F5 XC Customer Edge Deployment Mode on AWS
Advanced Configuration Lab
Solution overview
This deployment mode is ideal for scenarios where backend applications are isolated from internet access, providing a secure and private connection to these applications for maximum security and privacy.
In this setup, Customer Edge sites can connect private customer sites to the Distributed Cloud Global Network through IPSEC tunnels initiated from the Distributed Cloud Customer Edge to the nearest two Regional Edge sites, enabling a secure and private link to backend applications.
In this lab, you'll deploy an AWS Elastic Kubernetes cluster configured with a NodePort and attach it as a source to the F5 HTTPS Load Balancer. The F5 HTTPS Load Balancer will connect to the AWS Elastic Kubernetes cluster through an IPSEC tunnel established via the F5 AWS Vnet Site.
All components will be deployed using the vesctl F5 command-line tool. Traffic from the F5 HTTPS Load Balancer will flow across the Distributed Cloud Global Network to an egress Regional Edge and then through an IPSEC tunnel to the Customer Edge site, where it will be directed to the backend application as pure IP-based traffic.