App Stack, the "iRule" of F5 Distributed Cloud
Today, F5 Distributed Cloud boasts myriad security capabilities, ranging from Web Application Firewall API security DDoS Mitigation Bot Detection Application Infrastructure Protection And more. As the platform continues to grow, the number of security, networking, and application management capabilities is only going to increase over time. But, what if you need certain capabilities that do not exist today on the platform? SaaS offerings are easy to consume, but can be opinionated in how capabilities are provided, if at all. The best course of action is to raise a feature request. In the meantime, allow me to introduce a superpower hidden in plain sight: F5 Distributed Cloud App Stack A brief primer on Distributed Cloud App Stack Described as a SaaS to enable lifecycle management of applications across distributed infrastructure, Distributed Cloud App Stack lets users run Kubernetes applications in any location or environment, without needing to manage Kubernetes clusters. This could be on any of the Distributed Cloud Regional Edges (RE), or Customer Edges (CE) deployed in the users' private environment. An application deployed on App Stack runs like a Kubernetes application, and can be advertised via HTTP or TCP Load Balancers for clients to consume its services. In other words, an application running on App Stack can be treated as an origin server in the context of a Load Balancer on F5 Distributed Cloud. Enhancing Distributed Cloud with App Stack If F5 Distributed Cloud Load Balancer is missing certain capabilities you require today, one option is to use App Stack to deploy another proxy running on the REs, and have the proxy perform the required capabilities instead. Some use cases that I have been exploring include (click on the links to see code examples!): Injecting client certificate details into a HTTP header for a mutual TLS connection Parsing a PROXY protocol header Validating a claim in a JSON Web Token For those who have experience with F5 BIG-IP, these might feel similar to using an iRule to perform custom logic not natively supported on BIG-IP. Given enough time and requests, some of these might even make it into the platform as a native capability, akin to how some BIG-IP modules/features today were born from commonly used iRules in the past. It is also worth noting that proxies deployed in the examples above can further forward the traffic to another HTTP or TCP Load Balancer on F5 Distributed Cloud, allowing you to take advantage of other capabilities on the platform. Again, this should ring a bell for those who are aware of the VIP targeting VIP concept in BIG-IP. Conclusion I hope this article has provided you with a new perspective on F5 Distributed Cloud App Stack. F5 Distributed Cloud is constantly evolving, and will continue to introduce more capabilities, but for what is missing now, have a look at implementing it with App Stack. Related Content Kubernetes architecture options with F5 Distributed Cloud Services Deploy High-Availability and Latency-sensitive workloads with F5 Distributed Cloud Lightboard Lessons: Vip Targeting VipF5 Distributed Cloud - Regional Decryption with Virtual Sites
In this article we discuss how the F5 Distributed Cloud can be configured to support regulatory demands for TLS termination of traffic to specific regions around the world. The article provides insight into the F5 Distributed Cloud global backbone and application delivery network (ADN). The article goes on to inspect how the F5 Distriubted Cloud is able to achieve these custom topologies in a multi-tenant architecture while adhearing to the "rules of the internet" for route summarization. Read on to learn about the flexibility of F5's SaaS platform providing application delivery and security solutions for your applications.
Demo Guide: Edge Compute with F5 Distributed Cloud Services (SaaS Console, Automation)
This demo guide provides walk-through steps or Terraform scripts to deploy and connect with multi-cloud-networking (MCN) a sample Compute Edge app infrastructure across multiple cloud providers (Azure and AWS) or a single cloud of your choosing.
