A complete Multi-Cloud Networking walkthrough with F5 Distributed Cloud
F5 Distributed Cloud – Multi-Cloud Networking
F5 Distributed Cloud (F5 XC) provides a Software-as-a-Service based platform to connect, deliver, secure, and operate your networks and applications across any environment.
This walkthrough contains two sections. The first section uses F5 Distributed Cloud Network Connect to network across cloud locations and providers with simplified provisioning and end-to-end security. The second part uses F5 Distributed Cloud App Connect, and shows how to securely connect distributed workloads across cloud and edge locations with integrated app security.
Distributed Cloud Network Connect
Network Connect helps customers establish a multi-cloud networking fabric with end-to-end cloud orchestration, a gateway that implements L3-L7 functions to enforce network connectivity and security and a unified policy with central visibility for collaboration across NetOps & SecOps.
1. Deploy F5 XC Customer Edge Site(s)
Step 1: Establish a multi-cloud networking fabric by deploying F5 XC Customer Edge (CE) sites (cloud, edge, on-prem)
➡️ See the following article and connected video to learn how to use the Distributed Cloud Console to deploy a CE in AWS and in Azure, and then how to route traffic between each of the sites.
➡️ F5 XC can orchestrate private connectivity, including AWS PrivateLink, Azure CloudLink, and many other private transport providers. The following article covers this capability in greater detail.
Step 2: Customers onboard required VPC/VNets to the F5 XC CE sites to participate in the multi-cloud fabric. F5 XC then orchestrates cloud networking constructs to attract traffic from these VPCs (termed as spokes) and then enforce L3-L7 network services. Cloud orchestration includes things such as creating AWS TGW, route table updates, setting up Azure VNet peering, configuring AWS direct connect -or- Azure Express Route and related resources to establish private connectivity and many more.
➡️ See the following series of articles to learn how to use the Infrastructure as Code utility Terraform to deploy and connect Distributed Cloud CE’s in AWS, Azure, and Google Cloud
Overview & AWS Deployment with F5 Distributed Cloud Multi-Cloud Networking
AWS to Azure via Layer 3 & Global Network with F5 Distributed Cloud Multi-Cloud Networking
Demo Guide: A step-by-step walkthrough using Terraform with Distributed Cloud Network Connect in AWS
MCN 1: Deploy a F5 XC CE Site
MCN 2: Cookie cutter architecture - fully orchestrated: attach spoke VPC/VNets seamlessly.
MCN 3: Sites deployed across the globe to establish a multi-cloud networking fabric.
2. Configure Network Segments in Distributed Cloud
Step 1: Configure Network Segments. These Network Segments will provide an end-to-end global isolated network.
MCN 4: Configure a global Network Segment
Step 2: Associate F5 XC CE Sites (incl. VLANs/interfaces for on-prem/edge sites), onboarded VPCs/VNets to these network segments to create an isolated network within the multi-cloud networking fabric.
➡️ Steps 4, 6, and 10+ in the following article show how to connect the Distributed Cloud Global Network use it to route traffic between different CE Sites
3. Define Security Policies
Step 1: Define security policies such as forward proxy policies, network security policies, traffic policers for your entire multi-cloud networking fabric with the power of labels to easily express the intent without complexities such as IP addresses.
MCN 5: Enhanced Firewall Policy with the power of labels
4. Integrate with 3rd Party NFV services such as Palo Alto Networks Firewall
Step 1: Seamlessly provision NFV services such as Big-IP AWAF, Palo Alto Networks Firewall, into any F5 XC CE site
MCN 6: Orchestrate 3rd party firewalls like Palo Alto
Step 2: Use the power of labels to easily express the intent to steer traffic to these 3rd party NFV appliances.
MCN 7: Seamlessly steer traffic towards 3rd party NFV services such as PAN firewall
➡️ Learn how to deploy a Palo Alto Firewall using Distributed Cloud and a Palo Alto Panorama server, and then redirect traffic to the firewall using Enhanced Firewall Policies
5. Monitor & Troubleshoot your Network
NetOps and SecOps can collaborate using a single platform to monitor & troubleshoot networking issues across the multi-cloud fabric.
MCN 8: Powerful monitoring dashboards & troubleshooting tools for your entire secure multi-cloud network fabric.
Distributed Cloud App Connect
App Connect helps customers simply deliver applications across their multi-cloud networking fabric including the internet without worrying about underlying networking via the distributed proxy architecture with full self-service capability and application isolation via namespaces.
1. Establish a Secure Multi-Cloud Network Fabric
Utilize Multi-Cloud Network Connect to deploy F5 XC CE sites in environments that host your applications.
2. Discover Any App running Anywhere
Step 1: Simply discover all apps running across your environments by configuring service discoveries. Use DNS based service discovery to discover legacy apps and K8s/consul-based service discovery to discover modern apps.
MCN 9: Discover apps in any environment - sample showing apps discovered in a K8s cluster.
3. Deliver Any App Anywhere, incl. the Public Internet
Step 1: Configure a Load Balancer which will connect apps (Origins) discovered in any environment and then deliver it (Advertise) to any environment.
MCN 10: Leverage distributed proxy architecture to connect an App running in Azure to AWS – without configuring ANY networking.
Step 2: Apps can be delivered (Advertised) directly to the internet using F5 XC’s performant anycast global backbone, with DNS delegation & TLS cert management by simply selecting VIP advertisement as ‘Internet’.
MCN 11: Live traffic graph showing seamlessly connecting App in Azure -> AWS and then delivering the App in AWS to the public internet.
➡️ Navigate each step of the process, from deploying CE’s to using App Connect to connect app services locally and advertise the frontend to the Internet. The following collection of articles use the Distributed Cloud Console to facilitate the deployment, and demonstrate how to automate the process using the Infrastructure as Code utility Terraform to orchestrate everything.
Use F5 Distributed Cloud to Connect Apps Running in Multiple Clusters and Sites
Azure & Layer 7 Networking with F5 Distributed Cloud Multi-Cloud Networking
Demo Guide: Using Terraform to connect backend-send services via Distributed Cloud App Connect in Azure
4. Secure your Apps
Step 1: Secure Apps with industry leading application security services such as WAF, Bot, L7 DoS, API security, client-side defense and many more with a single click.
MCN 12: One click application security for all your applications – anywhere
➡️ The following demo guide shows how to deploy web app globally and secure it.
5. Monitor & Troubleshoot your Apps
SecOps, NetOps and DevOps can collaborate using a single platform to monitor & troubleshoot application issues across the multi-cloud fabric.
MCN 13: Performance & Security dashboards for every application namespace - each namespace contains many load balancers.
MCN 14: Performance & Security dashboard for each Load Balancer
MCN 15: Various other security & performance tools to help maintain a healthy secure performant multi-cloud application fabric.
Using the Network Connect and App Connect services in Distributed Cloud, it's easy to deploy, connect, and secure apps that run in multiple clouds. The F5 platform automatically handles the connectivity, routing, and allows customized access, enabling apps to be deployed globally or privately in just a few clicks.