Cloud Docs Home > F5 Application Services Proxy Index

F5 Application Services Proxy

The F5 Application Services Proxy (ASP) is an application delivery controller (ADC) for container environments. The ASP deploys on-demand to act as a proxy and load balancer for distributed applications running in containerized environments.

Release Notes

Attributions

Attributions.md

Features

Guides

See the F5 Container Connector user documentation for your orchestration environment.

Mesos Marathon

Architecture

The ASP, a Node.js application, handles proxied traffic via a middleware framework. It comprises four (4) basic components:

Config Manages ASP configurations.
Merges configuration inputs from static and dynamic sources.
Normalizes the configuration for the other components.
Proxy Manages virtual server configuration.
Creates a proxy in the routing infrastructure for each virtual server.
Routing Provides the framework for creating traffic services.
Invokes the middleware functions.
Uses feedback to determine how to handle data events and the transaction lifecycle.
Telemetry Sends transaction events and statistics to an analytics provider (such as Splunk).

Built-in Middleware

Header Manipulator

The header manipulation module adds, removes, or modifies HTTP headers. It uses the same semantics as the Node.js setHeader, getHeader, and removeHeader methods.

Load Balancer

The load balancer module directs traffic to an available server, according to the configured load balancing algorithm. This module also collects load balancing-related statistics.

Connection Manager

The connection manager module tracks and manages server connections:

  • maps client-to-server connections;
  • conducts lookups for client-to-server and server-to-client connections;
  • reuses existing connections (when found) or creates new ones;
  • manages the connection lifetime;
  • closes server connections when the client closes the connection or when the inactivity timeout fires.

Forwarder

The forwarder module forwards data back and forth between client and server connections.

Telemetry

The telemetry module gathers global and transaction stats for tcp and http connections. By default, the telemetry module logs stats interally. You can also send stats to a backend system for reporting and analysis.

Supported backend systems in this version:

Global Stats

  • splunk source: asp.global
  • splunk sourcetype: f5:asp:stats:json
  • facility: test-location
  • devicegroup: test-group
  • Frequency: periodic (can be controller via config)
Name Description
tot_requests Number of HTTP requests received from clients
clientside_tot_conns Number of TCP connections received from clients
clientside_bytes_in Number of bytes read from clients
clientside_bytes_out Number of bytes written to clients
serverside_tot_conns Number of TCP connections opened to servers
clientside_failed_conns Number of failed TCP connections from clients
serverside_failed_conns Number of failed TCP connections to servers
clientside_other_killed Number of connections killed by OOM killer
aggr_period Time interval for flushing aggregate statistics

TCP Transaction Stats

  • splunk source: asp.tcp.transactions
  • splunk sourcetype: f5:asp:stats:json
  • facility: test-location (config can update this field)
  • devicegroup: test-group (config can update this field)
  • Frequency: per connection
Name Description
client_ip client IP Address
client_port client TCP Port
client_error_code Client-side socket system error code (e.g., HPE_INVALID_EOF_STATE)
server_error_code Server-side socket system error code (e.g., ECONNREFUSED)
pool_member_name server pool member ID (embeds the server name)
pool_member_ip server pool member IP address
pool_member_port server pool member TCP port
app Application name
appComponent Application component

HTTP Transaction Stats

  • splunk source: asp.http.transactions
  • splunk sourcetype: f5:asp:stats:json
  • facility: test-location (config can update this field)
  • devicegroup: test-group (config can update this field)
  • Frequency: per request
Name Description
client_ip client IP Address
client_port client TCP Port
ttfb time-to-first-byte; time (in milliseconds) between request receipt and start of response header write-out
ttlb time-to-last-byte; time (in milliseconds) between request reciept and writing last byte of response body
response_status_code HTTP response code (e.g., 200)
http_version client HTTP protocol version (e.g., “1.1”)
method_name HTTP method for the request (e.g., “POST”)
request_date Time (in milliseconds) request received
pool_member_name server pool member ID (embeds the server name)
pool_member_ip server pool member IP address
pool_member_port server pool member TCP port
url HTTP request URL
user_agent client HTTP user agent
app Application name
appComponent Application component

Configuration Parameters

All ASP configurations must be valid JSON.

Global

You can use global configuration parameters in all supported environments.

Parameter Type Required Default Description Allowed Values
console-log-level string Optional info Logging level
  • critical
  • error
  • warning
  • info
  • debug

Orchestration

Orchestration configuration parameters define the required information for a specific environment(s).

Parameter Type Required Default Description Allowed Values
kubernetes JSON object Optional   A JSON blob defining Kubernetes configurations. See below
  config-file string Required   Path to file in which f5-kube-proxy writes ASP configurations. “/var/run/kubernetes/proxy-plugins/service-ports.json”
  poll-interval integer Optional 1000 Polling time, in milliseconds  
marathon JSON object Optional   A JSON blob defining Marathon configurations. See below
  uri string Required   Marathon Service URL  
  poll-interval integer Optional 1000 Polling time, in milliseconds  

Virtual Server

Virtual server configuration parameters list virtual server objects, which represent service endpoints. The orchestration environment provides part, or all, of this section.

Parameter Type Required Default Description Allowed Values
destination JSON object Required   virtual server service location accepting connections  
  address string Required   IP address of service  
  port integer Required   Port number of service  
service-name string Required   Application tag for for the proxied App  
bind-port integer Optional destination.port ASP listening port for accepting connections  
shared-listen boolean Optional “false” Allows virtual servers to share a bind-port [2]  
ip-protocol [1] string Optional “http” virtual server’s service type “http”, “tcp”
load-balancing-mode [1] string Optional “round-robin” load balancing algorithm for the virtual server “round-robin”
keep-alive-msecs [1] integer Optional 1000 Time (in milliseconds) between TCP keep-alive packets on socket to back-end server  
flags JSON object Optional   see below  
  x-forwarded-for [1] boolean Optional “false” sets ‘x-forwarded-for’ header in request to backend server  
  x-served-by [1] boolean Optional “false” sets ‘x-served-by’ header in response to client  
[1](1, 2, 3, 4, 5) Include this parameter in a Kubernetes Service definition as an annotation. See the F5 Kubernetes Proxy Deployment Guide for more information.
[2]In shared-listen mode asp distributes connections using the original destination of the socket. ASP uses the SO_ORIGINAL_DST socket option to obtain the original destination.

Stats

Stats configuration parameters pertain to statistics gathering and reporting. The ASP logs stats internally if you don’t provide a URL.

Parameter Type Required Default Description Allowed Values
url [3] string Optional   URL of the backend stats server.  
token [3] string Optional   Authentication token for the stats server.  
flush-interval integer Optional 10000 Frequency, in milliseconds, at which to flush stats.  
backend [3] string Optional   Type of backend stats service. “splunk”
rejectUnauthorized [4] boolean Optional true If true, server certificate is verified against the specified ca.  
ca [4] string Optional   A string or array of strings of trusted certificates in PEM format. If omitted, we use the default publicly trusted list of CAs built into Node.js.  
metadata JSON object Optional   See below  
  facility string Optional   Sets facility for reported stats. Accepts template strings. [5]  
  devicegroup string Optional   Sets devicegroup for reported stats. Accepts template strings. [5]  
[3](1, 2, 3) If you’re sending stats to a backend server, you must provide a value for this parameter.
[4](1, 2) This applies if you are sending stats to an HTTPS server.
[5](1, 2) Template strings are substitutable. Allowed substitutions include {APP} and {PORT} which the proxy replaces with service-name and destination port from virtual-server config, respectively.