Forum Discussion

Sokol_69126's avatar
Sokol_69126
Icon for Nimbostratus rankNimbostratus
Jul 11, 2018

Two load balancers in a row. How to manage certs

I have a top level F5 receiving traffic and sending to pools with two nodes in each pool. One node is the VIP on a next level F5 (a side) and the other node is a VIP on a different F5 (b side).

 

How do i set up the certs on something like this? -Pass through on the top level f5 and offload certs on the lower level? -Offload cert and use the clientssl cert to speak to the next f5? -Offload and re-encrypt with the same cert on both sides of the first f5?

 

BIG-IP
devops

2 Replies

Sort By
  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Jul 11, 2018

    Hi,

     

    Depending what's you want to implement. If you don't use ASM or APM you can set up this configuration:

     

    FRONT REVERSE PROXY: L4 with source address persistence

     

    BACK Reverse proxy (Side A): ssl interception (cookie persistence if you have multiple node)

     

    BACK Reverse proxy (Side B): ssl interception (cookie persistence if you have multiple node)

     

    Important point: if you have Hardware device in FRONT REVERSE PROXY and VE in BACK REVERSE PROXY. It's better to set ssl interception in in hardware device for performance reason.

     

    For information ssl interception means that you have to set client and server ssl profile.

     

    Regards

     

  • Andy_McGrath's avatar
    Andy_McGrath
    Icon for Cumulonimbus rankCumulonimbus
    Jul 11, 2018

    What are your security requirements?

     

    Do you need the traffic encrypted after the first level F5's?

     

    Do you need to do any layer 7 processing, like select a pool or pool member based on part the of the HTTP request or insert a cookie for persistence?