuyG
May 16, 2023 Place XC Users Forum
1.6KViews
0likes
3Comments
A quick post on how F5 XC Health Checks are different from BIG-IP
F5 Distributed Cloud (F5 XC) HTTP Health Checks (HC) behave differently from the basic HTTP Health Check from the beloved BIG-IP platform that F5 is known for. Because of this difference, some of your testing and real-world experiences may be a little different. One issue you may encounter is the difference in TCP/HTTP connection handling. On BIG-IP, the HTTP HC sends a HTTP/0.9 style GET request. With HTTP/0.9, there is no persistent TCP session, and every check is a brand-new request. By default, in F5 XC, XC will send HTTP/1.1 requests with the default behaviour of Connection: keep-alive set. This may result in Health Checks continuing to work even though new client sessions may be blocked. If this isn't desired for your health checks, you can change to a single use style health check by adding the HTTP header: Connection: Close to your health check. Here's a table that shows the GET requests and responses between BIG-IP and XC. HTTP Requests BIG-IP Basic HTTP XC Basic HTTP Get Request Hypertext Transfer Protocol GET /\r\n \r\n [HTTP request 1/1] Hypertext Transfer Protocol GET / HTTP/1.1\r\n host: demo.com\r\n user-agent: Envoy/HC\r\n \r\n [Full request URI: http://demo.com/] [HTTP request 1/1] Response Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n X-Frame-Options: ALLOW-FROM \r\n Content-Type: text/html; charset=utf-8\r\n Vary: Accept-Encoding\r\n Date: Tue, 21 Mar 2023 15:59:11 GMT\r\n Connection: close\r\n \r\n [HTTP response 1/1] [Time since request: 0.001904999 seconds] [Request in frame: 14] [Request URI: /] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n X-Frame-Options: ALLOW-FROM \r\n Content-Type: text/html; charset=utf-8\r\n Vary: Accept-Encoding\r\n Date: Tue, 21 Mar 2023 16:18:44 GMT\r\n Connection: keep-alive\r\n Keep-Alive: timeout=5\r\n Transfer-Encoding: chunked\r\n \r\n [HTTP response 1/1] [Time since request: 0.080959858 seconds] [Request in frame: 4] [Request URI: http://demo.com/] HTTP chunked response Here is the JSON payload to create your own Health Check with the Connection Close header set: { "metadata": { "name": "hc-http-connectionclose-200-302", "namespace": "shared", "labels": {}, "annotations": {}, "disable": false }, "spec": { "http_health_check": { "use_origin_server_name": {}, "path": "/", "use_http2": false, "headers": { "Connection": "Close" }, "request_headers_to_remove": [], "expected_status_codes": [ "200", "302" ] }, "timeout": 3, "interval": 15, "jitter": 0, "unhealthy_threshold": 1, "healthy_threshold": 3, "jitter_percent": 30 } } Thanks for reading and best of luck in your journey with F5 Distributed Cloud.
GlenWillms
Mar 21, 2023 Place XC Users Forum
1.6KViews
8likes
2Comments
Is there plans for F5 Distributed Cloud(XC) horizontal scaling of edge Site nodes?
Hello, The F5 Distributed Cloud(XC) is a great product but is there a plan for future horizontal scaling of edge Site nodes? For example when the traffic is too much to not only increase the CPU and Memory of the already existing node in the public or private cloud customer location but also to create more nodes as maybe one to be the cluster primary node that gets the packets and without processing the packets to send them to the other secondary nodes using mac rerouting (I do not think SSL/Ipsec tunnel between the primary and secondary nodes). As I know that GSLB will comming to the Site Edge nodes and everyday other new things are added to the Distributed Cloud maybe this is on the road map 🙂 Edit: I talked about Mac tunnel and future XC GSLB if each edge node is a GSLB peer and Local HTTP Load balancer at the same time something like GSLB cookie persistence can also be done in the future, where after the DNS resolution and when HTTP traffic is processed a cookie is added and for example DNS times out and a new GSLB resolution is done but this time another Edge Node is selected for servicing the traffic then the cookie can be used for the new edge node to redirect the traffic to the old edge node that was servicing it. The possibilities with XC for new features as this is an SDN solution are almost limitless 🙂
Solved
Nikoolayy1
Oct 23, 2022 Place XC Users Forum
1.5KViews
2likes
1Comment

About Distributed Cloud Users

Discuss the integration of security, networking, and application delivery services

Owned by: Rebecca_Moloney, DinaS, mlangdon, and LiefZimmermanCreated: 3 years ago

Open Group

Boards

XC Users Forum
Open conversations with staff and peers about F5 Distributed Cloud Services.
Nov 08, 202429 Posts
XC Users Articles
Authoritative information from F5 Distributed Cloud Services subject matter experts for you, the community.
Dec 01, 202312 Posts
XC Users Suggestions
Provide ideas and feedback to F5 staff on how to improve the usefulness of this community group.
0 Posts