devops

1572 Topics

F5 NGINX Automation Examples [Part 2: Deploying NGINXaaS with App Protect and Grafana Integration]
Introduction Welcome back to the F5 NGINX Automation Examples series. We will explore innovative ways to leverage the power of NGINX and F5 technologies for modern application deployment. If you’re new to this series, be sure to start with our first article. This series utilizes the F5 NGINX Automation GitHub repository along with a robust CI/CD platform to facilitate the deployment of F5 NGINX as a Service for Azure (F5 NGINXaaS for Azure). This includes integrations with F5 NGINX App Protect for enhanced security, as well as Azure Grafana for comprehensive monitoring and visualization of system metrics. The approach is deeply rooted in DevSecOps principles. It ensures that security, automation, and collaboration are woven into every stage of your development and deployment processes. F5 NGINXaaS for Azure is a versatile and powerful Application Delivery as a Service (ADCaaS) platform that seamlessly integrates with the Microsoft Azure cloud environment. This service harnesses the scalability, flexibility, and reliability of cloud-native infrastructure. Combined with the adaptability of NGINX technology, it empowers organizations to deploy, secure, and scale their modern applications and microservices efficiently. Whether you're managing small projects or large-scale enterprise applications, NGINXaaS provides the tools and infrastructure you need to meet your evolving IT and business needs. In this detailed example, we present a comprehensive, step-by-step guide for setting up a Terraform deployment of NGINXaaS on Azure with NGINX App Protect. This deployment will enable advanced load-balancing capabilities for demonstration applications such as tea and coffee, which run across two virtual machines. The NGINX App Protect policy will secure upstream applications, ensuring robust security and traffic management. Furthermore, this guide will walk you through deploying Azure Grafana. This powerful visualization tool lets you effectively monitor and analyze system metrics, including those from F5 NGINX Plus and virtual machines. By doing this, you can get useful information about how your system works, find problems, and make your deployment work best for you and your customers. Architecture Diagram NGINXaaS + App Protect with Azure Grafana Workflow guide Deploying F5 NGINXaaS on Azure with App Protect and Azure Grafana Integration The workflow guide provides step-by-step instructions on how to deploy using Terraform, along with other relevant instructions. Note: This workflow guide covers the deployment of Precompiled App Protect Policies in NGINXaaS using Terraform. Custom security policies for NGINXaaS for Azure can be created and managed via API or Azure Portal, but not currently through Terraform. Prerequisites: Azure Account - Due to the assets being created, the free tier will no longer be applicable. GitHub Account Tools: Cloud Provider:  Azure IAC: Terraform CI/CD: GitHub Actions Conclusion This article outlines how to automate the deployment of F5 NGINXaaS on Azure, including NGINX App Protect and Azure Grafana integration, using Terraform. By following the step-by-step process, you can efficiently create a robust and scalable environment to manage your applications. The integration of NGINX App Protect enhances the security of your deployments. Azure Grafana provides essential insights through visualization, helping you monitor performance and make informed decisions. Resources Elevate Your Cloud Journey with F5 NGINXaaS for Azure How to Elevate Application Performance and Availability in Azure with F5 NGINXaaS Enhancing Application Delivery with F5 NGINXaaS for Azure: ADC-as-a-Service Redefined
Akash_Ananthanarayan
Jul 22, 2025 Place Technical Articles
20Views
0likes
0Comments
F5 BIG-IP deployment with Red Hat OpenShift - keeping client IP addresses and egress flows
Controlling the egress traffic in OpenShift allows to use the BIG-IP for several use cases: Keeping the source IP of the ingress clients Providing highly scalable SNAT for egress flows Providing security functionalities for egress flows
Ulises_Alonso
Jul 22, 2025 Place Technical Articles
583Views
1like
2Comments
How I did it - "High-Performance S3 Load Balancing of Dell ObjectScale with F5 BIG-IP"
As AI and data-driven workloads grow, enterprises need scalable, high-performance, and resilient storage. Dell ObjectScale delivers with its cloud-native, S3-compatible design, ideal for AI/ML and analytics. F5 BIG-IP LTM and DNS enhance ObjectScale by providing intelligent traffic management and global load balancing—ensuring consistent performance and availability across distributed environments. This article introduces Dell ObjectScale and its integration with F5 solutions for advanced use cases.
Greg_Coward
Jul 18, 2025 Place Technical Articles
412Views
3likes
1Comment
Introducing the F5 AI Assistant for BIG-IP
See how F5 AI Assistant for BIG-IP accelerates the creation of new iRules and simplifies their management, making traffic management and security more accessible and efficient than ever before.
Valentin_Tobi
Jul 15, 2025 Place Technical Articles
564Views
0likes
0Comments
NGINX App Protect Data Plane Add-on in Kubernetes
This article is for users that wish to leverage NGINX in Kubernetes and bypass complexities and potential outages caused by K8s objects.
Rawdata
Jul 10, 2025 Place Technical Articles
97Views
0likes
0Comments
BIG-IP Next for Kubernetes Nvidia DPU deployment walkthrough
Introduction Modern AI factories—hyperscale environments powering everything from generative AI to autonomous systems—are pushing the limits of traditional infrastructure. As these facilities process exabytes of data and demand near-real-time communication between thousands of GPUs, legacy CPUs struggle to balance application logic with infrastructure tasks like networking, encryption, and storage management. Data Processing Units (DPUs), purpose-built accelerators that offload these housekeeping tasks, freeing CPUs and GPUs to focus on what they do best. DPUs are specialized system-on-chip (SoC) devices designed to handle data-centric operations such as network virtualization, storage processing, and security enforcement. By decoupling infrastructure management from computational workloads, DPUs reduce latency, lower operational costs, and enable AI factories to scale horizontally. BIG-IP Next for Kubernetes and Nvidia DPU Looking at F5 ability to deliver and secure every app, we needed it to be deployed at multiple levels, a crucial one being edge and DPU. Installing F5 BIG-IP Next for Kubernetes on Nvidia DPU requires installing Nvidia’s DOCA framework to be installed. What’s DOCA? NVIDIA DOCA is a software development kit for NVIDIA BlueField DPUs. BlueField provides data center infrastructure-on-a-chip, optimized for high-performance enterprise and cloud computing. DOCA is the key to unlocking the potential of the NVIDIA BlueField data processing unit (DPU) to offload, accelerate, and isolate data center workloads. With DOCA, developers can program the data center infrastructure of tomorrow by creating software-defined, cloud-native, GPU-accelerated services with zero-trust protection. Now, let's explore BIG-IP Next for Kubernetes components, The BIG-IP Next for Kubernetes solution has two main parts: the Data Plane - Traffic Management Micro-kernel (TMM) and the Control Plane. The Control Plane watches over the Kubernetes cluster and updates the TMM’s configurations. The BIG-IP Next for Kubernetes Data Plane (TMM) manages the supply of network traffic both entering and leaving the Kubernetes cluster. It also proxies the traffic to applications running in the Kubernetes cluster. The Data Plane (TMM) runs on the BlueField-3 Data Processing Unit (DPU) node. It uses all the DPU resources to handle the traffic and frees up the Host (CPU) for applications. The Control Plane can work on the CPU or other nodes in the Kubernetes cluster. This makes sure that the DPU is still used for processing traffic. Use-case examples: There are some recently awesome use cases released by F5’s team based on conversation and work from the field. Let’s explore those items: Protecting MCP servers with F5 BIG-IP Next for Kubernetes deployed on NVIDIA BlueField-3 DPUs LLM routing with dynamic load balancing with F5 BIG-IP Next for Kubernetes deployed on NVIDIA BlueField-3 DPUs F5 optimizes GPUs for distributed AI inferencing with NVIDIA Dynamo and KV cache integration. Deployment walk-through In our demo, we go through the configurations from BIG-IP Next for Kubernetes Main BIG-IP Next for Kubernetes features L4 ingress flow HTTP/HTTPs ingress flow Egress flow BGP integration Logging and troubleshooting (Qkview, iHealth) You can find a quick walk-through via BIG-IP Next for Kubernetes - walk-through Related Content BIG-IP Next for Kubernetes - walk-through BIG-IP Next for Kubernetes BIG-IP Next for Kubernetes and Nvidia DPU-3 walkthrough BIG-IP Next for Kubernetes F5 BIG-IP Next for Kubernetes deployed on NVIDIA BlueField-3 DPUs
momahdy
Jul 09, 2025 Place Technical Articles
484Views
1like
1Comment
F5 BIG-IP deployment with Red Hat OpenShift - the no CIS option
This article is a set of recommendations when using BIG-IP as external load balancer of an OpenShift cluster with the default router (HA-proxy) and not using CIS
Ulises_Alonso
Jul 08, 2025 Place Technical Articles
2.4KViews
0likes
0Comments
How to get a F5 BIG-IP VE Developer Lab License
(applies to BIG-IP TMOS Edition) To assist operational teams teams improve their development for the BIG-IP platform, F5 offers a low cost developer lab license. This license can be purchased from your authorized F5 vendor. If you do not have an F5 vendor, and you are in either Canada or the US you can purchase a lab license online: CDW BIG-IP Virtual Edition Lab License CDW Canada BIG-IP Virtual Edition Lab License Once completed, the order is sent to F5 for fulfillment and your license will be delivered shortly after via e-mail. F5 is investigating ways to improve this process. To download the BIG-IP Virtual Edition, log into my.f5.com (separate login from DevCentral), navigate down to the Downloads card under the Support Resources section of the page. Select BIG-IP from the product group family and then the current version of BIG-IP. You will be presented with a list of options, at the bottom, select the Virtual-Edition option that has the following descriptions: For VMware Fusion or Workstation or ESX/i: Image fileset for VMware ESX/i Server For Microsoft HyperV: Image fileset for Microsoft Hyper-V KVM RHEL/CentoOS: Image file set for KVM Red Hat Enterprise Linux/CentOS Note: There are also 1 Slot versions of the above images where a 2nd boot partition is not needed for in-place upgrades. These images include _1SLOT- to the image name instead of ALL. The below guides will help get you started with F5 BIG-IP Virtual Edition to develop for VMWare Fusion, AWS, Azure, VMware, or Microsoft Hyper-V. These guides follow standard practices for installing in production environments and performance recommendations change based on lower use/non-critical needs for development or lab environments. Similar to driving a tank, use your best judgement. Deploying F5 BIG-IP Virtual Edition on VMware Fusion Deploying F5 BIG-IP in Microsoft Azure for Developers Deploying F5 BIG-IP in AWS for Developers Deploying F5 BIG-IP in Windows Server Hyper-V for Developers Deploying F5 BIG-IP in VMware vCloud Director and ESX for Developers Note: F5 Support maintains authoritative Azure, AWS, Hyper-V, and ESX/vCloud installation documentation. VMware Fusion is not an official F5-supported hypervisor so DevCentral publishes the Fusion guide with the help of our Field Systems Engineering teams.
Chase_Abbott
Jul 06, 2025 Place Technical Articles
89KViews
14likes
152Comments
Advertise OpenShift AI inference servers from F5 Distributed Cloud
Introduction This article describes how Inference servers in OpenShift AI (KServe), hosted in public, private cloud or edge, can be anycast-advertised securely to the Internet using F5 Distributed Cloud (XC) deployed inside OpenShift clusters. Red Hat, and by extension OpenShift AI, provides enterprise-ready, mission-critical Open Source software. In this article, the AI model is hosted in OpenShift AI’s KServe single-model framework. For the creation of this article, OpenShift in AWS (aka ROSA) was used. It could have used OpenShift in any public or private cloud, edge deployment or a mix of these. Once the model is available for serving in OpenShift, XC can be used to advertise it globally. This can be done by just installing an in-cluster XC Customer Edge (CE) SMSv1 in OpenShift. This CE component transparently connects to the closest Regional Edges (RE) of F5 XC´s Global AnyCast Network, exposing the VIP of the AI inference server in all F5 XC´s PoPs (IP anycast), reducing latency to the customer, providing redundancy and application security including Layer 7 DDoS. The overall setup can be seen in the next figure. The only F5 component that has to be installed is the CE. The REs are pre-existing in the F5 Global Anycast Network, and are used automatically as access points for the CEs. Connectivity between the CEs and REs happens through TLS or IPsec tunnels, which are automatically set up at CE deployment time without any user intervention. The next sections will cover the following topics: Traffic path overview Setup of an inference service of generative AI model using KServe and VLLM. Setup of F5 XC CE in OpenShift using SMSv1. Create a global anycast VIP in XC exposing the created inference server. Securing the inference service. Traffic path overview The traffic flow is shown in the figure above, starting with the request towards the inference service: A request is sent to the inference service (e.g.: inference.demos.bd.f5.com). DNS resolves this to a F5 XC Anycast VIP address. Through Internet routing, the request reaches the VIP at the closest F5 XC Point Of Presence (PoP). F5 XC validates that the request is for an expected hostname and applies any security policy to the traffic. F5 XC load balances towards the CEs where there are origin pools for the applications. In this article, a single OpenShift as cluster is used, but several on different sites could have been used, all using the same VIP. The traffic is ultimately sent to the CE´s designated RE. Traffic reaches the CE inside the OpenShift cluster through a pre-established tunnel (TLS or IPsec). The CE has previously discovered which are the local origin servers through DNS service discovery within the OpenShift cluster. For this AI model, KServe deploys a Service Type: ExternalName named vllm-cpu.vllm.svc.cluster.local. This is the recommended way to access a KServe AI model from workloads that are not part of the mesh, like the CE component. The exact service name for the deployed model is reported in the OpenShift UI as shown in the next figure: The corresponding ExternalName for vllm-cpu.vllm.svc.cluster.local (effectively a DNS CNAME) is Istio´s kserve-local-gateway.istio-system.svc.cluster.local Gateway exposed by another Service as the name indicates. This is shown next: % oc -n vllm get svc vllm-cpu NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE vllm-cpu ExternalName <none> kserve-local-gateway.istio-system.svc.cluster.local <none> 4d1h The Customer Edge sends the traffic towards kserve-local-gateway´s Service clusterIP. This Service load-balances between the available Istio instances (in the next output, there is only one). % oc -n istio-system get svc,ep kserve-local-gateway NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kserve-local-gateway ClusterIP 172.30.6.250 <none> 443/TCP 5d6h NAME ENDPOINTS AGE endpoints/kserve-local-gateway 10.131.0.12:8445 5d6h The CNI sends the traffic to the selected Istio instance. Istio ultimately sends the request to the AI model PODs. The steps 6 and 7 have been simplified because within these steps, there are activators, autoscalers, and queuing components, which are transparent to F5 XC. These components are set automatically by KServe´s Knative infrastructure and would add unnecessary complexity to the above picture. If you are more interested in these steps, details can be found at this link. Setup of an inference service of generative AI model using KServe and VLLM. In order to instantiate an AI model in KServe, it is needed to create three resources: A Secret resource containing the storage (Data Connection) to be used. A ServingRuntime resource, which defines the mode, its image, and its parameters. The next resource uses it. In the OpenShift AI UI, these are created using Templates. An InferenceService resource that binds the previous resources and actually instantiates the AI model. It specifies the min and max replicas, the amount of memory for the replicas and the storage (data connection) to be used. The AI model used as example in this article uses custom configuration for a VLLM-CPU model (useful for PoC purposes). You can find another example of a VLLM CPU AI model in https://github.com/rh-ai-kickstart/vllm-cpu. The configuration is as follows: Example Data Connection for this example, using S3: The example ServingRuntime using a VLLM model for CPUs: The InferenceService (shown as Models and model servers in the UI) used in this example: Setup of F5 XC CE SMSv1 in OpenShift Please note that presently the CE SMSv2 for in cluster Kubernetes deployments is not available yet. To deploy CE SMSv1 as PODs in the OpenShift cluster, follow these instructions in F5 XC docs site. Creating a global anycast VIP in XC exposing the created inference server It will create the following objects in the given order: Create an HTTP/2 health check for the AI model. Create an Origin Pool for the AI model, attach to it the created health check. Create a VIP specifying Internet advertisement and attach the created Origin pool. These steps are described next in detail. Log in cloud.f5.com and go to "Multi-Cloud App Connect". All the configurations take place in this section of the UI. In Manage >> Load Balancers >> Health Checks, create a new HTTP/2 health check indicating a path that can be used to test the AI model, in this example this is "/health". The whole configuration is shown next: In Manage >> Load Balancers >> Origin Pools, create a new pool where the servers are discovered using "DNS Name of Origin Server on given Sites" for the DNS name vllm-cpu.vllm.svc.cluster.local (from the traffic flow overview section) in the Outside network (the only one the CE PODs actually have). Attach the previously created health check and set it to do not require TLS validation of the server. This latter is necessary due to internal Istio components using self-signed certificates by default. The configuration is shown next: In Manage >> Load Balancers >> HTTP Load Balancers, create a new Load Balance, specify the FQDN of the VIP and attach the the previously created Origin Pool. In this example, it is used as an HTTP load balancer. XC automatically creates the DNS hosting and certificates. At the very bottom of the HTTP Load Balancer creation screen, you can advertise the VIP on the Internet. Securing the inference service Once the inference service is exposed to the internet, it is exposing many APIs that we might not want to expose. Additionally, the service has to be secured from abuse and breaches. To address these, F5 XC offers the following features for AI: Automated API Discovery & Posture Management: Identify all inference endpoints automatically, eliminating hidden APIs. Enforce schemas based on observed traffic to ensure requests and responses follow expected patterns. Integrate “shift-left” security checks into CI/CD pipelines, catching misconfigurations before production. LLM-Aware Threat Detection & Request Validation: Detect attempts to manipulate prompts or break compliance rules, ensuring suspicious requests are blocked before reaching the model. Bot Mitigation & Adaptive Rate Controls: Differentiate between legitimate users and bots or scrapers, blocking automated attacks. Dynamically adjust rate limits and policies based on usage history and real-time conditions, maintaining performance and reliability. Sensitive Data Redaction & Compliance: Identify and mask PII or sensitive tokens in requests and responses. Adhere to data protection regulations and maintain detailed logs for auditing, monitoring, and compliance reporting. All these security features in the same XC console, where both application delivery and security dashboards are available centralized. These provide analytics to monitor real-time metrics—latency, error rates, compliance indicators—to continuously refine policies and adapt to emerging threats. It is recommended to check this article's "F5 Distributed Cloud Capabilities in Action" section to see how to implement these. Conclusion and final remarks F5 XC can use Red Hat OpenShift AI in AWS, or any other public or private cloud. This can help F5 XC easily share an AI model with the Internet and provide security, preventing breaches and abuse of these models. I hope this article has been an eye-opener for the possibilities of how F5 XC can easily and securely advertise AI models. This article shows how to advertise the AI model on the Internet. XC lets you advertise it in any private place just as easily. I would love to hear if you have any specific requirements not covered in this article.
