Using dynamic IPs in a Virtual Server

Question

Hi Team,&nbsp;
We use an Australian based SMS provider, whisper, to send OTPs to mobile devices. I've setup a http authentication server that constructs the SMS that sends the SMS' to Whisper's api.whisper.com address.&nbsp;
api.whisper.com only accepts https connections so I setup two virtual server's both of Whisper's destination IP addresses (they use DNS RR with 2 IPs) listening on port 80, then I created a pool, then finally some nodes using the hostname: api.whisper.com on service port 443 so the connection to whisper will be on 443. &nbsp;
I also enabled FQDN auto populate and the associated the pool to both virtual servers.&nbsp;
The problem is that api.whisper.com lives in Amazon EC2 and the hostname's IP address constantly changes. Therefore, I have to constantly update the VS IP address to match - this is not a problem for the pool of nodes because auto-populate updates the addresses dynamically for me. How can I dynamically update the Virtual servers to match the ever-changing IP's of the hostname api.whisper.com?&nbsp;
SMS OTP works perfectly using the above scenario - except when the IP dynamically change. &nbsp;
Thanks!&nbsp;
Pete&nbsp;

stephane_viau · Answer

Why do you have your clients connecting to api.whisper.com? Can you have them connect to another hostname instead that would have a static IP? And then you can still forward the requests to the "true" api.whisper.com servers.

petethefarmer_3 · Answer

Nah, no users connect to this. There is a static VS for users. This setup is only for http authentication purposes (ie: the mechanism that sends an API string to api.whispir.com). &nbsp;
BigIP won't let me configure a https host in my http authentication server (ie get this error: 01071346:3: In AAA HTTP server (/Common/myportal_aaa_whispir_sms_gateway), Using Http auth agent against SSL backend is not allowed, please, create a layered virtual server with serverssl profile). &nbsp;
So I did - that's what I created with the help of some f5 support techs.&nbsp;
api.whispir.com only works with https, they reject http connections, so with the help of f5, I created a VS on port 80 for the IP destination address (ie: what api.whispir.com resolves to) and then use nodes and pool lists to communicate out on 443 to api.whispir.com.&nbsp;

cjunior · Answer

Interesting this implementation, &nbsp;
So, and what about create a wildcard virtual server "0.0.0.0/0:80" and an iRule that checks name resolution (RESOLV::lookup) or getting adresses from list members whitin fqdn pool (active_members -list ) and accepting connections only to that match destinations?&nbsp;
Just an idea.&nbsp;

brad_parker_139 · Answer

Why not just make your http AAA server a hostname you control with those api.whispir.co FQDN nodes in the pool and then use an iRule to change the host header to api.whispir.com on the server side?

brad_parker · Answer

Why not just make your http AAA server a hostname you control with those api.whispir.co FQDN nodes in the pool and then use an iRule to change the host header to api.whispir.com on the server side?

Forum Discussion

Using dynamic IPs in a Virtual Server

9 Replies

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Check a Virtual Server's SSL Status

Virtual Server graphical App for F5 LTM

virtual server config

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire