Manual Chapter : Configuring an Explicit HTTP Proxy Chain

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP Link Controller

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP Analytics

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP LTM

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP AFM

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP PEM

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP DNS

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP ASM

  • 17.1.1, 17.1.0, 17.0.0
Manual Chapter

Configuring an Explicit HTTP Proxy Chain

Overview: Configuring an explicit HTTP proxy chain

An explicit HTTP proxy chain configuration enables you to load balance traffic from a BIG-IP device through a pool of proxy devices. When establishing an explicit HTTP proxy chain, the BIG-IP explicit proxy device sends an HTTP request to a remote proxy device, which connects to the requested host and port. Once the connection succeeds between the BIG-IP explicit proxy device and the remote proxy device, a tunnel is opened between the BIG-IP explicit proxy device and the remote proxy device, which allows other protocols to pass unimpeded through the tunnel.
The following illustration depicts a typical explicit HTTP proxy chain configuration.
A typical explicit HTTP proxy chain configuration

About HTTP Proxy Connect profiles

The HTTP Proxy Connect profile enables a BIG-IP device to connect to a remote, down-stream proxy device. A client connects to the BIG-IP device, which selects a remote proxy device from a pool of proxy devices. An HTTP CONNECT handshake tells the selected remote proxy device where to connect. When the connection is established, it becomes an opaque tunnel. Any protocol can use the tunnel between the BIG-IP device and the remote proxy.
When an HTTP profile is assigned to the virtual server, the HTTP CONNECT handshake is automatically configured. If an HTTP profile not assigned to the virtual server, for example, when you have opaque SSL traffic, you can use
HTTP::proxy chain
iRule commands to configure the destination to which the remote proxy device routes traffic.

Creating a custom HTTP Proxy Connect profile

You can create a custom HTTP Proxy Connect profile and assign it to a virtual server to load balance HTTP traffic through a pool of proxy devices.
  1. On the Main tab, click
    Local Traffic
    Profiles
    Other
    HTTP Proxy Connect
    .
    The
    HTTP Proxy Connect
    profile list screen opens.
  2. Click
    Create
    .
    The New HTTP Proxy Connect Profile screen opens.
  3. In the
    Name
    field, type a unique name for the profile.
  4. From the
    Parent Profile
    list, retain the default value or select another existing profile of the same type.
  5. Select the
    Custom
    check box.
  6. Select the
    Default State
    check box.
  7. Click
    Finished
    .
The custom HTTP Proxy Connect profile is available to assign to a virtual server.

Creating a load balancing pool

Ensure that at least one virtual server exists in the configuration before you start to create a load balancing pool.
Create a pool of systems with Access Policy Manager to which the system can load balance global traffic.
  1. On the Main tab, click
    DNS
    GSLB
    Pools
    .
    The Pool List screen opens.
  2. Click
    Create
    .
    The New Pool screen opens.
  3. In the General Properties area, in the
    Name
    field, type a name for the pool.
    Names must begin with a letter, and can contain only letters, numbers, and the underscore (_) character.
    The pool name is limited to 63 characters.
  4. From the
    Type
    list, depending on the type of the system (IPv4 or IPv6), select either an
    A
    or
    AAAA
    pool type.
  5. In the Configuration area, for the
    Health Monitors
    setting, in the
    Available
    list, select a monitor type, and move the monitor to the
    Selected
    list.
    Hold the Shift or Ctrl key to select more than one monitor at a time.
  6. In the Members area, for the
    Load Balancing Method
    settings, select a method that uses virtual server score:
    • VS Score - If you select this method, load balancing decisions are based on the virtual server score only.
    • Quality of Service - If you select this method, you must configure weights for up to nine measures of service, including
      VS Score
      . Virtual server score then factors into the load balancing decision at the weight you specify.
  7. For the
    Member List
    setting, add virtual servers as members of this load balancing pool.
    The system evaluates the virtual servers (pool members) in the order in which they are listed. A virtual server can belong to more than one pool.
    1. Select a virtual server from the
      Virtual Server
      list.
    2. Click
      Add
      .
  8. Click
    Finished
    .

Creating a virtual server for explicit HTTP proxy connection

You can create a virtual server to load balance HTTP traffic through a pool of remote proxy devices.
  1. On the Main tab, click
    Local Traffic
    Virtual Servers
    .
    The Virtual Server List screen opens.
  2. Click
    Create
    .
    The New Virtual Server screen opens.
  3. In the
    Name
    field, type a unique name for the virtual server.
  4. For the
    Destination Address/Mask
    setting, confirm that the
    Host
    button is selected, and type the IP address in CIDR format.
    The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is
    10.0.0.1
    or
    10.0.0.0/24
    , and an IPv6 address/prefix is
    ffe1::0020/64
    or
    2001:ed8:77b5:2:10:10:100:42/64
    . When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a
    /32
    prefix.
    The IP address you type must be available and not in the loopback network.
  5. In the
    Service Port
    field:
    • If you want to specify a single service port or all ports, confirm that the
      Port
      button is selected, and type or select a service port.
    • If you want to specify multiple ports other than all ports, select the
      Port List
      button, and confirm that the port list that you previously created appears in the box.
  6. From the
    HTTP Proxy Connect Profile
    list, select a profile.
  7. In the Resources area of the screen, from the
    Default Pool
    list, select the relevant pool name.
A virtual server is available to load balance HTTP traffic through a pool of remote proxy devices