This repo links two networks together in an approximation of Dedicated Interconnect, demonstrating how to use custom routes between VPCs to force use of multiple BIG-IP instances as next-hop gateways.
- Client instance
- NGINX reverse-proxy configured to send all requests to backend instances in
172.17.0.0/16network - Public IP, with FW rules to allow ingress from public internet
- NGINX reverse-proxy configured to send all requests to backend instances in
- Service instances
- NGINX hosting a static web page
- No public IP, egress through
controlnetwork only
- BIG-IP instances
- 3-NIC configuration, with interfaces in
dmz,control, andservice - Virtual Server defined on VIP(s) with Service instances as pool members
- Forwarding rule defined on external interface (
dmz)
- 3-NIC configuration, with interfaces in
clientanddmznetworks are connected via VPC Peering, with custom routes advertised- client is advertising
172.16.0.0/16to dmz - dmz is advertising
172.18.0.0/16to client - dmz is advertising custom route
172.17.0.0/16with next-hop as BIG-IP VMs
- client is advertising
-
Create the networking foundations See foundations module for example setup
-
Create/modify the Terraform environment files with required inputs
-
Execute Terraform to create the BIG-IP instance and Route
NOTE: due to weak module dependencies, you may need to invoke this step as multiple operations so that the reserved internal IP addresses are created before the dependent resources.
terraform init -backend-config env/ENV/poc.config terraform apply -var-file env/ENV/poc.tfvars -auto-approve -target google_compute_address.bigip terraform apply -var-file env/ENV/poc.tfvars -auto-approve
If an error is reported that 'There is a route operation in progress on the local or peer network' repeat the last
terraform applyto complete setup.terraform apply -var-file env/ENV/poc.tfvars -auto-approve
- Open a browser to the public IP address of a
clientVM. The page will show the name of the backendserviceinstance, and the internal IP address of whichever BIG-IP instance processed the request. - Refresh the page until you see a different BIG-IP address, prooving that GCP is distributing requests to all BIG-IPs.
-
Destroy resources via Terraform
terraform destroy -var-file env/ENV/poc.tfvars -auto-approve
-
Clean up foundational resource if necessary
| Name | Version |
|---|---|
| terraform | ~> 0.12 |
| ~> 3.34 | |
| ~> 3.34 |
| Name | Version |
|---|---|
| ~> 3.34 ~> 3.34 | |
| google.executor | ~> 3.34 ~> 3.34 |
| random | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| bigip_image | The BIG-IP image to use; default is a v15.1.0.4 PAYG licensed GOOD/25MBps image. | string |
"projects/f5-7626-networks-public/global/images/f5-bigip-15-1-0-4-0-0-6-payg-good-25mbps-200618231522" |
no |
| bigip_sa | The fully-qualified email address of BIG-IP service account. | string |
n/a | yes |
| client_sa | The fully-qualified email address of client VMs service account. | string |
n/a | yes |
| client_subnet | A self-link for the client subnet that will host client VMs that will communicate with service VMs through BIG-IP as an advertised next-hop. |
string |
n/a | yes |
| control_subnet | A self-link for the control subnet that will host BIG-IP, client, and service management interfaces. |
string |
n/a | yes |
| dmz_subnet | A self-link for the DMZ subnet that will host BIG-IP external interface. | string |
n/a | yes |
| nonce | A nonce to uniquely identify the resources created. | string |
"cloud-route-poc" |
no |
| num_bigips | The number of BIG-IP instances to create. Default is 2. | number |
2 |
no |
| num_clients | The number of client instances to create. Default is 1. | number |
1 |
no |
| num_services | The number of service instances to create. Default is 2. | number |
2 |
no |
| project_id | The existing project id that will host the resources. E.g. project_id = "example-project-id" |
string |
n/a | yes |
| service_sa | The fully-qualified email address of service VMs service account. | string |
n/a | yes |
| service_subnet | A self-link for the service subnet that will host BIG-IP internal interface, and service VMs. |
string |
n/a | yes |
| tf_sa_email | The fully-qualified email address of the Terraform service account to use for resource creation. E.g. tf_sa_email = "terraform@PROJECT_ID.iam.gserviceaccount.com" |
string |
n/a | yes |
| tf_sa_token_lifetime_secs | The expiration duration for the service account token, in seconds. This value should be high enough to prevent token timeout issues during resource creation, but short enough that the token is useless replayed later. Default value is 1200. |
number |
1200 |
no |
| zone | The zone to use for BIG-IP and other resources. Default is 'us-central1-f'. | string |
"us-central1-f" |
no |
| Name | Description |
|---|---|
| bigip_control_plane_ips | The collective set of IP addresses that are assigned to BIG-IP instances attached to the control-plane subnet. |
| client_public_ips | The public IP addresses for the client instances. |