F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IP LTM
  4. BIG-IP Local Traffic Manager: Implementations
  5. Configuring an Explicit HTTP Proxy Chain
Manual Chapter : Configuring an Explicit HTTP Proxy Chain

Applies To:

Show Versions Show Versions
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

Configuring an Explicit HTTP Proxy Chain

Overview: Configuring an explicit HTTP proxy chain

An explicit HTTP proxy chain configuration enables you to load balance traffic from a BIG-IP® device through a pool of proxy devices. When establishing an explicit HTTP proxy chain, the BIG-IP explicit proxy device sends an HTTP request to a remote proxy device, which connects to the requested host and port. Once the connection succeeds between the BIG-IP explicit proxy device and the remote proxy device, a tunnel is opened between the BIG-IP explicit proxy device and the remote proxy device, which allows other protocols to pass unimpeded through the tunnel.

The following illustration depicts a typical explicit HTTP proxy chain configuration.

A typical explicit HTTP proxy chain configuration

About HTTP Proxy Connect profiles

The HTTP Proxy Connect profile enables a BIG-IP device to connect to a remote, down-stream proxy device. A client connects to the BIG-IP device, which selects a remote proxy device from a pool of proxy devices. An HTTP CONNECT handshake tells the selected remote proxy device where to connect. When the connection is established, it becomes an opaque tunnel. Any protocol can use the tunnel between the BIG-IP device and the remote proxy.

When an HTTP profile is assigned to the virtual server, the HTTP CONNECT handshake is automatically configured. If an HTTP profile not assigned to the virtual server, for example, when you have opaque SSL traffic, you can use HTTP::proxy chain iRule commands to configure the destination to which the remote proxy device routes traffic.

Creating a custom HTTP Proxy Connect profile

You can create a custom HTTP Proxy Connect profile and assign it to a virtual server to load balance HTTP traffic through a pool of proxy devices.
  1. On the Main tab, click Local Traffic > Profiles > Other > HTTP Proxy Connect .
    The HTTP Proxy Connect profile list screen opens.
  2. Click Create.
    The New HTTP Proxy Connect Profile screen opens.
  3. In the Name field, type a unique name for the profile.
  4. From the Parent Profile list, retain the default value or select another existing profile of the same type.
  5. Select the Custom check box.
  6. Select the Default State check box.
  7. Click Finished.
The custom HTTP Proxy Connect profile is available to assign to a virtual server.

Creating a load balancing pool

Ensure that at least one virtual server exists in the configuration before you start to create a load balancing pool.
Create a pool of systems with Access Policy Manager to which the system can load balance global traffic.
  1. On the Main tab, click DNS > GSLB > Pools .
    The Pool List screen opens.
  2. Click Create.
    The New Pool screen opens.
  3. In the General Properties area, in the Name field, type a name for the pool.
    Names must begin with a letter, and can contain only letters, numbers, and the underscore (_) character.
    Important: The pool name is limited to 63 characters.
  4. From the Type list, depending on the type of the system (IPv4 or IPv6), select either an A or AAAA pool type.
  5. In the Configuration area, for the Health Monitors setting, in the Available list, select a monitor type, and move the monitor to the Selected list.
    Tip: Hold the Shift or Ctrl key to select more than one monitor at a time.
  6. In the Members area, for the Load Balancing Method settings, select a method that uses virtual server score:
    • VS Score - If you select this method, load balancing decisions are based on the virtual server score only.
    • Quality of Service - If you select this method, you must configure weights for up to nine measures of service, including VS Score. Virtual server score then factors into the load balancing decision at the weight you specify.
  7. For the Member List setting, add virtual servers as members of this load balancing pool.
    The system evaluates the virtual servers (pool members) in the order in which they are listed. A virtual server can belong to more than one pool.
    1. Select a virtual server from the Virtual Server list.
    2. Click Add.
  8. Click Finished.

Creating a virtual server for explicit HTTP proxy connection

You can create a virtual server to load balance HTTP traffic through a pool of remote proxy devices.
  1. On the Main tab, click Local Traffic > Virtual Servers .
    The Virtual Server List screen opens.
  2. Click the Create button.
    The New Virtual Server screen opens.
  3. In the Name field, type a unique name for the virtual server.
  4. In the Destination Address field, type the IP address in CIDR format.
    The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is 10.0.0.1 or 10.0.0.0/24, and an IPv6 address/prefix is ffe1::0020/64 or 2001:ed8:77b5:2:10:10:100:42/64. When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a /32 prefix.
    Note: The IP address you type must be available and not in the loopback network.
  5. In the Service Port field:
    • If you want to specify a single service port or all ports, confirm that the Port button is selected, and type or select a service port.
    • If you want to specify multiple ports other than all ports, select the Port List button, and confirm that the port list that you previously created appears in the box.
  6. From the HTTP Proxy Connect Profile list, select a profile.
  7. In the Resources area of the screen, from the Default Pool list, select the relevant pool name.
A virtual server is available to load balance HTTP traffic through a pool of remote proxy devices
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information