Ulises_Alonso
Jul 02, 2025 Place Technical Articles
112Views
0likes
0Comments
Privileged Access in Action: Technical Controls for Real-World Environments
Introduction This article provides a technical walk-through demo to implement Privileged User Access (PUA) with BIG-IP APM. In modern IT environments, privileged user access refers to elevated permissions granted to administrators, engineers, and service accounts that manage critical infrastructure, applications, and data. These accounts can bypass standard security controls, modify configurations, provision resources, and access sensitive systems. This makes them a high-value target for attackers. From domain admins in Active Directory to root accounts on Linux servers and cloud (Identity Access Management) IAM roles, the scope of privileged access spans on-prem, hybrid, and cloud-native stacks. As environments scale and become more dynamic, especially with DevOps and automation, controlling and auditing privileged access is no longer optional. It’s a foundational requirement for operational integrity, threat detection, and zero trust security. Listing some of the common use cases for PUA, Use Case Description Risk if Unsecured PUA Control Measures 1. Hybrid Infrastructure Management Admins manage Linux/Windows servers across on-prem and cloud (AWS, Azure, GCP) using root or admin access. Lateral movement, persistence, full system compromise. Just-in-time access, session recording, MFA, IP restrictions. 2. Database Administration DBAs access production databases for tuning, backups, or incident response. Data exfiltration, insider threats, compliance violations (e.g., GDPR, PCI-DSS). Role-based access, query auditing, access approval workflows, credential vaulting. 3. CI/CD Pipeline Secrets Access DevOps pipelines use privileged credentials to deploy apps, access build environments, and manage cloud resources. Secrets leakage, automated misuse, supply chain attacks. Secrets management tools (e.g., HashiCorp Vault), scoped tokens, access expiration, auditing. 4. Cloud IAM Role Escalation Cloud engineers assume elevated IAM roles (e.g., AWS Admin, Azure Owner) to provision infrastructure and configure services. Privilege escalation, unauthorized changes, excessive entitlements. Attribute-based access control (ABAC), IAM role scoping, just-in-time elevation, CloudTrail monitoring. 5. Third-Party Vendor Access External support teams or vendors are given privileged access to troubleshoot or maintain systems temporarily. External compromise, unmanaged persistence, lack of accountability. Time-limited access, gateway proxies (e.g., bastion hosts), approval-based workflows, full session logging. BIG-IP APM & PUA BIG-IP APM provides Privileged User Access so that you can add CAC authentication (Common Access Card), Personal Identity Verification (PIV), or other strong authentication method to network infrastructure for enhanced security. This solution integrates directly into DoD PKI systems and works cooperatively with existing RADIUS, TACACS, Active Directory, and a variety of third-party authentication databases. Deployment of Privileged User Access requires a license and involves the configuration of these components: Ephemeral Authentication ServerWebSSH ProxyAuthentication Server (for RADIUS and/or LDAP or LDAPS) What is Ephemeral Authentication? The Privileged User Access license lets you create an Ephemeral Authentication server that generates and manages temporary or ephemeral passwords. BIG-IP APM acts as the Ephemeral Authentication server. It ensures a secure end-to-end encrypted connection while eliminating the possibility of credential reuse. The Ephemeral Authentication server includes the access profile/policy that authenticates the end user and contains the webtop resources for ephemeral authentication (so the server also acts as a webtop proxy). Going through the traffic flow steps below, User logs into the APM virtual server using a Smartcard or other credential. (The APM virtual server is the one that acts as the Ephemeral Authentication server on which the APM access profile/policy is configured.) The APM access policy checks provided credentials and retrieves AD/LDAP group membership information and returns a webtop showing backend resources. When the user clicks on a resource, APM generates an ephemeral password, and saves the username and password. Using SSO, APM signs the user on to the WebSSH virtual server with their ephemeral authentication credentials. At this point, portal access can be used instead. WebSSH makes an SSH connection (or HTTPS) to the router/server still using the ephemeral authentication credentials. The router sends an authentication request to the RADIUS or LDAP virtual server. The RADIUS or LDAP virtual server verifies the ephemeral password. The RADIUS or LDAP virtual server returns a Successful or Failure response. The SSH (or HTTPS) session is established or denied. For technical implementation, please review our demo here and go through our technical documentation Securing Privileged User Access Concepts Related Content Privileged User Access BIG-IP Access Policy Manager: Privileged User Access BIG-IP APM and PUA licenses
momahdy
Jul 01, 2025 Place Technical Articles
90Views
0likes
0Comments

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Beta_MetaNav\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Beta_Footer\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com/tag/devops\"}}})":{"__typename":"ComponentRenderResult","html":"

Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Beta_Footer\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Tag_Manager_Helper\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com/tag/devops\"}}})":{"__typename":"ComponentRenderResult","html":" "}},"componentScriptGroups({\"componentId\":\"custom.widget.Tag_Manager_Helper\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Consent_Blackbar\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com/tag/devops\"}}})":{"__typename":"ComponentRenderResult","html":"

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Consent_Blackbar\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"cachedText({\"lastModified\":\"1753121700638\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1753121700638"}],"cachedText({\"lastModified\":\"1753121700638\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageListTabs\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageListTabs-1753121700638"}],"cachedText({\"lastModified\":\"1753121700638\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageView/MessageViewInline\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1753121700638"}],"cachedText({\"lastModified\":\"1753121700638\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/Pager/PagerLoadMore\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1753121700638"}],"cachedText({\"lastModified\":\"1753121700638\",\"locale\":\"en-US\",\"namespaces\":[\"components/customComponent/CustomComponent\"]})":[{"__ref":"CachedAsset:text:en_US-components/customComponent/CustomComponent-1753121700638"}],"cachedText({\"lastModified\":\"1753121700638\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/OverflowNav\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1753121700638"}],"cachedText({\"lastModified\":\"1753121700638\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1753121700638"}],"cachedText({\"lastModified\":\"1753121700638\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1753121700638"}],"cachedText({\"lastModified\":\"1753121700638\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1753121700638"}],"cachedText({\"lastModified\":\"1753121700638\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1753121700638"}],"cachedText({\"lastModified\":\"1753121700638\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1753121700638"}],"cachedText({\"lastModified\":\"1753121700638\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageUnreadCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1753121700638"}],"cachedText({\"lastModified\":\"1753121700638\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageViewCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageViewCount-1753121700638"}],"cachedText({\"lastModified\":\"1753121700638\",\"locale\":\"en-US\",\"namespaces\":[\"components/kudos/KudosCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/kudos/KudosCount-1753121700638"}],"cachedText({\"lastModified\":\"1753121700638\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageRepliesCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1753121700638"}],"cachedText({\"lastModified\":\"1753121700638\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1753121700638"}]},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"User:user:-1":{"__typename":"User","id":"user:-1","entityType":"USER","eventPath":"community:zihoc95639/user:-1","uid":-1,"login":"Former Member","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"dd-MMM-yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":null,"possibleValues":["en-US","en-GB","fr-FR","de-DE","ja-JP","pt-PT","pt-BR","es-ES"]},"repliesSortOrder":{"__typename":"InheritableStringSettingWithPossibleValues","key":"config.user_replies_sort_order","value":"DEFAULT","localValue":"DEFAULT","possibleValues":["DEFAULT","LIKES","PUBLISH_TIME","REVERSE_PUBLISH_TIME"]}},"deleted":false},"CachedAsset:pages-1753121694584":{"__typename":"CachedAsset","id":"pages-1753121694584","value":[{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"WorkstreamsPage","type":"COMMUNITY","urlPath":"/workstreams","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1739501733000,"localOverride":null,"page":{"id":"Test","type":"CUSTOM","urlPath":"/custom-test-2","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"MaintenancePage","type":"COMMUNITY","urlPath":"/maintenance","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"HealthCheckPage","type":"COMMUNITY","urlPath":"/health","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1753121694584,"localOverride":null,"page":{"id":"HowDoI","type":"COMMUNITY","urlPath":"/c/how-do-i","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}","userBanned":"We're sorry, but you have been banned from using this site.","userBannedReason":"You have been banned for the following reason: {reason}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:theme:customTheme1-1753121679192":{"__typename":"CachedAsset","id":"theme:customTheme1-1753121679192","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["custom"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"android-chrome-512x512-1748534255255.png","imageLastModified":"1748534256856","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"F5-devCentral-HR-color-reverse-1750868999153.png","imageLastModified":"1750869001512","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"fluid","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_PAGE_CONTENT","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"5px","borderRadius":"5px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"14px","paddingXHero":"42px","fontStyle":"NORMAL","fontWeight":"500","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"#0072B0","primaryBgHoverColor":"hsl(201.10000000000002, 100%, 29.3%)","primaryBgActiveColor":"hsl(201.10000000000002, 100%, 24.2%)","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px #0072B0, 0 0 0 4px rgba(0, 114, 176, 0.2)","secondaryTextColor":"var(--lia-bs-white)","secondaryTextHoverColor":"var(--lia-bs-white)","secondaryTextActiveColor":"var(--lia-bs-white)","secondaryBgColor":"#0072B0","secondaryBgHoverColor":"hsl(201.10000000000002, 100%, 29.3%)","secondaryBgActiveColor":"hsl(201.10000000000002, 100%, 24.2%)","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px #0072B0, 0 0 0 4px rgba(0, 114, 176, 0.2)","tertiaryTextColor":"#0072B0","tertiaryTextHoverColor":"hsl(201.10000000000002, 100%, 32.8%)","tertiaryTextActiveColor":"hsl(201.10000000000002, 100%, 31.1%)","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"rgba(0, 114, 176, 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid rgba(0, 114, 176, 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px #0072B0, 0 0 0 4px rgba(0, 114, 176, 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.9))","destructiveBgColor":"var(--lia-bs-gray-300)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.92))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px #0072B0, 0 0 0 4px rgba(0, 114, 176, 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"DARK","sideContent":"DARK","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.16)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.12)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.3)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.3)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-primary)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"500","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","defaultMessageFontFamily":"var(--lia-bs-font-family-base)","forumColor":"#0C5C8D","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#62C026","blogColor":"#730015","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#C20025","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#F3704B","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#EE4B5B","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#491B62","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#949494","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#0072B0","secondary":"#333333","bodyText":"#222222","bodyBg":"#F5F5F5","info":"#1D9CD3","success":"#62C026","warning":"#FFD651","danger":"#C20025","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#C20025","#081B85","#009639","#B3C6D7","#7CC0EB","#F29A36","#B2D7EB","#66AFD7","#007ABC","#343434","#0E6EB9","#0072B0"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Neusa Next Pro Wide Bold","fontStyle":"NORMAL","fontWeight":"700","h1FontSize":"30px","h2FontSize":"25px","h3FontSize":"20px","h4FontSize":"18px","h5FontSize":"16px","h6FontSize":"16px","lineHeight":"1.1","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":"var(--lia-bs-headings-font-weight)","h2FontWeight":"var(--lia-bs-headings-font-weight)","h3FontWeight":"var(--lia-bs-headings-font-weight)","h4FontWeight":"var(--lia-bs-headings-font-weight)","h5FontWeight":"var(--lia-bs-headings-font-weight)","h6FontWeight":"var(--lia-bs-headings-font-weight)","__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":null,"imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"14px","defaultMessageHeaderMarginBottom":"10px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"10px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"14px","specialMessageHeaderMarginBottom":"10px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"10px","tableBgColor":"transparent","tableBorderColor":"var(--lia-bs-gray-700)","tableBorderStyle":"solid","tableCellPaddingX":"5px","tableCellPaddingY":"5px","tableTextColor":"var(--lia-bs-body-color)","tableVerticalAlign":"middle","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Proxima Nova A Medium","fontStyleBase":"NORMAL","fontWeightBase":"500","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.2","fontSizeBase":"15px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"13px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[{"source":"SERVER","name":"Proxima Nova A Medium","styles":[{"style":"NORMAL","weight":"500","__typename":"FontStyleData"}],"assetNames":["ProximaNovaAMedium-normal-500.woff2"],"__typename":"CustomFont"},{"source":"SERVER","name":"Neusa Next Pro Wide Bold","styles":[{"style":"NORMAL","weight":"700","__typename":"FontStyleData"}],"assetNames":["NeusaNextProWideBold-normal-700.woff2"],"__typename":"CustomFont"}],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1753121700638","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1753121700638","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-pages/tags/TagPage-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-pages/tags/TagPage-1753121700638","value":{"tagPageTitle":"Tag:\"{tagName}\" | {communityTitle}","tagPageForNodeTitle":"Tag:\"{tagName}\" in \"{title}\" | {communityTitle}","name":"Tags Page","tag":"Tag: {tagName}"},"localOverride":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC1SbWNGdVQ?image-coordinates=0%2C0%2C500%2C500\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC1SbWNGdVQ?image-coordinates=0%2C0%2C500%2C500","mimeType":"image/png"},"Category:category:Articles":{"__typename":"Category","id":"category:Articles","entityType":"CATEGORY","displayId":"Articles","nodeType":"category","depth":1,"title":"Articles","shortTitle":"Articles","parent":{"__ref":"Category:category:top"},"categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:top":{"__typename":"Category","id":"category:top","displayId":"top","nodeType":"category","depth":0,"title":"Top"},"Tkb:board:TechnicalArticles":{"__typename":"Tkb","id":"board:TechnicalArticles","entityType":"TKB","displayId":"TechnicalArticles","nodeType":"board","depth":2,"conversationStyle":"TKB","title":"Technical Articles","description":"F5 SMEs share good practice.","avatar":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC1SbWNGdVQ?image-coordinates=0%2C0%2C500%2C500\"}"},"profileSettings":{"__typename":"ProfileSettings","language":null},"parent":{"__ref":"Category:category:Articles"},"ancestors":{"__typename":"CoreNodeConnection","edges":[{"__typename":"CoreNodeEdge","node":{"__ref":"Community:community:zihoc95639"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:Articles"}}]},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"boardPolicies":{"__typename":"BoardPolicies","canPublishArticleOnCreate":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","key":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","args":[]}},"canReadNode":{"__typename":"PolicyResult","failureReason":null}},"theme":{"__ref":"Theme:customTheme1"},"tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"shortTitle":"Technical Articles","tagPolicies":{"__typename":"TagPolicies","canSubscribeTagOnNode":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.labels.action.corenode.subscribe_labels.allow.accessDenied","key":"error.lithium.policies.labels.action.corenode.subscribe_labels.allow.accessDenied","args":[]}},"canManageTagDashboard":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.labels.action.corenode.admin_labels.allow.accessDenied","key":"error.lithium.policies.labels.action.corenode.admin_labels.allow.accessDenied","args":[]}}}},"CachedAsset:quilt:f5.prod:pages/tags/TagPage:board:TechnicalArticles-1753121695879":{"__typename":"CachedAsset","id":"quilt:f5.prod:pages/tags/TagPage:board:TechnicalArticles-1753121695879","value":{"id":"TagPage","container":{"id":"Common","headerProps":{"removeComponents":["community.widget.bannerWidget"],"__typename":"QuiltContainerSectionProps"},"items":[{"id":"tag-header-widget","layout":"ONE_COLUMN","bgColor":"var(--lia-bs-white)","showBorder":"BOTTOM","sectionEditLevel":"LOCKED","columnMap":{"main":[{"id":"tags.widget.TagsHeaderWidget","__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"},{"id":"messages-list-for-tag-widget","layout":"ONE_COLUMN","columnMap":{"main":[{"id":"messages.widget.messageListForNodeByRecentActivityWidget","props":{"viewVariant":{"type":"inline","props":{"useUnreadCount":true,"useViewCount":true,"useAuthorLogin":true,"clampBodyLines":3,"useAvatar":true,"useBoardIcon":false,"useKudosCount":true,"usePreviewMedia":true,"useTags":false,"useNode":true,"useNodeLink":true,"useTextBody":true,"truncateBodyLength":-1,"useBody":true,"useRepliesCount":true,"useSolvedBadge":true,"timeStampType":"conversation.lastPostingActivityTime","useMessageTimeLink":true,"clampSubjectLines":2}},"panelType":"divider","useTitle":false,"hideIfEmpty":false,"pagerVariant":{"type":"loadMore"},"style":"list","showTabs":true,"tabItemMap":{"default":{"mostRecent":true,"mostRecentUserContent":false,"newest":false},"additional":{"mostKudoed":true,"mostViewed":true,"mostReplies":false,"noReplies":false,"noSolutions":false,"solutions":false}}},"__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"}],"__typename":"QuiltContainer"},"__typename":"Quilt"},"localOverride":false},"CachedAsset:quiltWrapper:f5.prod:Common:1753121676250":{"__typename":"CachedAsset","id":"quiltWrapper:f5.prod:Common:1753121676250","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"#343434","items":[{"id":"custom.widget.GainsightShared","props":{"widgetVisibility":"signedInOnly","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Beta_MetaNav","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"community.widget.navbarWidget","props":{"showUserName":false,"showRegisterLink":true,"useIconLanguagePicker":true,"useLabelLanguagePicker":true,"style":{"boxShadow":"var(--lia-bs-box-shadow-sm)","linkFontWeight":"700","controllerHighlightColor":"#F29A36","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkFontSize":"15px","linkBoxShadowHover":"none","backgroundOpacity":1,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","linkTextBorderBottom":"none","hamburgerColor":"var(--lia-nav-controller-icon-color)","brandLogoHeight":"48px","linkLetterSpacing":"normal","linkBgHoverColor":"transparent","collapseMenuDividerOpacity":0.16,"paddingBottom":"10px","dropdownPaddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"unset","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","linkJustifyContent":"center","linkColor":"var(--lia-bs-white)","collapseMenuDividerBg":"var(--lia-nav-link-color)","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","controllerTextColor":"var(--lia-nav-controller-icon-color)","background":{"imageAssetName":"","color":"var(--lia-bs-body-color)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-white)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid