Project Chain Links: Introduction
Hey there, community! Many moons ago my good friend and colleague "THE" Colin Walker started a series of iRules challenges for our sales engineers at their new hire boot camps and then published the results here at DevCentral. Personally, I have used Project Euler for my own development or for mentoring students I've worked with. In shoring up my own python language-specific skills, I use PyBites and Python Morsels. All these are great for the busy technologist because they offer three things:
- A clear problem to solve
- A focused, bite-sized problem that can be tackled at lunch or on a break
- A solution to validate your efforts
That brings me to the point of this new article series. The idea is to release a challenge on a frequent basis with a solution released the following week in a GitHub repo. Different from Colin’s original series? It will not be limited to iRules. It could be solution oriented, an investigation into the power of a command line tool, or any number of API-related queries.
Final order of business before jumping in: why the name? Well, it’s an homage and/or an amalgamation of Project Euler, the BIG-IP hud chain, and the F5 automation toolchain. The goal here is to build the requisite skills bite by bite to connect all these chainlinks into a suite of skills at your disposal.
Challenge #1
The background: DC Nerd Life, Inc has one public facing web application with an FQDN of www.nerdlife.local. This application is offloaded at their BIG-IP that has a single public IP address available to host the website and two servers serving content via the http protocol.
The problem: Management has an immediate requirement to stand up a new web application with a different FQDN of www.nerdknobs.local. There is no additional IP space for you to use. How do you manage this new requirement?
Solution: Your solution should result in a BIG-IP configuration consisting of two servers in a pool, the necessary profiles, and the virtual server configuration.
Bonus challenge: If instead of www.nerdknobs.local, the new FQDN was my.nerdlife.local. How, if at all, might your solution look different?
Questions for understanding:
- How does the TLS handshake make this solution possible?
- Before your solution is in place, what happens on the client and server side for requests to an unknown application?
- After your solution is in place, what happens on the client and server side for requests to the known applications? What about unknown applications?
- What happens for clients that don’t support the solution?
Update: The solution has been published. If you haven't attempted the challenge, hold off and give it a shot!
Published Dec 04, 2019
Version 1.0
JRahm
Admin
AdminJRahmAdmin
Admin
naman1Nimbostratus
- JRahm
Thanks Romain, I've fixed the link. Forgot to update the article when I renamed that file..whoops.
RomainEmployee
"The solution has been published" link points to a defunct Github link (404).
To handle TLS:
-Server Name Indicator (SNI) helps in determining which certificate/key pair to use for the exchange (ref. https://devcentral.f5.com/s/articles/ssl-profiles-part-7-server-name-indication)
-Subject alternative name might help too - add the other hostnames/fqdn to the certificate that is used (ref.https://www.digicert.com/subject-alternative-name.htm)
-Use a wildcard certificate
To handle the virtual server "routing" the connection as mentioned above LTM Policies or the ever faithful iRule!
VenkyLTM policy
- JRahm
an iRule is possible but not for the faint of heart. There is another way. John is on the yellow brick road...
HyderLike the challenge. :)
Can we use iRule on this?
I haven't started on a solution, but would Server Name Indication (SNI) be a part of the solution?
By the way, this is gonna be a great series...looking forward to it all!
- JRahm
Create a gist on github and link your solution here in the comments!
