on 24-Jan-2020 09:06 - edited on 26-Jan-2022 10:18 by JRahm
This article provides an overview of the configuration items created by the SSL Orchestrator when creating a topology through the guided configuration tool. This article is provided for administrators familiar with BIG-IP constructs such as Virtual Servers, Pools, Route Domains, etc.
The following figure shows the policy created via the guided configuration tool:
The actual configuration resulting from the topology pictured above results in the following Virtual Server objects:
The following pools are created:
The following iRules are added to the configuration:
The following policy is also created using the BIG-IP access and identity module (Accesss Policy Manager or APM).
Policy – This is a per-request policy, not a per-session policy. SSLO per-session policies are stateless and un-editable.
Any chance for some more in depth explanation what is purpose of each object created by SSLO? I once tried to figure it out but was not really sure if I decrypted correctly functions performed but all objects. Would be helpful in case some troubleshooting is necessary.
If possible flow of traffic for one service could be described listing in order which objects are receiving traffic and where this traffic is send. Would appreciate it a lot!
Thanks for the feedback! This article has attracted much more attention than anticipated. I didn't plan on expanding on it but now I think that's a great idea.
Glad you are considering it 👍
Understanding each config element and espacially virtual servers is a must for me.
It can help for troubleshooting, but most importantly, it helps when some iRule logic or custom configuration needs to be added at some point when it can't be done via the SSLO interface.
I would also find it usefull to get some more insight on the gossip protocol and some errors corrections use cases with the iAppLX menu or event with restcurl commands. It helped me some time, but I also had to rebuild the whole config because I coudn't solve some issues.