var(--lia-bs-white)","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","linkPaddingX":"10px","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","paddingTop":"10px","linkPaddingY":"5px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.1)","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkBgColor":"transparent","linkDropdownPaddingY":"9px","controllerIconColor":"var(--lia-bs-white)","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"var(--lia-bs-white)"},"links":{"sideLinks":[],"logoLinks":[],"mainLinks":[{"children":[{"linkType":"INTERNAL","id":"migrated-link-1","params":{"boardId":"TechnicalForum","categoryId":"Forums"},"routeName":"ForumBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-2","params":{"boardId":"WaterCooler","categoryId":"Forums"},"routeName":"ForumBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-0","params":{"categoryId":"Forums"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-4","params":{"boardId":"codeshare","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-5","params":{"boardId":"communityarticles","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-3","params":{"categoryId":"CrowdSRC"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-7","params":{"boardId":"TechnicalArticles","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"article-series","params":{"boardId":"article-series","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"security-insights","params":{"boardId":"security-insights","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-8","params":{"boardId":"DevCentralNews","categoryId":"Articles"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-6","params":{"categoryId":"Articles"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-10","params":{"categoryId":"CommunityGroups"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"migrated-link-11","params":{"categoryId":"F5-Groups"},"routeName":"CategoryPage"}],"linkType":"INTERNAL","id":"migrated-link-9","params":{"categoryId":"GroupsCategory"},"routeName":"CategoryPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-12","params":{"boardId":"Events","categoryId":"top"},"routeName":"EventBoardPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-13","params":{"boardId":"Suggestions","categoryId":"top"},"routeName":"IdeaBoardPage"},{"children":[],"linkType":"EXTERNAL","id":"Common-external-link","url":"https://community.f5.com/c/how-do-i","target":"SELF"}]},"className":"QuiltComponent_lia-component-edit-mode__lQ9Z6","showSearchIcon":false,"languagePickerStyle":"iconAndLabel"},"__typename":"QuiltComponent"},{"id":"community.widget.bannerWidget","props":{"backgroundColor":"#343434","visualEffects":{"showBottomBorder":false},"backgroundImageProps":{"backgroundSize":"COVER","backgroundPosition":"CENTER_CENTER","backgroundRepeat":"NO_REPEAT"},"fontColor":"var(--lia-bs-white)"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"#343434","linkHighlightColor":"#FFFFFF","visualEffects":{"showBottomBorder":true},"backgroundOpacity":100,"linkTextColor":"#FFFFFF"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"var(--lia-bs-body-color)","items":[{"id":"custom.widget.Beta_Footer","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Tag_Manager_Helper","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Consent_Blackbar","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1753121700638","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:component:custom.widget.GainsightShared-en-us-1753121706813":{"__typename":"CachedAsset","id":"component:custom.widget.GainsightShared-en-us-1753121706813","value":{"component":{"id":"custom.widget.GainsightShared","template":{"id":"GainsightShared","markupLanguage":"HTML","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"Shared functions for Gainsight integration","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.GainsightShared","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"TEXTHTML","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"Shared functions for Gainsight integration","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Beta_MetaNav-en-us-1753121706813":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_MetaNav-en-us-1753121706813","value":{"component":{"id":"custom.widget.Beta_MetaNav","template":{"id":"Beta_MetaNav","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_MetaNav","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Beta_Footer-en-us-1753121706813":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_Footer-en-us-1753121706813","value":{"component":{"id":"custom.widget.Beta_Footer","template":{"id":"Beta_Footer","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_Footer","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Tag_Manager_Helper-en-us-1753121706813":{"__typename":"CachedAsset","id":"component:custom.widget.Tag_Manager_Helper-en-us-1753121706813","value":{"component":{"id":"custom.widget.Tag_Manager_Helper","template":{"id":"Tag_Manager_Helper","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Tag_Manager_Helper","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Consent_Blackbar-en-us-1753121706813":{"__typename":"CachedAsset","id":"component:custom.widget.Consent_Blackbar-en-us-1753121706813","value":{"component":{"id":"custom.widget.Consent_Blackbar","template":{"id":"Consent_Blackbar","markupLanguage":"HTML","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Consent_Blackbar","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"TEXTHTML","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1753121700638","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagsHeaderWidget-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagsHeaderWidget-1753121700638","value":{"tag":"{tagName}","topicsCount":"{count} {count, plural, one {Topic} other {Topics}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1753121700638","value":{"title@userScope:other":"Recent Content","title@userScope:self":"Contributions","title@board:FORUM@userScope:other":"Recent Discussions","title@board:BLOG@userScope:other":"Recent Blogs","emptyDescription":"No content to show","MessageListForNodeByRecentActivityWidgetEditor.nodeScope.label":"Scope","title@instance:1706288370055":"Content Feed","title@instance:1743095186784":"Most Recent Updates","title@instance:1704317906837":"Content Feed","title@instance:1743095018194":"Most Recent Updates","title@instance:1702668293472":"Community Feed","title@instance:1743095117047":"Most Recent Updates","title@instance:1704319314827":"Blog Feed","title@instance:1743095235555":"Most Recent Updates","title@instance:1704320290851":"My Contributions","title@instance:1703720491809":"Forum Feed","title@instance:1743095311723":"Most Recent Updates","title@instance:1703028709746":"Group Content Feed","title@instance:VTsglH":"Content Feed"},"localOverride":false},"Category:category:Forums":{"__typename":"Category","id":"category:Forums","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:TechnicalForum":{"__typename":"Forum","id":"board:TechnicalForum","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:WaterCooler":{"__typename":"Forum","id":"board:WaterCooler","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:DevCentralNews":{"__typename":"Tkb","id":"board:DevCentralNews","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:GroupsCategory":{"__typename":"Category","id":"category:GroupsCategory","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:F5-Groups":{"__typename":"Category","id":"category:F5-Groups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CommunityGroups":{"__typename":"Category","id":"category:CommunityGroups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Occasion:board:Events":{"__typename":"Occasion","id":"board:Events","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"occasionPolicies":{"__typename":"OccasionPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Idea:board:Suggestions":{"__typename":"Idea","id":"board:Suggestions","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"ideaPolicies":{"__typename":"IdeaPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CrowdSRC":{"__typename":"Category","id":"category:CrowdSRC","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:codeshare":{"__typename":"Tkb","id":"board:codeshare","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:communityarticles":{"__typename":"Tkb","id":"board:communityarticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:security-insights":{"__typename":"Tkb","id":"board:security-insights","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:article-series":{"__typename":"Tkb","id":"board:article-series","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Conversation:conversation:342561":{"__typename":"Conversation","id":"conversation:342561","topic":{"__typename":"TkbTopicMessage","uid":342561},"lastPostingActivityTime":"2025-07-22T08:00:00.047-07:00","solved":false},"User:user:419867":{"__typename":"User","uid":419867,"login":"Akash_Ananthanarayan","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS00MTk4NjctQ1IwTHhL?image-coordinates=0%2C420%2C1080%2C1500"},"id":"user:419867"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDI1NjEtYUIwcUdm?revision=5\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDI1NjEtYUIwcUdm?revision=5","title":"NGINXaaS.png","associationType":"BODY","width":2680,"height":1129,"altText":""},"TkbTopicMessage:message:342561":{"__typename":"TkbTopicMessage","subject":"F5 NGINX Automation Examples [Part 2: Deploying NGINXaaS with App Protect and Grafana Integration]","conversation":{"__ref":"Conversation:conversation:342561"},"id":"message:342561","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/message:342561","revisionNum":5,"uid":342561,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:419867"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":20},"postTime":"2025-07-22T08:00:00.047-07:00","lastPublishTime":"2025-07-22T08:00:00.047-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Introduction \n Welcome back to the F5 NGINX Automation Examples series. We will explore innovative ways to leverage the power of NGINX and F5 technologies for modern application deployment. If you’re new to this series, be sure to start with our first article. This series utilizes the F5 NGINX Automation GitHub repository along with a robust CI/CD platform to facilitate the deployment of F5 NGINX as a Service for Azure (F5 NGINXaaS for Azure). This includes integrations with F5 NGINX App Protect for enhanced security, as well as Azure Grafana for comprehensive monitoring and visualization of system metrics. The approach is deeply rooted in DevSecOps principles. It ensures that security, automation, and collaboration are woven into every stage of your development and deployment processes. \n F5 NGINXaaS for Azure is a versatile and powerful Application Delivery as a Service (ADCaaS) platform that seamlessly integrates with the Microsoft Azure cloud environment. This service harnesses the scalability, flexibility, and reliability of cloud-native infrastructure. Combined with the adaptability of NGINX technology, it empowers organizations to deploy, secure, and scale their modern applications and microservices efficiently. Whether you're managing small projects or large-scale enterprise applications, NGINXaaS provides the tools and infrastructure you need to meet your evolving IT and business needs. \n In this detailed example, we present a comprehensive, step-by-step guide for setting up a Terraform deployment of NGINXaaS on Azure with NGINX App Protect. This deployment will enable advanced load-balancing capabilities for demonstration applications such as tea and coffee, which run across two virtual machines. The NGINX App Protect policy will secure upstream applications, ensuring robust security and traffic management. \n Furthermore, this guide will walk you through deploying Azure Grafana. This powerful visualization tool lets you effectively monitor and analyze system metrics, including those from F5 NGINX Plus and virtual machines. By doing this, you can get useful information about how your system works, find problems, and make your deployment work best for you and your customers. \n \n \n Architecture Diagram \n \n \n \n \n NGINXaaS + App Protect with Azure Grafana Workflow guide \n Deploying F5 NGINXaaS on Azure with App Protect and Azure Grafana Integration \n The workflow guide provides step-by-step instructions on how to deploy using Terraform, along with other relevant instructions. \n Note: This workflow guide covers the deployment of Precompiled App Protect Policies in NGINXaaS using Terraform. Custom security policies for NGINXaaS for Azure can be created and managed via API or Azure Portal, but not currently through Terraform. \n Prerequisites: \n \n Azure Account - Due to the assets being created, the free tier will no longer be applicable. \n GitHub Account \n \n Tools: \n \n Cloud Provider:  Azure \n IAC: Terraform \n CI/CD: GitHub Actions \n \n \n \n Conclusion \n This article outlines how to automate the deployment of F5 NGINXaaS on Azure, including NGINX App Protect and Azure Grafana integration, using Terraform. By following the step-by-step process, you can efficiently create a robust and scalable environment to manage your applications. The integration of NGINX App Protect enhances the security of your deployments. Azure Grafana provides essential insights through visualization, helping you monitor performance and make informed decisions. \n \n Resources \n \n Elevate Your Cloud Journey with F5 NGINXaaS for Azure \n How to Elevate Application Performance and Availability in Azure with F5 NGINXaaS \n Enhancing Application Delivery with F5 NGINXaaS for Azure: ADC-as-a-Service Redefined \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"3931","kudosSumWeight":0,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDI1NjEtYUIwcUdm?revision=5\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:333352":{"__typename":"Conversation","id":"conversation:333352","topic":{"__typename":"TkbTopicMessage","uid":333352},"lastPostingActivityTime":"2025-07-22T04:09:23.769-07:00","solved":false},"User:user:303102":{"__typename":"User","uid":303102,"login":"Ulises_Alonso","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0zMDMxMDItNnNGUVZV?image-coordinates=90%2C0%2C517%2C427"},"id":"user:303102"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItSlpZcFhn?revision=6\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItSlpZcFhn?revision=6","title":"keeping client source ip.png","associationType":"BODY","width":2814,"height":2119,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItQXpyRXly?revision=6\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItQXpyRXly?revision=6","title":"Screenshot 2024-08-21 at 10.50.19.png","associationType":"BODY","width":3840,"height":2160,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTIteFlFRGIz?revision=6\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTIteFlFRGIz?revision=6","title":"Screenshot 2024-08-21 at 10.59.54.png","associationType":"BODY","width":1396,"height":1672,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTIteUFOOWNP?revision=6\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTIteUFOOWNP?revision=6","title":"Screenshot 2024-08-21 at 11.24.47.png","associationType":"BODY","width":3840,"height":2160,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItVGoyRExx?revision=6\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItVGoyRExx?revision=6","title":"Screenshot 2024-08-21 at 11.43.30.png","associationType":"BODY","width":3840,"height":2160,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItd3RzbTdF?revision=6\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItd3RzbTdF?revision=6","title":"Screenshot 2024-08-21 at 11.48.24.png","associationType":"BODY","width":1346,"height":1652,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItUkMxNGFh?revision=6\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItUkMxNGFh?revision=6","title":"Screenshot 2024-08-21 at 12.10.29.png","associationType":"BODY","width":1720,"height":472,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItcHpWbWVT?revision=6\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItcHpWbWVT?revision=6","title":"Screenshot 2024-08-21 at 12.07.07.png","associationType":"BODY","width":1014,"height":1296,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItbFJKWjBa?revision=6\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItbFJKWjBa?revision=6","title":"Screenshot 2024-08-21 at 11.52.33.png","associationType":"BODY","width":1372,"height":594,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItV1ZEb3g5?revision=6\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItV1ZEb3g5?revision=6","title":"Screenshot 2024-08-21 at 12.13.46.png","associationType":"BODY","width":3840,"height":2160,"altText":""},"TkbTopicMessage:message:333352":{"__typename":"TkbTopicMessage","subject":"F5 BIG-IP deployment with Red Hat OpenShift - keeping client IP addresses and egress flows","conversation":{"__ref":"Conversation:conversation:333352"},"id":"message:333352","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/message:333352","revisionNum":6,"uid":333352,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:303102"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Controlling the egress traffic in OpenShift allows to use the BIG-IP for several use cases: \n \n Keeping the source IP of the ingress clients \n Providing highly scalable SNAT for egress flows \n Providing security functionalities for egress flows \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":583},"postTime":"2024-09-02T05:00:00.038-07:00","lastPublishTime":"2025-01-28T10:32:23.794-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Introduction \n In this article it will be covered how to control the egress traffic in the Red Hat OpenShift cluster making use of the AdminPolicyBasedExternalRoute resource type introduced with OpenShift 4.14. This functionality can be used for several use cases: \n \n Keeping the source IP of the ingress clients by setting the BIG-IP as default gateway for the namespaces which the BIG-IP provides load balancing. \n Providing highly scalable SNAT for egress flows to outside the cluster. This includes per namespace SNATs. \n Providing security functionalities for egress flows to outside the cluster, such as firewall, IDS/IPS, malware protection, reporting and analytics, data loss prevention, URL filtering and integration with third party security solutions by doing SSL/TLS inspection. \n \n Keeping the source IP of ingress clients \n By default OpenShift sends the traffic to the default gateway of the network where the OpenShift cluster is placed. In the case of ingress traffic to the applications, in order to make the traffic symmetric, making the return traffic go through the load balancer, it has been required to use SNAT in the load balancer. With the introduction AdminPolicyBasedExternalRoute this is no longer required, allowing the use the source IP to the workload PODs (in the case of 1-tier deployment) or to the in-cluster ingress controller (in the case of 2-tier deployments). The overall traffic flows in the platform would be as shown next: \n \n Using the feature is straight forward, we only have to specify the namespaces for which we want the BIG-IP to be the gateway and the floating IP of the BIG-IPs facing the OpenShift cluster. An example is shown next: \n apiVersion: k8s.ovn.org/v1 kind: AdminPolicyBasedExternalRoute metadata: name: meg-policy-common spec: from: namespaceSelector: matchLabels: meg: common nextHops: static: - ip: \"10.1.10.100\" \n The labels can be freely chosen, in this case it is chosen \"meg\" as label (meg standing multi-egress gateway) and the value \"common.