Manual Chapter : Configuring an Explicit HTTP Proxy Chain

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0

BIG-IP APM

  • 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0

BIG-IP Link Controller

  • 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0

BIG-IP Analytics

  • 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0

BIG-IP LTM

  • 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0

BIG-IP AFM

  • 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0

BIG-IP PEM

  • 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0

BIG-IP DNS

  • 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0

BIG-IP ASM

  • 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Manual Chapter

Overview: Configuring an explicit HTTP proxy chain

An explicit HTTP proxy chain configuration enables you to load balance traffic from a BIG-IP® device through a pool of proxy devices. When establishing an explicit HTTP proxy chain, the BIG-IP explicit proxy device sends an HTTP request to a remote proxy device, which connects to the requested host and port. Once the connection succeeds between the BIG-IP explicit proxy device and the remote proxy device, a tunnel is opened between the BIG-IP explicit proxy device and the remote proxy device, which allows other protocols to pass unimpeded through the tunnel.

The following illustration depicts a typical explicit HTTP proxy chain configuration.

A typical explicit HTTP proxy chain configuration

About HTTP Proxy Connect profiles

The HTTP Proxy Connect profile enables a BIG-IP® device to connect to a remote, down-stream proxy device. A client connects to the BIG-IP device, which selects a remote proxy device from a pool of proxy devices. An HTTP CONNECT handshake tells the selected remote proxy device where to connect. When the connection is established, it becomes an opaque tunnel. Any protocol can use the tunnel between the BIG-IP device and the remote proxy.

When an HTTP profile is assigned to the virtual server, the HTTP CONNECT handshake is automatically configured. If an HTTP profile not assigned to the virtual server, for example, when you have opaque SSL traffic, you can use HTTP::proxy chain iRule commands to configure the destination to which the remote proxy device routes traffic.

Task Summary

Complete these tasks to configure an explicit HTTP proxy chain configuration.

Creating a custom HTTP Proxy Connect profile

You can create a custom HTTP Proxy Connect profile and assign it to a virtual server to load balance HTTP traffic through a pool of proxy devices.
  1. On the Main tab, click Local Traffic > Profiles > Other > HTTP Proxy Connect .
    The HTTP Proxy Connect profile list screen opens.
  2. Click Create.
    The New HTTP Proxy Connect Profile screen opens.
  3. In the Name field, type a unique name for the profile.
  4. From the Parent Profile list, retain the default value or select another existing profile of the same type.
  5. Select the Custom check box.
  6. Select the Default State check box.
  7. Click Finished.
The custom HTTP Proxy Connect profile is available to assign to a virtual server.

Creating a load balancing pool

You can create a load balancing pool (a logical set of proxy devices that you group together to receive and process traffic) to efficiently distribute the load on your resources.
Note: You must create the pool before you create the corresponding virtual server.
  1. On the Main tab, click Local Traffic > Pools .
    The Pool List screen opens.
  2. Click Create.
    The New Pool screen opens.
  3. In the Name field, type a unique name for the pool.
  4. For the Health Monitors setting, in the Available list, select a monitor type, and click << to move the monitor to the Active list.
    Tip: Hold the Shift or Ctrl key to select more than one monitor at a time.
  5. From the Load Balancing Method list, select how the system distributes traffic to members of this pool.
    The default is Round Robin.
  6. For the Priority Group Activation setting, specify how to handle priority groups:
    • Select Disabled to disable priority groups. This is the default option.
    • Select Less than, and in the Available Members field type the minimum number of members that must remain available in each priority group in order for traffic to remain confined to that group.
  7. Using the New Members setting, add each resource that you want to include in the pool:
    1. (Optional) In the Node Name field, type a name for the node portion of the pool member.
    2. In the Address field, type an IP address.
    3. In the Service Port field, type a port number, or select a service name from the list.
    4. (Optional) In the Priority field, type a priority number.
    5. Click Add.
  8. Click Finished.
The load balancing pool appears in the Pools list.

Creating a virtual server for explicit HTTP proxy connection

You can create a virtual server to load balance HTTP traffic through a pool of remote proxy devices.
  1. On the Main tab, click Local Traffic > Virtual Servers .
    The Virtual Server List screen opens.
  2. Click the Create button.
    The New Virtual Server screen opens.
  3. In the Name field, type a unique name for the virtual server.
  4. In the Destination Address field, type the IP address in CIDR format.
    The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is 10.0.0.1 or 10.0.0.0/24, and an IPv6 address/prefix is ffe1::0020/64 or 2001:ed8:77b5:2:10:10:100:42/64. When you use an IPv4 address without specifying a prefix, the BIG-IP® system automatically uses a /32 prefix.
    Note: The IP address you type must be available and not in the loopback network.
  5. In the Service Port field, type a port number or select a service name from the Service Port list.
  6. From the HTTP Proxy Connect Profile list, select a profile.
  7. In the Resources area of the screen, from the Default Pool list, select the relevant pool name.
A virtual server is available to load balance HTTP traffic through a pool of remote proxy devices