Follow

How To: Proxy setup for working F5 with Akamai

 

Description

This is usually the setup which is done while working with F5 with Akamai 

 

Environment

  • Silverline WAF
  • Silverline DDoS
  • Proxy

 

Procedure

  1. Use OneConnect profile in F5 to listen to HTTP layer instead of TCP.
  2. F5 should listen to "X-forwarded-for" or "True-client-IP" HTTP headers for session stickiness to work properly. Based on the Akamai configuration you should choose the best option for your specific use case (based on if "true-client-ip" header rule is enabled or not.
  3. The PCONN/Keep-Alive value should be set to be greater than the one that is on Akamai configuration
    • Akamai default value is 300 seconds, therefore origin timeout value should be set to 301 seconds.
  4. All other appliances such as firewall and web application servers should maintain similar timeout parameters.
  5. Verify with Akamai if the web application server is sending a TCP close action to F5.
    • This should not terminate the TCP connection with Akamai, but only close the relevant HTTP connection.
    • TCP session is used for other transactions, as well on Akamai end to your origin / Load Balancer.

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request