\" In the next sections we will see further possibilities. \n Providing highly scalable SNAT for egress flows \n One egress SNAT for all namespaces handled by the BIG-IP \n Another use case of this functionality is to delegate the SNAT function into BIG-IP, this allows for highly scalability SNAT for egress flows, this is traffic initiated from the cluster to the outside which is not load balanced. The scalability benefits are two fold: \n \n BIG-IP has a carrier-grade NAT which allows high number of concurrent flows and great configuration flexibility. \n By doing the SNAT function in BIG-IP, it is possible to SNAT the traffic of all nodes to a single IP instead of assigning one SNAT address per node. This allows managing the traffic through firewalls easier because filters don´t need to be changed when nodes are added or removed. \n \n Besides of the above, recall that this configuration in the BIG-IP can be done, if needed, in a per namespace basis, as shown next. \n \n This setup requires a virtual server which typically is not modified and doesn´t need to be created with CIS (it could be created with CIS with an AS3 ConfigMap if desired). The configuration is fairly simple: \n \n From this configuration it is worth highlighting: \n \n Specifying the VS type as Forwarding (IP) \n Restricting the source IPs with the range of the PODs \n Specifying the desired SNAT pool \n \n Multiple egress SNATs for namespaces handled by the BIG-IP \n It might be desired to have different sets of SNATs depending on the namespaces, this can be used by external firewalls to differentiate between applications. This can be accomplished by means of having multiple virtual servers as shown next: \n \n \n In OpenShift, there will be a separate AdminPolicyBasedExternalRoute manifest for each set of namespaces where we want to apply separate SNAT pools. In the figure above, these manifests are the \"meg-policy-common\" shown above and a new \"meg-policy-deciated\" shown next: \n apiVersion: k8s.ovn.org/v1 kind: AdminPolicyBasedExternalRoute metadata: name: meg-policy-dedicated spec: from: namespaceSelector: matchLabels: meg: dedicated nextHops: static: - ip: \"10.1.10.200\" Each AdminPolicyBasedExternalRoute points to a different floating-IP in the BIG-IP. But the BIG-IP cannot differentiate in the forwarding VS in which floating-IP the traffic was received because all the IPs in a given VLAN use the same MAC address. Because of the latter, each virtual server needs to be listening in a different VLAN so the BIG-IP can differentiate from which namespace the traffic came from. As you might have noted, typically the OpenShift nodes only sit in a single VLAN. To solve this, dummy VLANs in the BIG-IP will be created connecting to the same OpenShift network but with different interfaces. Furthermore, in order to have the same subnet in these VLANs it will be needed to assign each VLAN to a different route domain. \n Overall, the setup will be as follows: \n \n In practice the configuration is very similar to the case where there is a single egress virtual server: \n \n Note that from the previous configuration we only had to add the route domain ID (in this case %10) to the IP addresses. The routing domains created (10 and 20) are shown next: \n \n The full configuration of one of these route domains is shown next as example. The only required parameter is to have as parent the route domain 0 because it will be used to reach the external VLAN. \n \n The self-IPs of the BIG-IP facing the OpenShift clusters have to be in the corresponding route domains: \n \n Note that it is required to have separate non-floating IP addresses as well. \n Providing security functionalities for egress flows \n Once the BIG-IP is the gateway of the applications, it can be used to add many functionalities. This is outlined in the next figure: \n \n \n These functionalities are delivered with the SSL Ochestrator and Secure Web Gateway Services add-on modules. \n Furthermore, these modules allow the inclusion of additional third-party security integrations, like Cisco Firepower, Cisco WSA, Symantec DLP, RSA Netwitness, FireEye NX and PaloAlto NG Firewall. \n Conclusion and final remarks \n The AdminPolicyBasedExternalRoute resource type introduced with OpenShift 4.14 opens many possibilities of getting more visibility into the cluster, higher scalability and many security functionalities available in your existing BIG-IP platform. I hope this article has been an eye opener for the possibilities of the BIG-IP platform with OpenShift. I would love to hear if you have any specific requirements for the use cases mentioned in the article. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"6892","kudosSumWeight":1,"repliesCount":2,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItSlpZcFhn?revision=6\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItQXpyRXly?revision=6\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTIteFlFRGIz?revision=6\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTIteUFOOWNP?revision=6\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItVGoyRExx?revision=6\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItd3RzbTdF?revision=6\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItUkMxNGFh?revision=6\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItcHpWbWVT?revision=6\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItbFJKWjBa?revision=6\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzMzNTItV1ZEb3g5?revision=6\"}"}}],"totalCount":10,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:342325":{"__typename":"Conversation","id":"conversation:342325","topic":{"__typename":"TkbTopicMessage","uid":342325},"lastPostingActivityTime":"2025-07-18T09:33:41.370-07:00","solved":false},"User:user:189442":{"__typename":"User","uid":189442,"login":"Greg_Coward","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xODk0NDItOHNzWXY0?image-coordinates=250%2C0%2C1960%2C1710"},"id":"user:189442"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtekZxRzIw?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtekZxRzIw?revision=10","title":"Picture1.png","associationType":"BODY","width":2745,"height":1200,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtZDNZb0x4?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtZDNZb0x4?revision=10","title":"ltmdns.png","associationType":"BODY","width":2365,"height":898,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtU2l6YWJM?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtU2l6YWJM?revision=10","title":"s3mon1.png","associationType":"BODY","width":1847,"height":2479,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtTkg2eklw?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtTkg2eklw?revision=10","title":"pool1.png","associationType":"BODY","width":2740,"height":2475,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtbmlnQllC?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtbmlnQllC?revision=10","title":"Screenshot 2025-07-03 at 12.15.35 PM.png","associationType":"BODY","width":1026,"height":1480,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtN1d4U2xJ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtN1d4U2xJ?revision=10","title":"Screenshot 2025-06-30 at 2.37.20 PM.png","associationType":"BODY","width":985,"height":382,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtNzk4SGxm?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtNzk4SGxm?revision=10","title":"mon9020.png","associationType":"BODY","width":1851,"height":2475,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUteTdwRmlj?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUteTdwRmlj?revision=10","title":"pool9020'.png","associationType":"BODY","width":2791,"height":2479,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtUjZRbjgx?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtUjZRbjgx?revision=10","title":"virt2.png","associationType":"BODY","width":1604,"height":2475,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtaTZaYkVC?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtaTZaYkVC?revision=10","title":"virt3.png","associationType":"BODY","width":1650,"height":2475,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtZEhpVUNH?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtZEhpVUNH?revision=10","title":"image.png","associationType":"BODY","width":613,"height":467,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtdEFzS1M1?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtdEFzS1M1?revision=10","title":"listener.png","associationType":"BODY","width":2209,"height":2475,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtRVVsTFVx?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtRVVsTFVx?revision=10","title":"Screenshot 2025-07-03 at 8.55.49 AM.png","associationType":"BODY","width":457,"height":201,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtUjVjMzdk?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtUjVjMzdk?revision=10","title":"dc.png","associationType":"BODY","width":1750,"height":1347,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUteTBwdlp3?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUteTBwdlp3?revision=10","title":"Screenshot 2025-07-03 at 1.11.14 PM.png","associationType":"BODY","width":552,"height":227,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtbXhwQUcw?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtbXhwQUcw?revision=10","title":"dnserver.png","associationType":"BODY","width":2809,"height":2310,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtV29QaFJa?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtV29QaFJa?revision=10","title":"Screenshot 2025-07-03 at 1.21.30 PM.png","associationType":"BODY","width":576,"height":224,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtSDB2UVNw?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtSDB2UVNw?revision=10","title":"dnspool.png","associationType":"BODY","width":2956,"height":2896,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtMzJDTUo3?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtMzJDTUo3?revision=10","title":"wideip.png","associationType":"BODY","width":1420,"height":2475,"altText":""},"TkbTopicMessage:message:342325":{"__typename":"TkbTopicMessage","subject":"How I did it - \"High-Performance S3 Load Balancing of Dell ObjectScale with F5 BIG-IP\"","conversation":{"__ref":"Conversation:conversation:342325"},"id":"message:342325","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/message:342325","revisionNum":10,"uid":342325,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:189442"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" As AI and data-driven workloads grow, enterprises need scalable, high-performance, and resilient storage. Dell ObjectScale delivers with its cloud-native, S3-compatible design, ideal for AI/ML and analytics. F5 BIG-IP LTM and DNS enhance ObjectScale by providing intelligent traffic management and global load balancing—ensuring consistent performance and availability across distributed environments. This article introduces Dell ObjectScale and its integration with F5 solutions for advanced use cases. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":412},"postTime":"2025-07-15T05:00:00.038-07:00","lastPublishTime":"2025-07-15T09:40:54.405-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Introduction \n As AI and data-driven applications continue to evolve, enterprises require storage solutions that can scale seamlessly while delivering high performance and resilience. Dell ObjectScale meets these demands with a cloud-native, S3-compatible architecture ideal for modern workloads like AI/ML and analytics. To further enhance ObjectScale’s capabilities, F5 BIG-IP LTM and F5 BIG-IP DNS provide intelligent traffic management and global load balancing—ensuring consistent performance, availability, and scalability across distributed environments. In this installment of \"How I Did It,\" I introduce Dell ObjectScale and explore how F5 solutions integrate to support these advanced use cases. \n Dell ObjectScale Overview \n Dell ObjectScale is a modern, software-defined object storage platform designed to deliver cloud-native scalability and performance for enterprise environments. Built on a Kubernetes foundation, ObjectScale enables organizations to deploy S3-compatible object storage across on-premises, edge, and hybrid cloud infrastructures. Its native support for the Amazon S3 protocol allows seamless integration with a wide range of applications and tools that rely on S3 APIs for object storage operations such as PUT, GET, DELETE, and LIST. This compatibility ensures that developers and IT teams can leverage existing S3-based workflows without modification. They can benefit from ObjectScale’s enterprise-grade features like multi-tenancy, strong consistency, and integrated security. With its focus on simplicity, elasticity, and API-driven management, Dell ObjectScale is well-suited for modern workloads including AI/ML, analytics, backup, and cloud-native application development. \n \n Integrating F5 BIG-IP for Scalable, Resilient Object Storage \n F5 BIG-IP LTM and DNS provide a powerful load balancing solution that enhances Dell ObjectScale’s object storage platform by ensuring scalability, high availability, and performance. As ObjectScale is designed to support S3-compatible workloads across on-premises, edge, and hybrid cloud environments, F5 BIG-IP LTM intelligently distributes incoming S3 API traffic—such as PUT, GET, DELETE, and LIST—across multiple ObjectScale nodes or clusters. This ensures that workloads are balanced based on real-time metrics like connection count or server health, enabling seamless horizontal scaling as demand grows. \n In parallel, BIG-IP DNS (formerly GTM) adds global server load balancing capabilities. It directs client requests to the most optimal ObjectScale deployment based on geolocation, latency, and availability. This is especially valuable in hybrid or multi-site deployments, where traffic needs to be routed intelligently across regions. Together, LTM and DNS provide continuous health monitoring and automatic failover, ensuring that object storage services remain accessible even during node or site failures. \n Performance is further optimized through features like SSL offloading, TCP connection reuse, and DNS caching, all of which help reduce latency and improve throughput for high-volume S3 operations. \n F5 BIG-IP platforms—ranging from Virtual Editions (VE) to high-performance rSeries and VELOS appliances—offer flexible deployment options to meet a wide range of performance and scalability needs. FastL4 virtual servers, optimized for Layer 4 processing, can deliver up to 800 Gbps of throughput and support over 100 million concurrent connections on fully loaded rSeries or VELOS systems. This makes them ideal for stateless, high-throughput S3 traffic. \n \n For deployments that require TLS termination and Layer 7 visibility, both the F5 r10900 and the VELOS BX520 blade offer strong performance, but with different strengths. The r10900 can handle approximately 1.2 million Layer 7 requests per second (RPS), support up to 180 million concurrent TLS connections, and deliver around 140,000 SSL transactions per second (TPS). In contrast, a single VELOS BX520 blade significantly scales up Layer 7 performance, supporting around 15 million RPS and up to 400 million concurrent TLS connections, with SSL TPS around 110,000. These differences highlight how architectural factors like CPU frequency, vCPU density, and hardware acceleration influence real-world performance across platforms. \n Virtual Editions also benefit from modern CPU advancements, with internal benchmarks showing 40–60% gains in HTTP performance when moving to newer processor generations. These performance tiers allow organizations to align BIG-IP deployment models with their specific workload and infrastructure goals. \n This makes the combined F5 and Dell ObjectScale solution ideal for AI/ML, analytics, backup, and cloud-native applications. These applications need consistent, high-speed access to object storage. The remainder of this document outlines the configuration steps required to deploy F5 BIG-IP LTM and DNS for load-balancing Dell ObjectScale environments, ensuring optimal scalability, availability, and performance. \n \n Load Balancing the ObjectScale VDC with F5 BIG-IP LTM \n \n \n \n S3 Addressing in Dell ObjectScale \n ObjectScale supports S3-compatible RESTful APIs for object access, including standard HTTP methods such as GET, PUT, POST, DELETE, and HEAD. Key aspects of S3 addressing in ObjectScale include: \n \n \n Bucket-based addressing: ObjectScale supports both path-style and virtual-host-style bucket addressing, depending on client configuration and DNS setup. \n \n \n Port configuration: S3 communication typically occurs over port 9020 (HTTP) or 9021 (HTTPS), as defined in the ObjectScale Security Configuration Guide. \n \n \n Multi-protocol interoperability: Data ingested via S3 can be accessed through other supported protocols like NFS and Swift, though with some limitations due to protocol semantics. \n \n \n Metadata search: ObjectScale enhances S3 functionality with rich metadata indexing and search capabilities, allowing clients to query objects using custom or system metadata fields. \n \n \n \n TLS Termination…or NOT? \n F5 BIG-IP offers two primary virtual server types for handling S3 traffic: FastL4 (Performance Layer 4) and Standard (Full Proxy) virtual servers. Each serves different performance and feature needs. \n \n \n FastL4 Virtual Server: This option is optimized for high-throughput, low-latency traffic. It operates at Layer 4 (TCP/UDP) and uses the FastL4 profile to accelerate packet processing, often leveraging hardware like the ePVA chip when available. FastL4 is ideal for environments where raw performance is critical and minimal inspection or modification of traffic is required. However, it offers limited support for Layer 7 features and TLS termination. If TLS encryption is required, TLS termination will be performed on the ObjectScale node. \n \n \n Standard Virtual Server: This full proxy option supports advanced Layer 7 features, including TLS termination, HTTP profile customization, and iRules for traffic manipulation. It allows the BIG-IP system to decrypt incoming HTTPS traffic, inspect or modify it before forwarding to backend ObjectScale nodes. While slightly more resource-intensive, it provides greater flexibility and visibility—important for environments requiring detailed traffic control or security inspection. \n \n \n Note: Although it can be CPU-intensive, terminating a client connection twice—once on the BIG-IP LTM and again on the ObjectScale node—may be necessary when full end-to-end encryption is required and the LTM needs to inspect HTTP headers. This is often the case when using an iRule, (described in a later section) to hash an object’s name to determine the appropriate destination pool. In such scenarios, the LTM must decrypt the traffic to access the HTTP layer, then re-encrypt it before forwarding to ObjectScale. This ensures both security and intelligent traffic steering. \n In S3 load balancing scenarios, FastL4 is typically used when performance is paramount and TLS termination is handled elsewhere or is not needed. Standard virtual servers are preferred when TLS offloading, application-layer visibility, or advanced traffic policies are required. \n Note: For the remainder of this document, it is assumed that the reader has a general understanding of F5 BIG-IP and is familiar with configuring basic services. Foundational setup and introductory concepts are not covered. Refer to the BIG-IP LTM-DNS operations guide for additional information and guidance related to F5 BIG-IP LTM/DNS. \n \n Speed it up with Performance (FastL4) and TLS passthrough \n FastL4 is ideal for high-performance environments with minimal traffic inspection. It does not support Layer 7 features or TLS termination, which must instead occur on the ObjectScale node if encryption is required. To enable FastL4 S3 load balancing, you will configure the following BIG-IP resources: \n \n \n Custom S3 Health Monitor \n \n \n ObjectScale Pool(s) \n \n \n Performance (FastL4) virtual server \n \n \n \n Create a custom S3 