Before you create inline services,
complete the sections in the General Properties tab.
Inline services pass traffic through
one or more service devices at Layer 2 or Layer 3. You use inline services in service
chains, where each service device communicates with the BIG-IP
®
device, on the ingress side and over two VLANs. These VLANs route traffic toward the
intranet and Internet, respectively.
Layer 3 inline services requires you to provide
the IP address of the service devices from the present choices in the SSL Orchestrator™ configuration. If you are using Layer 3 inline
services, this configuration sends and receives information from the services using
a pre-defined set of addresses.
-
On the Main tab, click , and then click the Inline Services
tab.
A screen opens showing the network diagram and the Inline Services
settings.
-
For the What is the IPv4 (CIDR/19) subnet-block base
address? field, type in the address block.
For IPv4, F5 recommends the default block
198.19.0.0/19
to minimize the likelihood of address collisions.
Note: When using Layer 3 inline
services, you must address your systems to match the required ranges. Even
though you can change the base address of each address block (IPv4) from
which subnets and addresses are assigned, changing an address block has
several implications, must be done with caution, and is not recommended or
supported by F5.
-
Click Add.
-
In the Name field, type a name for your configuration.
Use a short, unique name for this service. This name can contain 1 -15
alphanumeric or underscore characters, but must start with a letter. Letters are
not case-sensitive.
-
From the Service Type list, select Layer
2 or Layer 3.
-
In the Interfaces area, select the BIG-IP® system interface and VLAN tag for each VLAN pair.
Each Inward VLAN must be connected to the same Layer 2 virtual network from
every device in the Sync-Failover Device Group, and each Outward VLAN likewise,
but to a distinct Layer 2 virtual network.
If you choose to use the Ratio field, the BIG-IP® system distributes connections among pool members
in a static rotation according to ratio weights that you define. In this case,
the number of connections that each system receives over time is proportionate
to the ratio weight you defined for each pool member or node. This number must
be between 1-100.
For example, if you have five devices and you assign a ratio of
1 to the first three devices, and a ratio of
2 to the fourth device, and a ratio of
3 to the fifth device; the first three devices with a
ratio of 1 each receive 1/8 of the traffic. The fourth device receives 1/4 of
the traffic, and the fifth device receives 3/8 of the traffic.
-
Under Available Devices, from the IP Address field,
select the IP address pairs of the Layer 3 devices.
-
From the Translate Port for HTTP Traffic list, select
one of the options.
- Use
No if the connections should use their
original destination ports.
- Use Yes to
Port 80 to send all HTTP traffic through port 80.
- Use Yes to
Port 8080 to send all HTTP traffic through port
8080.
- Use Yes to
Port 8443 to send all HTTP traffic through port
8443.
-
From the Connection Handling On Outage list, select one
of the following:
- Use Skip
Service to allow connections to skip the service you are
configuring if all the devices in the service are unavailable.
- Use Reject
Connection for the system to reject every connection
reaching the service when the service is down.
-
Click Finished.
-
Click Save.
Note:
Layer 3 devices need to follow a specific fixed addressing scheme. For
each of the 10 possible layer 3 inline services, you need to use the
following configuration (with x being 0-9
representing the inline service):
Inward interface:
- Address:
198.19.x.61 through
68 (for each of the load balanced
Layer 3 devices)
- Netmask:
255.255.255.128
Outward Interface:
- Address:
198.19.x.161 through
168 (for each of the load balanced
Layer 3 devices)
- Netmask:
255.255.255.128
Routes:
- Default Gateway:
198.19.x.245
- Gateway to
internal networks: 198.19.x.10 (unless
SNAT is used)
While the base address can be changed if needed, F5 recommends leaving it
set to the default: 198.19.0.0.
You have now configured an inline
service for SSL Orchestrator.
After creating more than one service, you can now create a service chain.