F5 Distributed Cloud AWS VPC Site

In additional to using the F5 Distributed Cloud WAF from an F5 Regional Edge / PoP location you can also deploy a “XC Mesh” node that enables you to access networks that are not directly connected to the Internet and/or enforce WAF policies locally within the local network.

When we deploy XC Mesh outside of a Regional Edge we refer to these locations as “Customer Edge”. In the following exercise we will review what the process is to deploy a Customer Edge. In our existing lab environment we have already deployed a shared F5 Distributed Cloud AWS VPC Site.

Once a XC Mesh node has been deployed into a Customer Edge it help provide two additional topologies for F5 Distributed Cloud WAF protection.

  1. Enabling F5 Distributed Cloud to protect a resource from the Regional Edge (additional DDoS protection) that is not directly attached to the internet.

  2. Allow F5 Distributed Cloud to provide WAF protection for “internal” and/or “local”


Exercise 1: Introduction to F5 Distributed Cloud AWS VPC Site

  1. Start in F5 Distributed Cloud Console and switch to the Cloud and Edge Sites context.

    ../../_images/menu-cloud-edge-sites.png

  2. Find the “AWS VPC Sites” menu item.

  3. From the top left go to Site Management under Manage section

  4. Click on “AWS VPC Sites”

    ../../_images/xc-aws-site1.png

  5. Find the “xc-waf-lab-aws” site

    In this lab environment we have already deployed a shared AWS VPC Site that we will use in this lab. Click on the “xc-waf-lab-aws”

    You will be able to observe several metrics about the health of the site.

    In this deployment a XC Mesh node has been deployed into an existing VPC in our shared AWS lab environment.

  6. Browse back to “AWS VPC Sites”

    Note

    XC Mesh nodes can be deployed into VMWare and KVM environments as well through a site registration process.


Exercise 2 (Optional): F5 Distributed Cloud Simulator

During this lab we will not deploy a new AWS VPC Site. If you would like to learn more about deploying an AWS VPC Site via F5 Distributed Cloud you may want to try using the following F5 F5 Distributed Cloud Simulator:

-https://simulator.f5.com/s/cloud2cloud_via_sites_brownfield

You can emulate the steps that were used to create the F5 Distributed Cloud VPC Site in the lab environment by starting with the “3. Connect AWS VPC Site” https://simulator.f5.com/s/cloud2cloud_via_sites_brownfield/nav/aws/005/0

Clicking on the “Next” button in the top right will allow you to see similar steps that were used to create the site.

../../_images/volterra-simulator-vpc-site.png

Video Walkthrough

Optional Video you can watch if you get stuck




../../_images/stop7.png

You have reached the end of this lab. For instructor-led courses, do not continue until instructed to do so.