Health Monitor \n \n \n Log in to the BIG-IP Configuration Utility and navigate to Local Traffic > Monitors. \n \n \n Click Create. \n \n \n Enter a Name for your monitor (e.g., objectscale-s3-ping-9021). \n \n \n Set the Type to HTTPS. \n \n \n \n \n Configure Basic Settings (see below) \n \n \n Send String: The HTTP request to send (GET /?ping HTTP/1.1\\r\\nHost:f5\\r\\n\\r\\n). Use of the S3 Ping operation is recommended in monitoring ECS S3 service port availability on ECS software running on dedicated ECS hardware. This operation is documented inside the Dell EMC ECS REST API Reference Guide, which can be found at https://www.emc.com/techpubs/api/ecs/v3-0-0-0/index.htm. \n \n \n Receive String: The expected response (<Name>MAINTENANCE_MODE</Name><Status>OFF</Status>). \n \n \n \n \n \n 4. Select ‘Finished’ to create the monitor (see above). \n \n Create Dell ObjectScale pool \n \n \n If necessary, log in to the BIG-IP Configuration Utility and navigate to Local Traffic > Pools. \n \n \n Click Create. \n \n \n \n Enter a Name (e.g., objectscale_vdc1). \n \n \n Assign the previously created Health Monitor (e.g., objectscale-s3-ping-9021). \n \n \n Choose a Load Balancing Method (Least Connections is the recommended method for ObjectScale VDC nodes). \n \n \n Add Pool Members. For each ObjectSale node, provide a name, address, and port (9021). \n \n \n \n \n 3. Select ‘Finished’ to create the pool (see above). \n \n Create Performance (FastL4) virtual server \n \n \n If necessary, log in to the BIG-IP Configuration Utility and navigate to Local Traffic > Virtual Servers. \n \n \n Click Create. \n \n \n \n Enter a Name (e.g., objectscale_vs_fastL4). \n \n \n Type: Select Performance (Layer4) — this enables FastL4 processing. \n \n \n Destination Address/Mask: Enter the IP address clients will connect to. \n \n \n Service Port: Enter the port number ( 443 for HTTPS passthrough). \n \n \n Source Address Translation: Set to Automap \n \n \n Default Pool: Select the previously created ObjectScale pool (e.g., objectscale_vdc1). \n \n \n SNAT: Set to Automap or specify a SNAT pool if needed. \n \n \n Default Persistence Profile: Optionally, select source_addr. \n \n \n \n \n 3. Select ‘Finished’ to create the virtual server (see above). \n \n ObjectScale Storage Efficiency \n Dell ObjectScale uses XOR-based encoding as part of its erasure coding strategy to optimize storage efficiency and resilience during S3 read/write operations, particularly in multi-site deployments. \n When ObjectScale is set up with a replication group that includes three or more sites, it uses XOR encoding to save storage space while keeping data safe. Each site in the replication group maintains a chunk manager table that tracks data chunks and their roles (e.g., primary, copy, remote). When a site finds that it has many copy-type chunks from other sites, it can do an XOR on those chunks to make a parity chunk locally. \n For example, if Site 3 holds two copy chunks—C2 from Site 2 and C3 from Site 1—it can compute a new chunk C5 as the XOR of C2 and C3. This new chunk is marked as a parity chunk and stored locally. Once the XOR operation is complete, the original copy chunks (C2 and C3) are deleted, and their entries in the chunk manager table are updated to reflect that they are now encoded. \n \n Impact on S3 Read/Write Operations \n \n \n Write Efficiency: During writes, ObjectScale distributes data across sites and uses XOR encoding to reduce the number of full data copies needed, saving disk space and improving write throughput. \n \n \n Read Optimization: For reads, ObjectScale prioritizes serving data from the primary site. If a primary chunk is unavailable, the system can reconstruct the data using the XOR parity chunk and the remaining copy. \n \n \n Storage Savings: This approach significantly reduces the storage footprint compared to full replication, especially as the number of sites increases. \n \n \n Transparency to S3 Clients: All of this is abstracted from the S3 client. Applications using the S3 API interact with ObjectScale as if it were a standard S3-compatible object store, while the platform handles encoding and decoding behind the scenes. \n \n \n This XOR-based erasure coding model lets ObjectScale provide high availability and fault tolerance with less storage work, making it good for large-scale S3 workloads. \n \n \n \n There’s an iRule for that! \n Some organizations may benefit from configuring BIG-IP LTM to access both local and remote ObjectScale nodes. While applications perform best when communicating with a local ObjectScale site, those that can tolerate added latency may take advantage of ObjectScale’s XOR-based storage efficiency, which requires data to be written evenly across three or more sites. \n However, reading data from remote sites can introduce WAN overhead and caching inefficiencies. This is because ObjectScale maintains strong consistency by assigning object ownership to a specific VDC. When an object is read from a non-owner site, ObjectScale must verify the latest version with the owner across the WAN. \n To reduce this overhead, LTM can direct read requests to the site where the object was originally written, minimizing WAN traffic and avoiding unnecessary caching. This improves performance and ensures efficient use of ObjectScale resources. \n While round-robin write distribution maximizes XOR efficiency, applying the same logic to reads can lead to performance issues. Instead, a geo-affinity algorithm—validated using the S3 API—ensures writes are balanced across sites while reads are directed to the original write location. This approach reduces WAN traffic, improves performance, and eliminates the need to cache remote data. \n The example iRule below uses a hash of the object path to consistently route requests to the correct pool, with one local and two remote ObjectScale sites configured. \n when HTTP_REQUEST { \n\n set mybaseURL \"s3.global.f5demo.net\"\n if { [HTTP::path] ne {/} and [HTTP::path] starts_with {/} }{ if { [getfield [HTTP::host] {:} 1] ends_with $mybaseURL or [getfield [HTTP::host] {:} 1] ends_with \".s3.amazonaws.com\" }{ set path [string range [HTTP::path] 1 end] } \nelse { \nset pathList [split [HTTP::path] {/}] \n\nif { [llength $pathList] > 2 } { \n set path [string range [join [replace $pathList 1 1] {/}] 1 end] \n } \n} \nif { [info exists path] and $path ne {} } { binary scan [sha1 $path] H6 hash \nswitch -- [expr 0x$hash % 3 ] { \n0 { pool /Common/objectscale_vdc1 } \n1 { pool /Common/objectscale_vdc2 } \n2 { pool /Common/objectscale_vdc3 } \n} \n} \n} \n}\n \n \n Reducing backend load and with a Standard Virtual Server and TLS termination \n The Standard virtual server type enables advanced Layer 7 features such as TLS termination, HTTP profile customization, and iRules for traffic control. Backend ObjectScale nodes can receive traffic unencrypted (as shown below) or re-encrypted when end-to-end TLS is required. \n Note: For remote backend pools—including when using the above-noted geo-affinity iRule—TLS re-encryption is strongly recommended. \n To enable S3 load balancing utilizing a Standard virtual server, you will configure the following BIG-IP resources: \n \n Custom S3 Health Monitor \n ObjectScale Pool(s) \n Geo-Affinity iRule, (as described in previous section) \n Standard virtual server \n \n \n Create a custom S3 Health Monitor \n \n \n Log in to the BIG-IP Configuration Utility and navigate to Local Traffic > Monitors. \n \n \n Click Create. \n \n \n Enter a Name for your monitor (e.g., objectscale-s3-ping-9020). \n \n \n Set the Type to HTTP. \n \n \n Send String: The HTTP request to send (GET /?ping HTTP/1.1\\r\\nHost:f5\\r\\n\\r\\n). Use of the S3 Ping operation is recommended for monitoring ECS S3 service port availability on ECS software running on dedicated ECS hardware. This operation is documented inside the Dell EMC ECS REST API Reference Guide, which can be found at https://www.emc.com/techpubs/api/ecs/v3-0-0-0/index.htm. \n \n \n Receive String: The expected response (<Name>MAINTENANCE_MODE</Name><Status>OFF</Status>). \n \n \n \n \n \n 3. Select ‘Finished’ to create the monitor (see above). \n \n Create Dell ObjectScale pool (utilizing TLS offload) \n \n \n If necessary, log in to the BIG-IP Configuration Utility and navigate to Local Traffic > Pools. \n \n \n Click Create. \n \n \n Enter a Name (e.g., objectscale_vdc1_9020). \n \n \n Assign the previously created Health Monitor (e.g., objectscale-s3-ping-9020). \n \n \n Choose a Load Balancing Method (Least Connections is the recommended method for ObjectScale VDC nodes). \n \n \n Add Pool Members. For each ObjectSale node, provide a name, address, and port (9020). \n \n \n \n \n \n 3. Select ‘Finished’ to create the pool (see above). \n \n Create Standard virtual server \n \n \n If necessary, log in to the BIG-IP Configuration Utility and navigate to Local Traffic > Virtual Servers. \n \n \n Click Create. \n \n \n \n Enter a Name (e.g., objectscale_vs_standard). \n \n \n Type: Select Standard. \n \n \n Destination Address/Mask: Enter the IP address clients will connect to. \n \n \n Service Port: Enter the port number ( 443 for HTTPS). \n \n \n HTTP Profile (Client): Select http. \n \n \n SSL Profile (Client): Select a previously created Client SSL profile corresponding to a previously uploaded/created TLS certificate/key combination. \n \n \n SSL Profile (Server): (Optional) If TLS re-encryption to the backend pool is required, select services from the available options. \n \n \n \n \n \n \n \n \n Source Address Translation: Set to Automap \n \n \n OneConnect Profile: To enable connection reuse between clients and servers, select the default profile, oneconnect. \n \n \n iRules: For multi-VDC connectivity, create and select the previously described iRule. \n \n \n Default Pool: Select the previously created ObjectScale pool (e.g., objectscale_vdc1_9020). \n \n \n Default Persistence Profile: Optionally, select source_addr. \n \n \n \n \n \n 3. Select ‘Finished’ to create the virtual server (see above). \n \n Efficient Load Balancing across Multiple ObjectScale Sites with F5 BIGIP DNS \n BIG-IP DNS enables intelligent load balancing across multiple Dell ObjectScale VDC sites within a replication group by directing client requests to the optimal site based on proximity, health, or custom logic. This ensures high availability and performance for S3 workloads, even in geographically distributed deployments. When paired with geo-affinity iRules, BIG-IP DNS can dynamically steer traffic to the nearest or healthiest VDC. This improves latency and resiliency while optimizing read/write operations. For additional configuration details, refer to the BIG-IP DNS/DNS services operations guide. \n \n Configure DNS Listeners \n A BIG-IP DNS listener is a virtual server that listens for DNS queries on a specified IP address and port (typically UDP/TCP 53), enabling the BIG-IP system to process and respond to DNS requests for services like GSLB. \n \n \n If necessary, log in to the BIG-IP Configuration Utility and navigate to DNS > Delivery > Listeners > Listener List. \n \n \n Click Create. \n \n \n Configure Basic Settings \n \n \n Enter a Name: Enter a descriptive name (e.g., DNS_TCP_listener). \n \n \n Destination Address/Mask: Enter the IP address the BIG-IP will receive DNS requests. \n \n \n Select the appropriate protocol (TCP or UDP). \n \n \n \n \n \n 4. Click ‘Finished’ to create the listener. \n 5. Repeat steps 1-4 to create a UDP listener. \n \n \n Define Data Centers \n BIG-IP DNS data centers are logical groupings that represent physical or cloud locations used in GSLB to route DNS traffic based on health, geography, and performance. They enable intelligent traffic distribution and high availability across globally distributed applications. \n \n \n If necessary, log in to the BIG-IP Configuration Utility and navigate to DNS > GSLB > Data Centers. \n \n \n Click Create. \n \n \n Configure Basic Settings \n \n \n Enter a Name: Enter a descriptive name (e.g., DC1). \n \n \n Location: Provide a descriptive location for the data center (e.g., Seattle). \n \n \n Select the appropriate Prober preference (defaults to Inside Data Center). \n \n \n \n \n \n 4. Click ‘Finished’ to create the data center. \n 5. Repeat steps 1-4 to create additional data centers as necessary. \n \n \n Configure and associate BIG-IP DNS servers with Data Centers \n BIG-IP DNS server objects represent physical or virtual DNS servers within a data center. They are used to monitor and route DNS traffic based on health, performance, and proximity. \n \n \n If necessary, log in to the BIG-IP Configuration Utility and navigate to DNS > GSLB > Servers > Server List. \n \n \n Click Create. \n \n \n Configure Basic Settings. \n \n \n \n \n \n \n Enter a Name: Enter a name for the server (e.g., bigip1.f5demo.net). \n \n \n Data Center: Select the data center where the server resides. \n \n \n BIG-IP System Devices: Click on ‘Add’ and provide the BIG-IP’s \n \n \n Health Monitor: Select ‘bigip’. \n \n \n Virtual Server Discovery: Select ‘Enabled’ to automatically detect and associate virtual servers on defined BIG-IP system(s). \n \n \n \n \n \n 4. Click ‘Finished’ to create the data center. \n 5. Repeat steps 1-4 to create define additional servers as necessary. \n \n \n Create the GSLB Pool \n The GSLB pool in BIG-IP DNS is a collection of virtual servers across multiple data centers that distribute DNS traffic based on health, performance, and proximity to ensure high availability and optimal user experience. \n \n \n If necessary, log in to the BIG-IP Configuration Utility and navigate to DNS > GSLB > Pools > Pool List. \n \n \n Click Create. \n \n \n Configure Basic Settings \n \n \n Enter a Name: Provide a name for the pool (e.g., objectscale_standard_pool). \n \n \n Type: Select ‘A’. The pool/wide IP responds to A queries. \n \n \n Health Monitors: Select ‘https’. \n \n \n Load Balancing Method: Select ‘Topology’ for the preferred method. The topology GSLB method in BIG-IP DNS directs client requests based on the geographic location of the client's DNS resolver, ensuring users are routed to the closest or most appropriate datacenter for optimal performance. \n \n \n Member List: Select the appropriate virtual servers (automatically discovered) from the list and click on ‘Add’. \n \n \n \n \n \n 4. Click ‘Finished’ to create the pool. \n \n Create GSLB Wide IP \n A GSLB Wide IP in BIG-IP DNS is a globally resolvable DNS name that maps to one or more pools of application resources. It acts as the entry point for distributing client requests across multiple data centers based on load balancing methods like topology, availability, or performance. \n \n \n If necessary, log in to the BIG-IP Configuration Utility and navigate to DNS > GSLB > Wide IPs > Wide IP List. \n \n \n Click Create. \n \n \n Configure Basic Settings \n \n \n Under General Properties, select ‘Advanced’. \n \n \n Enter a Name the FQDN clients will query, (e.g. s3.global.f5demo.net). The entry corresponds to the ObjectScale DefaultBaseURL and iRule referenced in a previous section. \n \n \n Type: Select ‘A’ record type. \n \n \n Alias List: Add any necessary alias DNS records. In the example provided (see below), a wildcard alias, (*.s3.global.f5demo.net) has been added. The wildcard alias enables virtual-host-style bucket addressing, (e.g. bucket1.s3.global.f5demo.net, bucket5.s3.global.f5demo.net, etc.). \n \n \n Load Balancing Method: Select ‘Topology’. \n \n \n Pool List: From the list of pools select the previously created GSLB pool and click on ‘Add’. \n \n \n \n \n \n 7. Click ‘Finished’ to create the Wide IP. \n \n \n \n \n \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"25097","kudosSumWeight":3,"repliesCount":1,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtekZxRzIw?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtZDNZb0x4?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtU2l6YWJM?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtTkg2eklw?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtbmlnQllC?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtN1d4U2xJ?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtNzk4SGxm?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUteTdwRmlj?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtUjZRbjgx?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtaTZaYkVC?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDEx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtZEhpVUNH?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDEy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtdEFzS1M1?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDEz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtRVVsTFVx?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtUjVjMzdk?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUteTBwdlp3?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtbXhwQUcw?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtV29QaFJa?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtSDB2UVNw?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE5","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtMzJDTUo3?revision=10\"}"}}],"totalCount":19,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:342422":{"__typename":"Conversation","id":"conversation:342422","topic":{"__typename":"TkbTopicMessage","uid":342422},"lastPostingActivityTime":"2025-07-15T04:00:00.034-07:00","solved":false},"User:user:305638":{"__typename":"User","uid":305638,"login":"Valentin_Tobi","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0zMDU2MzgtMjE5NThpMzEwNzRGNTRCM0ZCREU4Rg"},"id":"user:305638"},"TkbTopicMessage:message:342422":{"__typename":"TkbTopicMessage","subject":"Introducing the F5 AI Assistant for BIG-IP","conversation":{"__ref":"Conversation:conversation:342422"},"id":"message:342422","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/message:342422","revisionNum":4,"uid":342422,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:305638"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" See how F5 AI Assistant for BIG-IP accelerates the creation of new iRules and simplifies their management, making traffic management and security more accessible and efficient than ever before. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":564},"postTime":"2025-07-15T04:00:00.034-07:00","lastPublishTime":"2025-07-15T04:00:00.034-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" iRules have long been one of F5’s biggest differentiators and one of the main reasons for its success. The ability to manipulate data in flight in an almost unrestricted way is unmatched in the industry. It has been leveraged for almost every conceivable purpose, from small tweaks like HTTP header modifications to the implementation of new features. It’s no wonder that more than 85% of BIG-IP customers use iRules. \n iRules come with their own challenges: they are based on TCL, an excellent scripting language for its purpose, but it doesn’t have many users, so the knowledge pool is restricted. While writing simple iRules is very straightforward and intuitive, more complex iRules require a deep understanding of TMM, and this can be particularly challenging. Many iRules were actually developed to (temporarily) patch problems with the back-end servers but were so successful that they turned into permanent fixes. The downside is that the hastily developed scripts might not have been properly documented. This poses an additional challenge regarding their support by unfamiliar Ops teams. \n All these challenges can be overcome by allocating in-depth training and provisioning more time to analyze the code. However, Ops team reaction time will likely be affected. Since speed a a critical ingredient for the success of any Ops team, F5 designed the AI Assistant for BIG-IP to automate the creation, maintenance, and optimization of iRules, reducing the time and resources required for iRules management, while reducing errors and ensuring a more reliable and consistent experience. \n F5’s AI Assistant for BIG-IP uses Generative AI to deliver a natural language interface for BIG-IP iRules that can: \n \n Analyze existing iRules to summarize their purpose, components, and structure \n Generate new iRules based off business and application requirements \n Provide more context on iRules events and commands \n \n Let’s see a demo of F5’s AI Assistant for BIG-IP: \n \n \n Conclusion \n F5 AI Assistant for BIG-IP aims to accelerate the creation of new iRules and simply their management, making traffic management and security more accessible and efficient than ever before. \n \n Resources \n F5 Enterprise AI Delivery and Security ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"2263","kudosSumWeight":0,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[{"__typename":"VideoEdge","cursor":"MHxodHRwczovL3d3dy55b3V0dWJlLmNvbS93YXRjaD92PUxRdzU0M0g4dDVjLzE3NTI1MTQ0MzM2Mjh8MHwyNTsyNXx8","node":{"__typename":"AssociatedVideo","videoTag":{"__typename":"VideoTag","vid":"https://www.youtube.com/watch?v=LQw543H8t5c/1752514433628","thumbnail":"https://i.ytimg.com/vi/LQw543H8t5c/hqdefault.jpg","uploading":false,"height":240,"width":320,"title":null},"videoAssociationType":"INLINE_BODY"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:342167":{"__typename":"Conversation","id":"conversation:342167","topic":{"__typename":"TkbTopicMessage","uid":342167},"lastPostingActivityTime":"2025-07-10T05:00:00.035-07:00","solved":false},"User:user:427941":{"__typename":"User","uid":427941,"login":"Rawdata","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS00Mjc5NDEtSlY5T3hr?image-coordinates=1099%2C0%2C5099%2C4000"},"id":"user:427941"},"TkbTopicMessage:message:342167":{"__typename":"TkbTopicMessage","subject":"NGINX App Protect Data Plane Add-on in Kubernetes","conversation":{"__ref":"Conversation:conversation:342167"},"id":"message:342167","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/message:342167","revisionNum":6,"uid":342167,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:427941"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" This article is for users that wish to leverage NGINX in Kubernetes and bypass complexities and potential outages caused by K8s objects. