Less than 600 seconds lab
In my previous post I shared with you, how you can deploy a lab environment in less than 60 seconds with AS3.
This time let's take a look at another lab, that you can set up in less than 10 minutes.
Purpose of this lab
This lab requires a web server. And some minimal knowledge of Linux (Debian) and git.
In my example, I use NGINX. The web application consists of four pages in four colours (red, blue, yellow and green) that are designed to demonstrate the load balancing functionality of the F5 Local Traffic Manager (LTM).
You can use the app to familiarise yourself with load balancing functionalities such as:
- different load balancing methods and priority groups
- different types of persistence
- caching
- HTTP, SSL and other profiles
- SNAT
The web application has a couple of nice features
- real-time server information display like
- Server hostname
- Request timestamp (ISO 8601 format)
- Request URI
- Source IP address
- X-Forwarded-For (XFF) header
- User-Agent informatio
- modern, responsive UI
- picture gallery
Prerequisites
First you need to set up and configure the web server.
Add multiple IPs to the web server (Debian 11+).
Edit /etc/network/interfaces:
sudo nano /etc/network/interfacesAdd the following:
allow-hotplug eth0
iface eth0 inet static
address 192.168.1.10/24
gateway 192.168.1.1
auto eth0:1
allow-hotplug eth0:1
iface eth0:1 inet static
address 192.168.1.11/24
auto eth0:2
allow-hotplug eth0:2
iface eth0:2 inet static
address 192.168.1.12/24
auto eth0:3
allow-hotplug eth0:3
iface eth0:3 inet static
address 192.168.1.13/24Restart networking:
sudo systemctl restart networkingNote: Replace eth0 with your actual interface name.
Generate SSL Certificate
Create a self-signed SSL certificate with RSA 2048-bit key (no password):
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout nginx-selfsigned.key -out nginx-selfsigned.crt \
-subj "/C=US/ST=State/L=City/O=Organization/CN=example.com"Installing the web application
Example for NGINX
1. Clone the repository
git clone https://github.com/webserverdude/ltm-demo-html.git
cd webpages2. Deploy to your web server
sudo cp -r * /var/www/ltm-demo-html3. Configure your web server
see below
NGINX Configuration
The configuration includes HTTP as well as HTTPS listeners.
Add this configuration to your NGINX server block:
server {
listen 192.168.1.10:8000 default_server;
root /var/www/ltm-demo-html;
index index_red.html;
server_name _;
add_header X-Backend-Server 1;
add_header Set-Cookie "X-Backend-Server=1; Max-Age=10";
location / {
try_files $uri $uri/ =404;
}
# Enable the substitution filter
sub_filter_once off; # Allow multiple substitutions
# Replace template variables with actual NGINX variables
sub_filter '{{server_name}}' '$hostname';
sub_filter '{{time_iso8601}}' '$time_iso8601';
sub_filter '{{request_uri}}' '$request_uri';
sub_filter '{{remote_addr}}' '$remote_addr';
sub_filter '{{http_x_forwarded_for}}' '$http_x_forwarded_for';
sub_filter '{{http_user_agent}}' '$http_user_agent';
}
server {
listen 10.0.2.71:443 ssl default_server;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
# SSL configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
root /var/www/ltm-demo-html;
index index_red.html;
server_name _;
add_header X-Backend-Server 1;
add_header Set-Cookie "X-Backend-Server=$request_id; Max-Age=10; Secure; SameSite=Strict";
location / {
try_files $uri $uri/ =404;
}
# Enable the substitution filter
sub_filter_once off; # Allow multiple substitutions
# Replace template variables with actual NGINX variables
sub_filter '{{server_name}}' '$hostname';
sub_filter '{{time_iso8601}}' '$time_iso8601';
sub_filter '{{request_uri}}' '$request_uri';
sub_filter '{{remote_addr}}' '$remote_addr';
sub_filter '{{http_x_forwarded_for}}' '$http_x_forwarded_for';
sub_filter '{{http_user_agent}}' '$http_user_agent';
}Note: This is just a snippet for one HTTP and one HTTPS virtual. The full config for all four pages is available at my Git repository in the nginx_config folder.
Once this is done, check the web pages from your browser. Make sure they work as expected.
Configure your BIG-IP
After the web server is running and serving all 4 pages with HTTP and HTTPS, you can configure your BIG-IP. My AS3 declaration includes an HTTP and an HTTPS virtual server, two pools and some http and persistence profiles. Here is a snippet:
{
"$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/latest/as3-schema.json",
"class": "AS3",
"action": "deploy",
"persist": true,
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"LTM_Demo": {
"class": "Tenant",
"LTM_Demo": {
"class": "Application",
"vs_http": {
"class": "Service_HTTP",
"virtualAddresses": [
"192.168.3.80"
],
"persistenceMethods": [],
"profileHTTP": {
"use": "pr_http_xff"
},
"pool": "pl_ltm-demo_http",
"snat": {
"use": "pl_SNAT_addresses"
}
}, ...The complete AS3 configuration can be found in my Git repository.
The repository also contains an additional AS3 declaration with further configuration options.
Note: You should not deploy the second declaration with the optional configurations; instead, merge the snippets you want to use into ltm_demo.json.
Deployment
The deployment of the AS3 declaration works similar like I described in my previous post.
What's next?
You can try differnet load balancing algorithms, persistence methods, caching, SSL configurations.
Once you set up the web app and the LTM config, play around - the sky is the limit. Have fun!
