Creating Services, Service Chains, and Classifier Rules
Overview: Creating services, service chains, and classifier rules
This section decribes how to create inline services, ICAP services, receive-only services, service chains,
and classifier rules.
Creating inline services for service chains
Before creating inline services, complete all areas in General Properties. Refer to the
Configuring general
properties
section of this document for more information.
Inline services pass traffic through one or more service devices at Layer 2 or Layer 3. You use inline
services in service chains, where each service device communicates with the BIG-IP
®
device, on the
ingress side and over two VLANs. These VLANs route traffic toward the intranet and Internet,
respectively.
Layer 3 inline services requires you to provide the IP address of the service devices from the present
choices in the Herculon SSL Orchestrator configuration. If you are using Layer 3 inline services, this
configuration sends and receives information from the services using a pre-defined set of addresses.
1.
On the Main tab, click
SSL Orchestrator
>
Configuration
, and on the menu bar, click
Services
>
Inline Services
to view inline services settings.
The Inline Services screen opens.
2.
Options to provide the IPv4 (CIDR/19) subnet-block base address, the IPv6 /48 subnet-block prefix,
or both, will vary, whether you selected
Support IPv4 only
,
Support IPv6 only
, or
Both IPv4 and
IPv6
.
• In the
What is the IPv4 (CIDR/19) subnet-block base address?
field, type the address block. F5
recommends the default block
198.19.0.0/19
to minimize the likelihood of address collisions.
Note: When using Layer 3 inline services, you must address your systems to match the required
ranges. Even though you can change the base address of each address block (IPv4) from which
subnets and addresses are assigned, changing an address block has several implications, must be
done with caution, and is not recommended or supported by F5.
• In the
What is the IPv6 /48 subnet-block prefix?
field, type the address block.
Note: Each inline service goes through one or more services at Layer 2 (LAN) or Layer 3 (IP).
Each service device communicates with the BIG-IP device on the ingress side over two VLANs
(from BIG-IP and to BIG-IP) that carry traffic toward the intranet and the internet, respectively.
• In both the
What is the IPv4 (CIDR/19) subnet-block base address?
and
What is the IPv6 /48
subnet-block prefix?
fields, type the necessary address block information.
3.
Click
Add
.
4.
In the
Name
field, type a name for your configuration.
Use a short, unique name for this service. This name can contain 1 -15 alphanumeric or underscore
characters, but must start with a letter. Letters are not case-sensitive.
5.
From the
Service Type
list, select
Layer 2
or
Layer 3
.
6.
In the
Interfaces
area, select the BIG-IP system interface and VLAN tag for each VLAN pair.
Summary of Contents for Herculon SSL Orchestrator
Page 1: ...F5 Herculon SSL Orchestrator Setup Version 13 1 3 0 ...
Page 2: ......
Page 6: ...What is F5 Herculon SSL Orchestrator 6 ...
Page 26: ...Setting Up a Basic Configuration 26 ...
Page 38: ...Importing and Exporting Configurations for Deployment 38 ...
Page 54: ...Using Herculon SSL Orchestrator Analytics 54 ...