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":97},"postTime":"2025-07-10T05:00:00.035-07:00","lastPublishTime":"2025-07-10T05:00:00.035-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Most enterprise workloads in Kubernetes are exposed by ingress controllers to external traffic. DevOps/NetOps engineers struggle to migrate workloads from virtualized environments (Cloud VMs, VMWare ESXI, Nutanix, KVM) to container orchestrators (Kubernetes being the most popular). This is because the Kubernetes networking fabric will now handle many functions that used to run inside a VM (security, logging, scaling, and so on). \n DevOps teams use custom resource objects in YAML format to define the networking fabric in Kubernetes. The ingress controller is one example of a Kubernetes network function defined by DevOps teams. \n There are two options to configure the F5 NGINX Ingress Controller in Kubernetes. You can use CRDs (Custom Resource Definitions) provided by F5 or Ingress resources. \n Kubernetes adds a layer of complexity where resource definitions are translated to native nginx configuration that ultimately get loaded to the Ingress Controller for deployment. \n This extra complexity could pose operational challenges, because even though K8s Ingress schemas may be valid, they may not be valid for native nginx configurations. \n When deploying NGINX App Protect as a Dataplane Add-on in Kubernetes, we cut out this layer of complexity and mount nginx configs/policy files to the deployment. \n In this article, I will provide instructions on how you can quickly get started with NGINX App Protect in Kubernetes to solve many of these ever-changing challenges. \n \n Getting Started: NGINX App Protect Data Plane Add-on \n First clone the GitHub repository from the F5 DevCentral repository. \n \n $ git clone https://github.com/f5devcentral/NAP-Attack-Demos.git \n \n Run the script with the nginx license key arguments (JWT/cert/key). You can download the license files with an NGINX One enterprise trial license from our website. Existing customers can pull the license files from the MyF5 portal. \n \n $ sudo /bin/bash kubernetes/napv4_deploy <nginx-repo.crt> <nginx-repo.key> <license.jwt> \n \n Note: You will need docker and kubectl installed on your machine to run the script. \n Now I can verify that my App Protect deployment is running and expose my deployment with the NodePort method. \n $ kubectl get pods -o wide -n nginx-plus\n\nNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES \n\napp-protect-6cfd855db8-8ztqx 1/1 Running 3 (10m ago) 10m 192.168.75.124 rawdata <none> <none> \n \n Now I will create the NodePort Service and connect to NGINX App Protect in Kubernetes from my machine. \n $ kubectl apply -f kubernetes/nodeport.yaml\n$ curl -i \"http://<node-ip>:<nodeport>/<script>\" \n \n \n Making Config Policy Changes \n Changing the ingress controller would suggest changing K8s objects and applying them with the Kubernetes API. In this case, we will change the nginx config mounted on the Kubernetes deployment. For example, I will use the apply_policy script to apply the CSRF (Cross Site Request Forgery) policy. \n $ /bin/sh apply_policy ../CSRF/CSRF.json \n \n Conclusion \n DevOps/NetOps engineers struggle to migrate workloads from virtualized environments (Cloud VMs, VMWare ESXI, Nutanix, KVM) to Kubernetes due to the underlying complexity of the Kubernetes networking fabric. Configurations need to be translated to K8s objects, which can be very complex depending on the use case. A viable option is choosing NGINX App Protect as a Deployment rather than an ingress controller to bypass limitations of k8s objects. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"3793","kudosSumWeight":0,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:341336":{"__typename":"Conversation","id":"conversation:341336","topic":{"__typename":"TkbTopicMessage","uid":341336},"lastPostingActivityTime":"2025-07-08T18:04:30.595-07:00","solved":false},"User:user:195330":{"__typename":"User","uid":195330,"login":"momahdy","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xOTUzMzAtaENpUGx2?image-coordinates=0%2C588%2C1080%2C1668"},"id":"user:195330"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDEzMzYtU0JRU2l3?revision=5\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDEzMzYtU0JRU2l3?revision=5","title":"image.png","associationType":"BODY","width":507,"height":284,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDEzMzYtRlk5dGlT?revision=5\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDEzMzYtRlk5dGlT?revision=5","title":"image.png","associationType":"BODY","width":2245,"height":1545,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDEzMzYtQ0NXMTU1?revision=5\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDEzMzYtQ0NXMTU1?revision=5","title":"image.png","associationType":"BODY","width":561,"height":392,"altText":""},"TkbTopicMessage:message:341336":{"__typename":"TkbTopicMessage","subject":"BIG-IP Next for Kubernetes Nvidia DPU deployment walkthrough","conversation":{"__ref":"Conversation:conversation:341336"},"id":"message:341336","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/message:341336","revisionNum":5,"uid":341336,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:195330"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":484},"postTime":"2025-06-26T05:00:00.036-07:00","lastPublishTime":"2025-06-26T05:00:00.036-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n Introduction \n Modern AI factories—hyperscale environments powering everything from generative AI to autonomous systems—are pushing the limits of traditional infrastructure. As these facilities process exabytes of data and demand near-real-time communication between thousands of GPUs, legacy CPUs struggle to balance application logic with infrastructure tasks like networking, encryption, and storage management. \n Data Processing Units (DPUs), purpose-built accelerators that offload these housekeeping tasks, freeing CPUs and GPUs to focus on what they do best. DPUs are specialized system-on-chip (SoC) devices designed to handle data-centric operations such as network virtualization, storage processing, and security enforcement. By decoupling infrastructure management from computational workloads, DPUs reduce latency, lower operational costs, and enable AI factories to scale horizontally. \n \n \n BIG-IP Next for Kubernetes and Nvidia DPU \n Looking at F5 ability to deliver and secure every app, we needed it to be deployed at multiple levels, a crucial one being edge and DPU. \n Installing F5 BIG-IP Next for Kubernetes on Nvidia DPU requires installing Nvidia’s DOCA framework to be installed. What’s DOCA? \n NVIDIA DOCA is a software development kit for NVIDIA BlueField DPUs. BlueField provides data center infrastructure-on-a-chip, optimized for high-performance enterprise and cloud computing. DOCA is the key to unlocking the potential of the NVIDIA BlueField data processing unit (DPU) to offload, accelerate, and isolate data center workloads. With DOCA, developers can program the data center infrastructure of tomorrow by creating software-defined, cloud-native, GPU-accelerated services with zero-trust protection. \n \n Now, let's explore BIG-IP Next for Kubernetes components, \n The BIG-IP Next for Kubernetes solution has two main parts: the Data Plane - Traffic Management Micro-kernel (TMM) and the Control Plane. The Control Plane watches over the Kubernetes cluster and updates the TMM’s configurations. The BIG-IP Next for Kubernetes Data Plane (TMM) manages the supply of network traffic both entering and leaving the Kubernetes cluster. It also proxies the traffic to applications running in the Kubernetes cluster. \n The Data Plane (TMM) runs on the BlueField-3 Data Processing Unit (DPU) node. It uses all the DPU resources to handle the traffic and frees up the Host (CPU) for applications. The Control Plane can work on the CPU or other nodes in the Kubernetes cluster. This makes sure that the DPU is still used for processing traffic. \n \n Use-case examples: \n There are some recently awesome use cases released by F5’s team based on conversation and work from the field. Let’s explore those items: \n \n Protecting MCP servers with F5 BIG-IP Next for Kubernetes deployed on NVIDIA BlueField-3 DPUs \n \n \n \n LLM routing with dynamic load balancing with F5 BIG-IP Next for Kubernetes deployed on NVIDIA BlueField-3 DPUs \n \n \n \n F5 optimizes GPUs for distributed AI inferencing with NVIDIA Dynamo and KV cache integration. \n \n \n \n Deployment walk-through \n In our demo, we go through the configurations from BIG-IP Next for Kubernetes \n \n \n \n Main BIG-IP Next for Kubernetes features \n \n L4 ingress flow \n HTTP/HTTPs ingress flow \n Egress flow \n BGP integration \n Logging and troubleshooting (Qkview, iHealth) \n \n You can find a quick walk-through via BIG-IP Next for Kubernetes - walk-through \n \n Related Content \n \n BIG-IP Next for Kubernetes - walk-through \n BIG-IP Next for Kubernetes \n BIG-IP Next for Kubernetes and Nvidia DPU-3 walkthrough \n BIG-IP Next for Kubernetes \n F5 BIG-IP Next for Kubernetes deployed on NVIDIA BlueField-3 DPUs \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"3848","kudosSumWeight":1,"repliesCount":1,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDEzMzYtU0JRU2l3?revision=5\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDEzMzYtRlk5dGlT?revision=5\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDEzMzYtQ0NXMTU1?revision=5\"}"}}],"totalCount":3,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[{"__typename":"VideoEdge","cursor":"MHxodHRwczovL3lvdXR1LmJlL29mRDh3MnJpTmdRLzE3NTAwOTcxNjQ3MjV8MHwyNTsyNXx8","node":{"__typename":"AssociatedVideo","videoTag":{"__typename":"VideoTag","vid":"https://youtu.be/ofD8w2riNgQ/1750097164725","thumbnail":"https://i.ytimg.com/vi/ofD8w2riNgQ/hqdefault.jpg","uploading":false,"height":240,"width":320,"title":null},"videoAssociationType":"INLINE_BODY"}},{"__typename":"VideoEdge","cursor":"MHxodHRwczovL3lvdXR1LmJlL3NWTFl6Z3JCdzhZLzE3NTAwOTcyNzQzOTZ8MXwyNTsyNXx8","node":{"__typename":"AssociatedVideo","videoTag":{"__typename":"VideoTag","vid":"https://youtu.be/sVLYzgrBw8Y/1750097274396","thumbnail":"https://i.ytimg.com/vi/sVLYzgrBw8Y/hqdefault.jpg","uploading":false,"height":240,"width":320,"title":null},"videoAssociationType":"INLINE_BODY"}},{"__typename":"VideoEdge","cursor":"MHxodHRwczovL3lvdXR1LmJlL29nZlh4UDNNcnpRLzE3NTAwOTczNjAyMzV8MnwyNTsyNXx8","node":{"__typename":"AssociatedVideo","videoTag":{"__typename":"VideoTag","vid":"https://youtu.be/ogfXxP3MrzQ/1750097360235","thumbnail":"https://i.ytimg.com/vi/ogfXxP3MrzQ/hqdefault.jpg","uploading":false,"height":240,"width":320,"title":null},"videoAssociationType":"INLINE_BODY"}},{"__typename":"VideoEdge","cursor":"MHxodHRwczovL3lvdXR1LmJlL3ZkWWx3OFFaRFFBLzE3NTAwOTU4MzQxNjR8M3wyNTsyNXx8","node":{"__typename":"AssociatedVideo","videoTag":{"__typename":"VideoTag","vid":"https://youtu.be/vdYlw8QZDQA/1750095834164","thumbnail":"https://i.ytimg.com/vi/vdYlw8QZDQA/hqdefault.jpg","uploading":false,"height":240,"width":320,"title":null},"videoAssociationType":"INLINE_BODY"}}],"totalCount":4,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:328325":{"__typename":"Conversation","id":"conversation:328325","topic":{"__typename":"TkbTopicMessage","uid":328325},"lastPostingActivityTime":"2025-07-08T09:14:54.471-07:00","solved":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtSmI2RHFw?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtSmI2RHFw?revision=27","title":"sample deployment.png","associationType":"BODY","width":2048,"height":1152,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtVjRIVjNE?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtVjRIVjNE?revision=27","title":"ocp-api virtual server.png","associationType":"BODY","width":1370,"height":1872,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtWVEzQUx0?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtWVEzQUx0?revision=27","title":"API pool and healthcheck.png","associationType":"BODY","width":2048,"height":1152,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtNWhpazhN?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtNWhpazhN?revision=27","title":"Screenshot 2024-03-07 at 14.36.02.png","associationType":"BODY","width":3330,"height":2154,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtYllLbVRC?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtYllLbVRC?revision=27","title":"listener vlans.png","associationType":"BODY","width":2048,"height":1152,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtVE4yYkc2?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtVE4yYkc2?revision=27","title":"adminpolicy.png","associationType":"BODY","width":2814,"height":2119,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtT25ZNEN5?revision=27\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtT25ZNEN5?revision=27","title":"snat configuration.png","associationType":"BODY","width":2048,"height":1152,"altText":""},"TkbTopicMessage:message:328325":{"__typename":"TkbTopicMessage","subject":"F5 BIG-IP deployment with Red Hat OpenShift - the no CIS option","conversation":{"__ref":"Conversation:conversation:328325"},"id":"message:328325","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/message:328325","revisionNum":27,"uid":328325,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:303102"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" This article is a set of recommendations when using BIG-IP as external load balancer of an OpenShift cluster with the default router (HA-proxy) and not using CIS ","introduction":"","metrics":{"__typename":"MessageMetrics","views":2394},"postTime":"2024-03-25T05:00:00.040-07:00","lastPublishTime":"2025-07-08T09:14:54.471-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Overview \n There are deployments where F5 BIG-IP is used in front of a Red Hat OpenShift cluster without the Container Ingress Services (CIS) controller. In general, this is not recommended because without CIS there is no Kubernetes integration and automation. This article is for deployments where for some reason CIS is not used. The article complements the configuration outlined in OpenShift´s documentation section Load balancing requirements for user-provisioned infrastructure regardless deployed in on-prem, public-cloud, bare-metal or virtual machines. When configuring a load balancer in front of OpenShift, two types of scenarios need to be covered: \n \n (core) API load balancing: this refers to the Kubernetes API and the bootstrap (Machine Config Server) services. These are ports 6443 and 22623 respectively in the control-plane nodes. \n The application´s ingress. These are ports 443 and 80 pointing to the nodes where HA-Proxy instances (aka OpenShift´s router) are deployed. Although not as critical as the core APIs, cluster critical applications are hosted through ingres. This is specially true for the HTTP route oauth-openshift.apps.<cluster name> required for authentication, but also in general for all OpenShift-deployed HTTP routes with name *.apps.<cluster name> . \n \n Through this article it is assumed a three arm configuration, which is the more broad example. This is shown in the next figure where the BIG-IP has an Internal VLAN facing the OpenShift deployment, an Internet VLAN and a DMZ VLAN to face clients outside the Security domain of the OpenShift deployment. \n \n \n BIG-IP configuration for API endpoints - Overview \n The configurations for both the Kubernetes API and the bootstrap services are very similar with the exception of the monitoring: \n \n The monitor for the Kubernetes API is an HTTPS monitor which checks both the HTTP 200 status code of /healthz and the \"ok\" in the payload for a successful probe. The interval, time-until-up and timeout follow Red Hat´s recommendations \"Probing every 5 or 10 seconds, with two successful requests to become healthy and three to become unhealthy, are well-tested values\". \n On the other hand, the monitor for the bootstrap (Machine Config Server) just checks for the HTTP status code of the same /healthz path checked (yet different port). All other settings remain the same. \n \n The rest of the configuration is analogous for both (with the exception of the port used): \n \n The pool includes all the control-plane nodes, the just configured monitor and a reselect-retries value of 2, which helps in case a connection is sent to a down server before is marked unavailable. The number follows the recommendation of calculating this value as #pool members -1, for of small pools like this case. \n The virtual server is configured using a fastL4 type because no TLS offloading or advanced capabilities are going to be configured. The most relevant configuration in this case is the use of SNAT automap and restricting access to the virtual server, covered in the hardening section. \n \n BIG-IP configuration for API endpoints - Configuration \n In the next figure it is shown a sample virtual server, pool and health monitor configuration for the API virtual server. The configuration for the bootstrap virtual server is analogous (except the VS port and health check). The virtual server configuration is shown next: \n \n Note that the above also includes source address configuration. This hardening is covered in a section further below. The pool and health monitor configuration follows: \n \n Note that in the case of the monitor for the bootstrap service, the health monitor receive string doesn´t check for the \"ok\" string in the payload. Therefore the receive string is \"^HTTP/1.1 200\" instead. \n BIG-IP configuration for Application Ingress - Overview \n In OpenShift´s documentation Load balancing requirements for user-provisioned infrastructure it is advised that for application´s ingress just a L4 load balancer with source address persistence should be used. In this article, It is considered that configuration is just the least common denominator across load balancers. Configuring the virtual server as standard full-proxy, can give benefits such as: \n \n SSL/TLS off-loading with SSL/TLS accelerators or by terminating the SSL/TLS in the BIG-IP \n Allows the use of SSL/TLS Hardware Secure Modules (HSM) or Network HSMs to securely store SSL/TLS keys. \n Allows to handle application layer data, allowing for content inspection, content-based switching, content-insertion or rewrite, either in the headers or in the payload. \n Allows to use BIG-IP's application layer security features such as Advanced WAF, Access Policy Manager or Bot defense. \n Inserting the simple but crucial task of inserting the X-Forwarded-For header. \n Allows for HTTP Cookie session persistence when the source IP (or hash) of the client cannot be used for persistence. \n Allows to restrict access to certain applications based on FQDN and path. For example, *.apps.