Follow

INITIAL Configuration: New DDoS Proxy for TCP / UDP / DNS Cache Service Type

Description

Environment

  • Silverline DDoS
  • Proxy/Proxies
    • TCP, UDP, and/or DNS Service Type

Procedure

Requirements for DDoS Proxies

The following information is required for a successful proxy configuration deployment

  • FQDN Label / DNS Name - Name for identifying the DDoS proxy. This name will appear on the Proxy / App Management page.
  • Backend IP / DNS Name - This is the IP or DNS Name of your web server or load balancer. F5 Silverline provides Frontend IPs or Assigned DNS Names automatically. Up to 5 ports can be configured on the same frontend/backend IP-pair configuration.
  • Backend Port - This is the port that is leveraged by your Backend IP / DNS Name. Multiple backends can be defined, as well as ability to select load-balancing methods. FQDN or DNS-named backends can be defined as well.
  • Frontend Port – This is the desired Port open on your F5 Silverline application proxy. This is where traffic will enter the Silverline platform.

 

Proxy Configuration Steps in Portal 

1. In the Portal, navigate to Config > Proxy / App Configuration > Proxy / App Management


2. Click the
+Add button to add a new Application Proxy.

  • DDoS Customers -- From the drop-down choose TCP / UDP / DNS
  • Silverline WAF Services customers won't see a drop-down menu. For configuration steps, see Application Proxy (HTTP / HTTPS) Configuration.
  • Troubleshooting: I don't see an Add button?

    If you don't see an Add button, this means that you've used all of your contracted FQDNs. Contact your Silverline Sales representative if you need more FQDNs.

 

3. Configure Front End FQDN.

New Application defaults to Front and Back End configuration page.

New_Application_-_Front_and_Back_End.png

Fill in the following fields (descriptions below image):

NewProxy2.png

Field

Description

Notes

FQDN Label / DNS Name

Name for identifying the application proxy. This name will appear on the Proxy / App Management page.

Requirements: Limit of 64 characters

Allowed: Any valid lowercase letters, numbers, and periods.

Not Allowed: Capital letters, and ending name in a period.

Suggested: Typically FQDN-related and unique names are used.

Note: If names are not unique, than some of reporting functions will aggregate data for proxies with the same name. Stats for Web Traffic, SSL, and Proxy can not differentiate between different proxies with the same name.

 

Assigned Front End IP

F5 Silverline automatically provides IPV4 Frontend IPs.

 

 

Use IPV6 Front End

Turn this ON if you want F5 Silverline to also assign an IPV6 Front End IP.

IPv6 options will only be available if the account has been configured for IPv6 usage as well. If you don't see the option available in Portal, you can contact Support to have it enabled.

Proxy Enabled

Toggle button to either enable or disable the application proxy

Why would you disable a proxy? Common reasons are…

  • making changes on the backend server
  • no longer require application to process traffic but you want to reserve frontend DNS address for future use

 

Note

Any notes for you or your team on this proxy.

 

Tags

Start typing and choose from existing tags. Or type out new tag and hit enter to save.

More details on tags in Using Tags with Roles Based Access Control (RBAC)

 

4. Configure Back End Server IPs or FQDNs.

Fill in the following fields (descriptions below image):

NewProxy_Multiple-BackEnds.png

Field

Description

Notes

Back End IP or DNS Name

Enter the IP address or DNS name for your back-end server.  DNS names are resolved at the point of entry and must be valid.

If a DNS Name (FQDN) is entered:

  • Silverline will query for DNS resolution every 60 seconds
  • Backend IP pool members will update 4 times within a 60 minute period.

Scrubbing Centers

Turn On  / Off which Silverline data centers are available to each back-end server.

  • Recommended: enable at least 2 different data centers in order to increase resiliency.
  • Typical: Most customers normally choose to enable ALL data centers for the greatest resiliency, availability and response times. 
  • Example of why you wouldn’t enable all scrubbing centers: Multiple back-end servers in different countries and you wish to force Silverline to use the closest data center for each back-end server.

+ Add Button

Back_End_Add.png

Add additional Back End servers.

If you have selected Priority Group Activation (PGA) as your Load Balancing Method under the Advanced tab, connections are first distributed to the first back-end server (highest priority) listed. If the first backend server fails, traffic is directed to the second backend server in the list. See Proxy / Application Configuration Option: Advanced for more information

 

5. Choose Services.

DDoS_TCP-UDP-DNS.png

Service

Description

Default?

Generic TCP Service

Basic port forwarding to the origin server for TCP traffic.

Default for TCP/UDP/DNS Proxy*

Generic UDP Service

Basic port forwarding to the origin server for UDP traffic.

Choose from + Other Services menu

DNS Cache Service

Offloads DNS-cached record responses to Silverline proxy.

 

Will act as an authoritative DNS cache, protecting your true DNS cache.

Q&A: How does Proxy Service DNS Cache work? When does revalidation occur? Time-to-live, aging, scavenging expiration behavior

 

Choose from + Other Services menu

* To remove an added service, click the X to the left of the service.

DDoS_TCP-UDP-DNS_Delete.png

 

6. Configure Services.

  1. Click on a Service in the left-hand column (A), and the corresponding Configuration Options (B) appear to the right. Details on each Configuration Option in links below image.
    • New_Proxy_TCP_Wide_Annotated.png
  2. Generic TCP Configuration Options:
  3. Generic UDP Configuration Options:
  4. DNS Cache Configuration Options:
  1. Save and Deploy
    1. Once all configurations are set, click Save in the bottom-right.
    2. If this takes you back to the list of apps / proxies, either click the name of the application proxy you just created, or click the Edit (pencil icon) button on the right.
  2. Test & Verify Proxies
  3. Configure On-Premises Set-up

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request