on 04-Dec-2019 00:35
Hey there, community! Many moons ago my good friend and colleague "THE" Colin Walker started a series of iRules challenges for our sales engineers at their new hire boot camps and then published the results here at DevCentral. Personally, I have used Project Euler for my own development or for mentoring students I've worked with. In shoring up my own python language-specific skills, I use PyBites and Python Morsels. All these are great for the busy technologist because they offer three things:
That brings me to the point of this new article series. The idea is to release a challenge on a frequent basis with a solution released the following week in a GitHub repo. Different from Colin’s original series? It will not be limited to iRules. It could be solution oriented, an investigation into the power of a command line tool, or any number of API-related queries.
Final order of business before jumping in: why the name? Well, it’s an homage and/or an amalgamation of Project Euler, the BIG-IP hud chain, and the F5 automation toolchain. The goal here is to build the requisite skills bite by bite to connect all these chainlinks into a suite of skills at your disposal.
The background: DC Nerd Life, Inc has one public facing web application with an FQDN of www.nerdlife.local. This application is offloaded at their BIG-IP that has a single public IP address available to host the website and two servers serving content via the http protocol.
The problem: Management has an immediate requirement to stand up a new web application with a different FQDN of www.nerdknobs.local. There is no additional IP space for you to use. How do you manage this new requirement?
Solution: Your solution should result in a BIG-IP configuration consisting of two servers in a pool, the necessary profiles, and the virtual server configuration.
Bonus challenge: If instead of www.nerdknobs.local, the new FQDN was my.nerdlife.local. How, if at all, might your solution look different?
Questions for understanding:
Update: The solution has been published. If you haven't attempted the challenge, hold off and give it a shot!
"The solution has been published" link points to a defunct Github link (404).
To handle TLS:
-Server Name Indicator (SNI) helps in determining which certificate/key pair to use for the exchange (ref. https://devcentral.f5.com/s/articles/ssl-profiles-part-7-server-name-indication)
-Subject alternative name might help too - add the other hostnames/fqdn to the certificate that is used (ref.https://www.digicert.com/subject-alternative-name.htm)
-Use a wildcard certificate
To handle the virtual server "routing" the connection as mentioned above LTM Policies or the ever faithful iRule!