<cluster name>. \n \n If any of the of the above features are desired, it is recommended to create two sets of virtual servers: \n \n A set of HTTP/HTTPS L4 virtual servers for the routes with name *.apps.<cluster name>. This way, applications see the expected clusters certificates. \n For custom routes, for example myapp.mydomain.com create separated HTTP/HTTPS virtual servers using the standard virtual server type. Optionally these routes could be in a separate shard as indicated in the hardening section. \n \n The next is a set of recommendations for appropriate health checking and failure handling of HA-proxy instances in OpenShift: \n \n Create an HTTP monitor for the readiness endpoint When a POD is not in Ready state, CIS automatically removes it from the pool. When not using CIS we need to mimic this functionality with an HTTP monitor in port 1936 (readiness endpoint) for both 443 and 80-port pools: ltm monitor http ocp_haproxy \n{ \n destination *.1936\n recv \"^HTTP/1.1 200\"\n send \"GET /healthz/ready HTTP/1.1\\r\\nHost: localhost\\r\\nConnection: close\\r\\n\\r\\n\" \n}\n This monitor will detect the following failure scenarios: \n \n There is no IP connectivity to the HA-proxy instance \n HA-proxy is not working properly (it will return a non-HTTP 200 status code) \n HA-proxy is performing a graceful shutdown (a POD deletion), for example when doing an upgrade (returning an HTTP 500 status code). \n \n The graceful shutdown process of HA-proxy is as follows: \n \n the readiness endpoint immediately returns an HTTP 500 error but will continue processing requests for the applications for 45 seconds. This is indicated in the response of the readiness endpoint with an ”[+]backend-http ok” message in the payload. \n after 45 seconds, the endpoint will return “[-]backend-http failed: reason withheld” and will TCP RESET any request for the applications. During these 45 seconds, the timer values to the HTTP monitor have plenty of time to disable the HA-proxy instance appropriately. \n \n \n \n The above health monitor is applied for both HTTP and HTTPS pools. By default, any worker node can be selected for the placement of the ingress controllers PODs. This can be controlled with the nodePlacement attribute of the IngressController resource. In the pool´s configuration (one for each port), the following configuration is advised: \n \n Handle non-graceful errors with the pool's reselect tries To deal better with non-graceful shutdowns or transient errors, we can make use of this mechanism which will reselect a new HA-proxy instance when a request to an application fails. The recommendation is to set the number of tries to the number of HA-proxy instances -1. \n \n \n Set an additional TCP monitor for HA-proxy´s application's path socket This additional TCP monitor in either port 80 or 443 complements the HTTP monitor of the readiness endpoint by additionally validating that the HA-proxy instances can listen for requests in their designated application's socket. Although this is handled with the reselect tries mechanism this monitor will provide visibility that such types of errors are happening. \n \n \n Established connections For already established connections the Action on Service Down feature could be used but it is considered that the default option NONE should be used. This will help finishing already established connections. Using RESET would trigger a faster retry from the HTTP client with the disadvantage of not allowing finishing requests that could potentially finish. Other options are not worth considering. \n \n Regardless of the virtual server type chosen (fastL4 or standard), when the BIG-IP is used in one-arm mode will require the use SNAT. On the other hand, when using two-arm mode and the traffic is reached through BIG-IP's external network, the use of SNAT can be avoided by using AdminPolicyBasedExternalRoute (see below the section Keeping the source IP of ingress clients below. \n \n BIG-IP configuration for Ingress - Configuration \n In the next image, it can be seen graphically the configuration recommended with key settings highlighted for the pool and monitor. \n \n In this section it is not shown a specific configuration for the virtual servers because these depend on the routing of the deployment, features and hardening desired (see next sections for details), yet the following must be always setup: \n \n When using L4 virtual servers, apply the default source address persistence profile. \n When using standard type virtual servers, apply the default cookie persistence profile. \n \n Virtual Server configuration hardening \n Simple but yet effective way of hardening these virtual servers can be done in several ways: \n \n Specifying explicitly in which VLANs the virtual servers listen for requests. In the case of the bootstrap service this should be only the VLAN between the BIG-IP and the OpenShift cluster. In the case of the Kubernetes API, this should include the same VLAN but potentially there might be Kubernetes clients accessing through a different BIG-IP VLAN. \n Specifying the source addresses expected to reach the virtual servers. In the case of the bootstrap service this should be set to the subnet of the OpenShift nodes. In the case of the Kubernes API this will be highly dependent \n \n Some organisations might choose not to specify source addresses and instead rely in firewalls to control the flows reaching the virtual services. Specifying the VLANs should be considered a minimum best practice. \n \n Additionally, this article suggests that application ingress should be segregated in ingress route shards (separate OpenShift router instances) dedicated for each purpose, for example one shard for cluster´s own apps (*.apps.<cluster name> like console or authentication) and another for custom apps. This Route sharding allows to have resource guaranteed for cluster own apps and isolation from custom apps, potentially with different configuration, guaranteeing service continuity of routes needed by the cluster. \n SNATs and keeping the source IP of ingress clients \n By default OpenShift sends the traffic to the default gateway of the network where the OpenShift cluster is placed. Traditionally, in the case of ingress traffic to the applications, in order to make the traffic symmetric (making the return traffic go through the load balancer) it has been required to use SNAT in the load balancer. With the introduction AdminPolicyBasedExternalRoute this is no longer required, allowing the use of the source IP to the workload PODs (in the case of 1-tier deployment) or to the in-cluster ingress controller (in the case of 2-tier deployments). The overall traffic flows in the platform would be as shown next: \n \n \n Using the feature is straight forward, it is noly required the namespaces for which we want the BIG-IP to be the gateway and the floating IP of the BIG-IPs facing the OpenShift cluster. An example is shown next: \n apiVersion: k8s.ovn.org/v1\nkind: AdminPolicyBasedExternalRoute\nmetadata:\nname: meg-policy-common\nspec:\nfrom:\n namespaceSelector:\n matchLabels:\n meg: common\nnextHops:\n static:\n - ip: \"10.1.20.100\" \n Where 10.1.20.100 represents the internal floating IP of the BIG-IP facing the OpenShift cluster. The labels can be freely chosen. More details in using this OpenShift feature can be found in this article. Please note that all the above applies for external (dmz or Internet connections). In the case of connections from the internal VLAN it is required to use SNAT. In any case, when using SNAT, it might be required to configure SNAT pools instead of using SNAT automap to avoid port exhaustion . The more likely virtual server to require SNAT pools is the one for the customer apps. It might be also convenient have separate SNAT pools depending of the origin of the client, or the listener VLAN used. These SNAT pools can be configured by means of using LTM policies. \n A sample SNAT configuration can be shown in the next figure. \n \n Conclusions \n F5 BIG-IP can be configured for control plane and applications load balancing of your OpenShift clusters. It allows fine grained access control, scalable SNAT or keeping original source IP amongst others. It also provides enhanced L7 features which allows additional security, TLS off-loading, TLS HSM support and traffic manipulation. Last but not least, F5 BIG-IP also has sophisticated features for health checking and handling failures to operate without any service disruption. \n We look forward to know your experience and feedback on this article. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"13889","kudosSumWeight":0,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtSmI2RHFw?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtVjRIVjNE?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtWVEzQUx0?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtNWhpazhN?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtYllLbVRC?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtVE4yYkc2?revision=27\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMjgzMjUtT25ZNEN5?revision=27\"}"}}],"totalCount":7,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:279858":{"__typename":"Conversation","id":"conversation:279858","topic":{"__typename":"TkbTopicMessage","uid":279858},"lastPostingActivityTime":"2025-07-06T02:01:08.915-07:00","solved":false},"User:user:216790":{"__typename":"User","uid":216790,"login":"Chase_Abbott","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0yMTY3OTAtTWtUZzVs?image-coordinates=508%2C89%2C1008%2C590"},"id":"user:216790"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yNzk4NTgtMzg5Nmk5RUNEREZDMjQzQjUyMzhG?revision=5\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yNzk4NTgtMzg5Nmk5RUNEREZDMjQzQjUyMzhG?revision=5","title":"0151T000003d6esQAA.jpg","associationType":"BODY","width":244,"height":319,"altText":"0151T000003d6esQAA.jpg"},"TkbTopicMessage:message:279858":{"__typename":"TkbTopicMessage","subject":"How to get a F5 BIG-IP VE Developer Lab License","conversation":{"__ref":"Conversation:conversation:279858"},"id":"message:279858","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/message:279858","revisionNum":5,"uid":279858,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:216790"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":89313},"postTime":"2015-11-11T23:00:00.000-08:00","lastPublishTime":"2025-03-13T09:39:58.948-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" (applies to BIG-IP TMOS Edition) \n To assist operational teams teams improve their development for the BIG-IP platform, F5 offers a low cost \n developer lab license. This license can be purchased from your authorized F5 vendor. If you do not have an F5 vendor, and you are in either Canada or the US you can purchase a lab license online: \n \n CDW BIG-IP Virtual Edition Lab License \n CDW Canada BIG-IP Virtual Edition Lab License \n \n Once completed, the order is sent to F5 for fulfillment and your license will be delivered shortly after via e-mail. F5 is investigating ways to improve this process. \n To download the BIG-IP Virtual Edition, log into my.f5.com (separate login from DevCentral), navigate down to the Downloads card under the Support Resources section of the page. Select BIG-IP from the product group family and then the current version of BIG-IP. \n You will be presented with a list of options, at the bottom, select the Virtual-Edition option that has the following descriptions: \n \n For VMware Fusion or Workstation or ESX/i: Image fileset for VMware ESX/i Server \n For Microsoft HyperV: Image fileset for Microsoft Hyper-V \n KVM RHEL/CentoOS: Image file set for KVM Red Hat Enterprise Linux/CentOS \n \n Note: There are also 1 Slot versions of the above images where a 2nd boot partition is not needed for in-place upgrades. These images include _1SLOT- to the image name instead of ALL. \n The below guides will help get you started with F5 BIG-IP Virtual Edition to develop for VMWare Fusion, AWS, Azure, VMware, or Microsoft Hyper-V. These guides follow standard practices for installing in production environments and performance recommendations change based on lower use/non-critical needs for development or lab environments. Similar to driving a tank, use your best judgement. \n \n Deploying F5 BIG-IP Virtual Edition on VMware Fusion \n Deploying F5 BIG-IP in Microsoft Azure for Developers \n Deploying F5 BIG-IP in AWS for Developers \n Deploying F5 BIG-IP in Windows Server Hyper-V for Developers \n Deploying F5 BIG-IP in VMware vCloud Director and ESX for Developers \n \n Note: F5 Support maintains authoritative Azure, AWS, Hyper-V, and ESX/vCloud installation documentation. VMware Fusion is not an official F5-supported hypervisor so DevCentral publishes the Fusion guide with the help of our Field Systems Engineering teams. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"2435","kudosSumWeight":14,"repliesCount":152,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yNzk4NTgtMzg5Nmk5RUNEREZDMjQzQjUyMzhG?revision=5\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:341872":{"__typename":"Conversation","id":"conversation:341872","topic":{"__typename":"TkbTopicMessage","uid":341872},"lastPostingActivityTime":"2025-07-02T05:00:00.040-07:00","solved":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItOTZna3da?revision=17\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItOTZna3da?revision=17","title":"Setup overview.png","associationType":"BODY","width":3840,"height":2160,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzIteHc1dXpq?revision=17\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzIteHc1dXpq?revision=17","title":"Traffic path overview.png","associationType":"BODY","width":3840,"height":2160,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItSFBMRlhz?revision=17\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItSFBMRlhz?revision=17","title":"Internal Endpoint.png","associationType":"BODY","width":1496,"height":1502,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItSndNMmw1?revision=17\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItSndNMmw1?revision=17","title":"DataConnection.png","associationType":"BODY","width":1344,"height":1584,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItMjB5NXlG?revision=17\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItMjB5NXlG?revision=17","title":"ServingRuntime.png","associationType":"BODY","width":1676,"height":1752,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItUVhubVpv?revision=17\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItUVhubVpv?revision=17","title":"InferenceService.png","associationType":"BODY","width":1250,"height":1480,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItSWVKVTNV?revision=17\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItSWVKVTNV?revision=17","title":"multi-cloud app connect.png","associationType":"BODY","width":1986,"height":1822,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItZmI3dHpu?revision=17\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItZmI3dHpu?revision=17","title":"HealthCheck.png","associationType":"BODY","width":1602,"height":1044,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItQVNnVGQ5?revision=17\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItQVNnVGQ5?revision=17","title":"Origin Pool.png","associationType":"BODY","width":2048,"height":2774,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItTXJDQVZH?revision=17\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItTXJDQVZH?revision=17","title":"Load Balancer.png","associationType":"BODY","width":1034,"height":1702,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItNmNud3o1?revision=17\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItNmNud3o1?revision=17","title":"Load balancer advertisement.png","associationType":"BODY","width":974,"height":756,"altText":""},"TkbTopicMessage:message:341872":{"__typename":"TkbTopicMessage","subject":"Advertise OpenShift AI inference servers from F5 Distributed Cloud","conversation":{"__ref":"Conversation:conversation:341872"},"id":"message:341872","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/message:341872","revisionNum":17,"uid":341872,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:303102"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":112},"postTime":"2025-07-02T05:00:00.040-07:00","lastPublishTime":"2025-07-02T05:00:00.040-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Introduction \n This article describes how Inference servers in OpenShift AI (KServe), hosted in public, private cloud or edge, can be anycast-advertised securely to the Internet using F5 Distributed Cloud (XC) deployed inside OpenShift clusters. \n Red Hat, and by extension OpenShift AI, provides enterprise-ready, mission-critical Open Source software. In this article, the AI model is hosted in OpenShift AI’s KServe single-model framework. For the creation of this article, OpenShift in AWS (aka ROSA) was used. It could have used OpenShift in any public or private cloud, edge deployment or a mix of these. Once the model is available for serving in OpenShift, XC can be used to advertise it globally. This can be done by just installing an in-cluster XC Customer Edge (CE) SMSv1 in OpenShift. This CE component transparently connects to the closest Regional Edges (RE) of F5 XC´s Global AnyCast Network, exposing the VIP of the AI inference server in all F5 XC´s PoPs (IP anycast), reducing latency to the customer, providing redundancy and application security including Layer 7 DDoS. \n The overall setup can be seen in the next figure. The only F5 component that has to be installed is the CE. The REs are pre-existing in the F5 Global Anycast Network, and are used automatically as access points for the CEs. Connectivity between the CEs and REs happens through TLS or IPsec tunnels, which are automatically set up at CE deployment time without any user intervention. \n \n The next sections will cover the following topics: \n \n Traffic path overview \n Setup of an inference service of generative AI model using KServe and VLLM. \n Setup of F5 XC CE in OpenShift using SMSv1. \n Create a global anycast VIP in XC exposing the created inference server. \n Securing the inference service. \n \n Traffic path overview \n \n The traffic flow is shown in the figure above, starting with the request towards the inference service: \n \n A request is sent to the inference service (e.g.: inference.demos.bd.f5.com). DNS resolves this to a F5 XC Anycast VIP address. Through Internet routing, the request reaches the VIP at the closest F5 XC Point Of Presence (PoP). \n F5 XC validates that the request is for an expected hostname and applies any security policy to the traffic. F5 XC load balances towards the CEs where there are origin pools for the applications. In this article, a single OpenShift as cluster is used, but several on different sites could have been used, all using the same VIP. The traffic is ultimately sent to the CE´s designated RE. \n Traffic reaches the CE inside the OpenShift cluster through a pre-established tunnel (TLS or IPsec). \n The CE has previously discovered which are the local origin servers through DNS service discovery within the OpenShift cluster. For this AI model, KServe deploys a Service Type: ExternalName named vllm-cpu.vllm.svc.cluster.local. This is the recommended way to access a KServe AI model from workloads that are not part of the mesh, like the CE component. The exact service name for the deployed model is reported in the OpenShift UI as shown in the next figure: The corresponding ExternalName for vllm-cpu.vllm.svc.cluster.local (effectively a DNS CNAME) is Istio´s kserve-local-gateway.istio-system.svc.cluster.local Gateway exposed by another Service as the name indicates. This is shown next: % oc -n vllm get svc vllm-cpu\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nvllm-cpu ExternalName <none> kserve-local-gateway.istio-system.svc.cluster.local <none> 4d1h \n \n \n \n The Customer Edge sends the traffic towards kserve-local-gateway´s Service clusterIP. This Service load-balances between the available Istio instances (in the next output, there is only one). \n % oc -n istio-system get svc,ep kserve-local-gateway\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nservice/kserve-local-gateway ClusterIP 172.30.6.250 <none> 443/TCP 5d6h\n\nNAME ENDPOINTS AGE\nendpoints/kserve-local-gateway 10.131.0.12:8445 5d6h \n \n The CNI sends the traffic to the selected Istio instance. \n \n \n Istio ultimately sends the request to the AI model PODs. \n \n \n The steps 6 and 7 have been simplified because within these steps, there are