Project Chain Links: Introduction

JRahm · ‎04-Dec-2019

Hey there, community! Many moons ago my good friend and colleague "THE" Colin Walker started a series of iRules challenges for our sales engineers at their new hire boot camps and then published the results here at DevCentral. Personally, I have used Project Euler for my own development or for mentoring students I've worked with. In shoring up my own python language-specific skills, I use PyBites and Python Morsels. All these are great for the busy technologist because they offer three things:

A clear problem to solve
A focused, bite-sized problem that can be tackled at lunch or on a break
A solution to validate your efforts

That brings me to the point of this new article series. The idea is to release a challenge on a frequent basis with a solution released the following week in a GitHub repo. Different from Colin’s original series? It will not be limited to iRules. It could be solution oriented, an investigation into the power of a command line tool, or any number of API-related queries.

Final order of business before jumping in: why the name? Well, it’s an homage and/or an amalgamation of Project Euler, the BIG-IP hud chain, and the F5 automation toolchain. The goal here is to build the requisite skills bite by bite to connect all these chainlinks into a suite of skills at your disposal.

Challenge #1

The background: DC Nerd Life, Inc has one public facing web application with an FQDN of www.nerdlife.local. This application is offloaded at their BIG-IP that has a single public IP address available to host the website and two servers serving content via the http protocol.

The problem: Management has an immediate requirement to stand up a new web application with a different FQDN of www.nerdknobs.local. There is no additional IP space for you to use. How do you manage this new requirement?

Solution: Your solution should result in a BIG-IP configuration consisting of two servers in a pool, the necessary profiles, and the virtual server configuration.

Bonus challenge: If instead of www.nerdknobs.local, the new FQDN was my.nerdlife.local. How, if at all, might your solution look different?

Questions for understanding:

How does the TLS handshake make this solution possible?
Before your solution is in place, what happens on the client and server side for requests to an unknown application?
After your solution is in place, what happens on the client and server side for requests to the known applications? What about unknown applications?
What happens for clients that don’t support the solution?

Update: The solution has been published. If you haven't attempted the challenge, hold off and give it a shot!

JRahm · ‎04-Dec-2019

Create a gist on github and link your solution here in the comments!

ltwagnon · ‎04-Dec-2019

I haven't started on a solution, but would Server Name Indication (SNI) be a part of the solution?

By the way, this is gonna be a great series...looking forward to it all!

Hyder · ‎04-Dec-2019

Like the challenge. 🙂

Can we use iRule on this?

JRahm · ‎05-Dec-2019

an iRule is possible but not for the faint of heart. There is another way. John is on the yellow brick road...

Venky · ‎05-Dec-2019

LTM policy

Romain · ‎12-Dec-2019

"The solution has been published" link points to a defunct Github link (404).

To handle TLS:

-Server Name Indicator (SNI) helps in determining which certificate/key pair to use for the exchange (ref. https://devcentral.f5.com/s/articles/ssl-profiles-part-7-server-name-indication)

-Subject alternative name might help too - add the other hostnames/fqdn to the certificate that is used (ref.https://www.digicert.com/subject-alternative-name.htm)

-Use a wildcard certificate

To handle the virtual server "routing" the connection as mentioned above LTM Policies or the ever faithful iRule!

JRahm · ‎12-Dec-2019

Thanks Romain, I've fixed the link. Forgot to update the article when I renamed that file..whoops.

naman1 · ‎26-Dec-2019

Thanks Jason for fix the link

Regards:) tubemate get-mobdro.com authorityapk.com