activators, autoscalers, and queuing components, which are transparent to F5 XC. These components are set automatically by KServe´s Knative infrastructure and would add unnecessary complexity to the above picture. If you are more interested in these steps, details can be found at this link. \n Setup of an inference service of generative AI model using KServe and VLLM. \n In order to instantiate an AI model in KServe, it is needed to create three resources: \n \n A Secret resource containing the storage (Data Connection) to be used. \n A ServingRuntime resource, which defines the mode, its image, and its parameters. The next resource uses it. In the OpenShift AI UI, these are created using Templates. \n An InferenceService resource that binds the previous resources and actually instantiates the AI model. It specifies the min and max replicas, the amount of memory for the replicas and the storage (data connection) to be used. \n \n The AI model used as example in this article uses custom configuration for a VLLM-CPU model (useful for PoC purposes). You can find another example of a VLLM CPU AI model in https://github.com/rh-ai-kickstart/vllm-cpu. The configuration is as follows: Example Data Connection for this example, using S3: \n \n The example ServingRuntime using a VLLM model for CPUs: \n \n The InferenceService (shown as Models and model servers in the UI) used in this example: \n \n Setup of F5 XC CE SMSv1 in OpenShift \n Please note that presently the CE SMSv2 for in cluster Kubernetes deployments is not available yet. To deploy CE SMSv1 as PODs in the OpenShift cluster, follow these instructions in F5 XC docs site. \n Creating a global anycast VIP in XC exposing the created inference server \n It will create the following objects in the given order: \n \n Create an HTTP/2 health check for the AI model. \n Create an Origin Pool for the AI model, attach to it the created health check. \n Create a VIP specifying Internet advertisement and attach the created Origin pool. \n \n These steps are described next in detail. \n Log in cloud.f5.com and go to \"Multi-Cloud App Connect\". All the configurations take place in this section of the UI. \n \n In Manage >> Load Balancers >> Health Checks, create a new HTTP/2 health check indicating a path that can be used to test the AI model, in this example this is \"/health\". The whole configuration is shown next: \n \n In Manage >> Load Balancers >> Origin Pools, create a new pool where the servers are discovered using \"DNS Name of Origin Server on given Sites\" for the DNS name vllm-cpu.vllm.svc.cluster.local (from the traffic flow overview section) in the Outside network (the only one the CE PODs actually have). Attach the previously created health check and set it to do not require TLS validation of the server. This latter is necessary due to internal Istio components using self-signed certificates by default. The configuration is shown next: \n \n \n \n In Manage >> Load Balancers >> HTTP Load Balancers, create a new Load Balance, specify the FQDN of the VIP and attach the the previously created Origin Pool. In this example, it is used as an HTTP load balancer. XC automatically creates the DNS hosting and certificates. \n \n At the very bottom of the HTTP Load Balancer creation screen, you can advertise the VIP on the Internet. \n \n \n Securing the inference service \n Once the inference service is exposed to the internet, it is exposing many APIs that we might not want to expose. Additionally, the service has to be secured from abuse and breaches. To address these, F5 XC offers the following features for AI: \n \n Automated API Discovery & Posture Management: \n \n Identify all inference endpoints automatically, eliminating hidden APIs. \n Enforce schemas based on observed traffic to ensure requests and responses follow expected patterns. \n Integrate “shift-left” security checks into CI/CD pipelines, catching misconfigurations before production. \n \n \n LLM-Aware Threat Detection & Request Validation: \n \n Detect attempts to manipulate prompts or break compliance rules, ensuring suspicious requests are blocked before reaching the model. \n \n \n Bot Mitigation & Adaptive Rate Controls: \n \n Differentiate between legitimate users and bots or scrapers, blocking automated attacks. \n Dynamically adjust rate limits and policies based on usage history and real-time conditions, maintaining performance and reliability. \n \n \n Sensitive Data Redaction & Compliance: \n \n Identify and mask PII or sensitive tokens in requests and responses. \n Adhere to data protection regulations and maintain detailed logs for auditing, monitoring, and compliance reporting. \n \n \n \n All these security features in the same XC console, where both application delivery and security dashboards are available centralized. These provide analytics to monitor real-time metrics—latency, error rates, compliance indicators—to continuously refine policies and adapt to emerging threats. \n It is recommended to check this article's \"F5 Distributed Cloud Capabilities in Action\" section to see how to implement these. \n Conclusion and final remarks \n F5 XC can use Red Hat OpenShift AI in AWS, or any other public or private cloud. This can help F5 XC easily share an AI model with the Internet and provide security, preventing breaches and abuse of these models. I hope this article has been an eye-opener for the possibilities of how F5 XC can easily and securely advertise AI models. This article shows how to advertise the AI model on the Internet. XC lets you advertise it in any private place just as easily. I would love to hear if you have any specific requirements not covered in this article. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"10105","kudosSumWeight":0,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItOTZna3da?revision=17\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzIteHc1dXpq?revision=17\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItSFBMRlhz?revision=17\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItSndNMmw1?revision=17\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItMjB5NXlG?revision=17\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItUVhubVpv?revision=17\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItSWVKVTNV?revision=17\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItZmI3dHpu?revision=17\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItQVNnVGQ5?revision=17\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItTXJDQVZH?revision=17\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDEx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE4NzItNmNud3o1?revision=17\"}"}}],"totalCount":11,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:341978":{"__typename":"Conversation","id":"conversation:341978","topic":{"__typename":"TkbTopicMessage","uid":341978},"lastPostingActivityTime":"2025-07-01T05:00:00.039-07:00","solved":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE5NzgtYThTSkpS?revision=6\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE5NzgtYThTSkpS?revision=6","title":"image.png","associationType":"BODY","width":2500,"height":1137,"altText":""},"TkbTopicMessage:message:341978":{"__typename":"TkbTopicMessage","subject":"Privileged Access in Action: Technical Controls for Real-World Environments","conversation":{"__ref":"Conversation:conversation:341978"},"id":"message:341978","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/message:341978","revisionNum":6,"uid":341978,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:195330"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":90},"postTime":"2025-07-01T05:00:00.039-07:00","lastPublishTime":"2025-07-01T05:00:00.039-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":"\n Introduction \n This article provides a technical walk-through demo to implement Privileged User Access (PUA) with BIG-IP APM. \n In modern IT environments, privileged user access refers to elevated permissions granted to administrators, engineers, and service accounts that manage critical infrastructure, applications, and data. These accounts can bypass standard security controls, modify configurations, provision resources, and access sensitive systems. This makes them a high-value target for attackers. \n From domain admins in Active Directory to root accounts on Linux servers and cloud (Identity Access Management) IAM roles, the scope of privileged access spans on-prem, hybrid, and cloud-native stacks. As environments scale and become more dynamic, especially with DevOps and automation, controlling and auditing privileged access is no longer optional. It’s a foundational requirement for operational integrity, threat detection, and zero trust security. \n \n Listing some of the common use cases for PUA, \n \n Use Case Description Risk if Unsecured PUA Control Measures 1. Hybrid Infrastructure Management Admins manage Linux/Windows servers across on-prem and cloud (AWS, Azure, GCP) using root or admin access. Lateral movement, persistence, full system compromise. Just-in-time access, session recording, MFA, IP restrictions. 2. Database Administration DBAs access production databases for tuning, backups, or incident response. Data exfiltration, insider threats, compliance violations (e.g., GDPR, PCI-DSS). Role-based access, query auditing, access approval workflows, credential vaulting. 3. CI/CD Pipeline Secrets Access DevOps pipelines use privileged credentials to deploy apps, access build environments, and manage cloud resources. Secrets leakage, automated misuse, supply chain attacks. Secrets management tools (e.g., HashiCorp Vault), scoped tokens, access expiration, auditing. 4. Cloud IAM Role Escalation Cloud engineers assume elevated IAM roles (e.g., AWS Admin, Azure Owner) to provision infrastructure and configure services. Privilege escalation, unauthorized changes, excessive entitlements. Attribute-based access control (ABAC), IAM role scoping, just-in-time elevation, CloudTrail monitoring. 5. Third-Party Vendor Access External support teams or vendors are given privileged access to troubleshoot or maintain systems temporarily. External compromise, unmanaged persistence, lack of accountability. Time-limited access, gateway proxies (e.g., bastion hosts), approval-based workflows, full session logging. \n \n BIG-IP APM & PUA \n BIG-IP APM provides Privileged User Access so that you can add CAC authentication (Common Access Card), Personal Identity Verification (PIV), or other strong authentication method to network infrastructure for enhanced security. \n This solution integrates directly into DoD PKI systems and works cooperatively with existing RADIUS, TACACS, Active Directory, and a variety of third-party authentication databases. \n Deployment of Privileged User Access requires a license and involves the configuration of these components: \n \n Ephemeral Authentication \n ServerWebSSH \n ProxyAuthentication Server (for RADIUS and/or LDAP or LDAPS) \n \n What is Ephemeral Authentication? \n The Privileged User Access license lets you create an Ephemeral Authentication server that generates and manages temporary or ephemeral passwords. \n BIG-IP APM acts as the Ephemeral Authentication server. It ensures a secure end-to-end encrypted connection while eliminating the possibility of credential reuse. The Ephemeral Authentication server includes the access profile/policy that authenticates the end user and contains the webtop resources for ephemeral authentication (so the server also acts as a webtop proxy). \n Going through the traffic flow steps below, \n \n \n User logs into the APM virtual server using a Smartcard or other credential. (The APM virtual server is the one that acts as the Ephemeral Authentication server on which the APM access profile/policy is configured.) \n The APM access policy checks provided credentials and retrieves AD/LDAP group membership information and returns a webtop showing backend resources. \n When the user clicks on a resource, APM generates an ephemeral password, and saves the username and password. \n Using SSO, APM signs the user on to the WebSSH virtual server with their ephemeral authentication credentials. At this point, portal access can be used instead. \n WebSSH makes an SSH connection (or HTTPS) to the router/server still using the ephemeral authentication credentials. \n The router sends an authentication request to the RADIUS or LDAP virtual server. \n The RADIUS or LDAP virtual server verifies the ephemeral password. \n The RADIUS or LDAP virtual server returns a Successful or Failure response. \n The SSH (or HTTPS) session is established or denied. \n \n For technical implementation, please review our demo here and go through our technical documentation \n Securing Privileged User Access Concepts \n \n Related Content \n \n Privileged User Access \n BIG-IP Access Policy Manager: Privileged User Access \n BIG-IP APM and PUA licenses \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"5279","kudosSumWeight":0,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDE5NzgtYThTSkpS?revision=6\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[{"__typename":"VideoEdge","cursor":"MHxodHRwczovL3d3dy55b3V0dWJlLmNvbS93YXRjaD92PWFod2k1a3BzNUQ4LzE3NTExNTEyMjg2MjB8MHwyNTsyNXx8","node":{"__typename":"AssociatedVideo","videoTag":{"__typename":"VideoTag","vid":"https://www.youtube.com/watch?v=ahwi5kps5D8/1751151228620","thumbnail":"https://i.ytimg.com/vi/ahwi5kps5D8/hqdefault.jpg","uploading":false,"height":240,"width":320,"title":null},"videoAssociationType":"INLINE_BODY"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"CachedAsset:text:en_US-components/community/Navbar-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1753121700638","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","migrated-link-9":"Groups","migrated-link-7":"Technical Articles","migrated-link-8":"DevCentral News","migrated-link-1":"Technical Forum","migrated-link-10":"Community Groups","migrated-link-2":"Water Cooler","migrated-link-11":"F5 Groups","Common-external-link":"How Do I...?","migrated-link-0":"Forums","article-series":"Article Series","migrated-link-5":"Community Articles","migrated-link-6":"Articles","security-insights":"Security Insights","migrated-link-3":"CrowdSRC","migrated-link-4":"CodeShare","migrated-link-12":"Events","migrated-link-13":"Suggestions"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1753121700638","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1753121700638","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1753121700638","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1753121700638","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1753121700638","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagSubscriptionAction-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagSubscriptionAction-1753121700638","value":{"success.follow.title":"Following Tag","success.unfollow.title":"Unfollowed Tag","success.follow.message.followAcrossCommunity":"You will be notified when this tag is used anywhere across the community","success.unfollowtag.message":"You will no longer be notified when this tag is used anywhere in this place","success.unfollowtagAcrossCommunity.message":"You will no longer be notified when this tag is used anywhere across the community","unexpected.error.title":"Error - Action Failed","unexpected.error.message":"An unidentified problem occurred during the action you took. Please try again later.","buttonTitle":"{isSubscribed, select, true {Unfollow} false {Follow} other{}}","unfollow":"Unfollow"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1753121700638","value":{"title":"Query Handler"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1753121700638","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListTabs-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListTabs-1753121700638","value":{"mostKudoed":"{value, select, IDEA {Most Votes} other {Most Likes}}","mostReplies":"Most Replies","mostViewed":"Most Viewed","newest":"{value, select, IDEA {Newest Ideas} OCCASION {Newest Events} other {Newest Topics}}","newestOccasions":"Newest Events","mostRecent":"Most Recent","noReplies":"No Replies Yet","noSolutions":"No Solutions Yet","solutions":"Solutions","mostRecentUserContent":"Most Recent","trending":"Trending","draft":"Drafts","spam":"Spam","abuse":"Abuse","moderation":"Moderation","tags":"Tags","PAST":"Past","UPCOMING":"Upcoming","sortBymostRecent":"Sort By Most Recent","sortBymostRecentUserContent":"Sort By Most Recent","sortBymostKudoed":"Sort By Most Likes","sortBymostReplies":"Sort By Most Replies","sortBymostViewed":"Sort By Most Viewed","sortBynewest":"Sort By Newest Topics","sortBynewestOccasions":"Sort By Newest Events","otherTabs":" Messages list in the {tab} for {conversationStyle}","guides":"Guides","archives":"Archives"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewInline-1753121700638","value":{"bylineAuthor":"{bylineAuthor}","bylineBoard":"{bylineBoard}","anonymous":"Anonymous","place":"Place {bylineBoard}","gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Pager/PagerLoadMore-1753121700638","value":{"loadMore":"Show More"},"localOverride":false},"CachedAsset:text:en_US-components/customComponent/CustomComponent-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/customComponent/CustomComponent-1753121700638","value":{"errorMessage":"Error rendering component id: {customComponentId}","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/OverflowNav-1753121700638","value":{"toggleText":"More"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1753121700638","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1753121700638","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1753121700638","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1753121700638","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1753121700638","value":{"contentType":"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge Base} IDEA {Ideas} OCCASION {Events} other {}} icon"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageUnreadCount-1753121700638","value":{"unread":"{count} unread","comments":"{count, plural, one { unread comment} other{ unread comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageViewCount-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageViewCount-1753121700638","value":{"textTitle":"{count, plural,one {View} other{Views}}","views":"{count, plural, one{View} other{Views}}"},"localOverride":false},"CachedAsset:text:en_US-components/kudos/KudosCount-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/kudos/KudosCount-1753121700638","value":{"textTitle":"{count, plural,one {{messageType, select, IDEA{Vote} other{Like}}} other{{messageType, select, IDEA{Votes} other{Likes}}}}","likes":"{count, plural, one{like} other{likes}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRepliesCount-1753121700638","value":{"textTitle":"{count, plural,one {{conversationStyle, select, IDEA{Comment} OCCASION{Comment} other{Reply}}} other{{conversationStyle, select, IDEA{Comments} OCCASION{Comments} other{Replies}}}}","comments":"{count, plural, one{Comment} other{Comments}}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1753121700638":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1753121700638","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false}}}},"page":"/tags/TagPage/TagPage","query":{"nodeId":"board:TechnicalArticles","tagName":"devops"},"buildId":"3XH0qYWYCnEYycuN5W4S8","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","surveysEnabled":true,"openTelemetry":{"clientEnabled":false,"configName":"f5","serviceVersion":"25.4.0","universe":"prod","collector":"http://localhost:4318","logLevel":"error","routeChangeAllowedTime":"5000","headers":"","enableDiagnostic":"false","maxAttributeValueLength":"4095"},"apolloDevToolsEnabled":false,"quiltLazyLoadThreshold":"3"},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["components_customComponent_CustomComponent","components_community_Navbar_NavbarWidget","components_community_Breadcrumb_BreadcrumbWidget","components_tags_TagsHeaderWidget","components_messages_MessageListForNodeByRecentActivityWidget","components_tags_TagSubscriptionAction","components_customComponent_CustomComponentContent_TemplateContent","shared_client_components_common_List_ListGroup","components_messages_MessageView","components_messages_MessageView_MessageViewInline","shared_client_components_common_Pager_PagerLoadMore","components_customComponent_CustomComponentContent_HtmlContent","components_customComponent_CustomComponentContent_CustomComponentScripts"],"appGip":true,"scriptLoader":[]}