Simply stated, Virtual IP addresses are those IP addresses that are not tethered to any specific machines and thus can freely rotate among nodes in the content gateway cluster. Generally, a single machine can represent multiple IP addresses on a single subnet. Each machine does have a primary IP address associated with the interface card but can also serve multiple virtual addresses as and when required.
With such provision, one can set up the user base for DNS round-robin pointing at the VIP, in place of the real IP address of the machines across the content gateway. As VIPs are not bound to the machines, the addresses from inactive nodes can be fetched and distributed across remaining active nodes by the content gateway clusters.
Configuring VIP is key to Load Balancing
The first step in load balancing is assigning names to IPs. The BIG-IP DNS device tells you the best IP (an actual server or a virtual IP) to route for the requested application. Multiple DNS devices are deployed to ensure high availability of applications. The main configuration element in a BIG-IP DNS is Wide IP or WIP and is usually attached to many pools that contain the IP’s of the end servers.
The BIG-IP LTM module ensures high availability of applications and does the actual load-sharing, HTTP-caching, SSL-offloading, web acceleration, etc. The main configuration element on BIG-IP LTM is referred as the “Virtual IP,” the “VIP” or simply the “Virtual Server”. It is the key component and starting point to building ADC configurations to deploy an application. The VIP is the destination (combination of IP and port) to which traffic requests will be sent, where profiles and other configuration options are defined and much more.
Application delivery automation platform like AppViewX ADC+ enable users with self-serviceable automation workflows that automates the generation of configurations, such as creating a VIP or wide IP (WIP), modifying configurations, and creating a virtual server on an LTM device with associate profiles, monitors, iRules, etc. This drastically reduces the number of manual configuration errors and the time from request to delivery, ensuring that application deployments on BIG-IPs are completed in minutes rather than in days or weeks.
How ADC+ whips up the VIPs
Creating Virtual IP is a tedious and time-consuming process that usually takes more than 5 days and involves multiple teams like Application team, NetOps, etc., but the automation offered through the ADC+ platform exponentially speeds up the process, reducing the time from days to minutes!
The platform enables application owners and network teams to implement VIP configurations in less than 5 minutes without writing a single line of code. ADC+ offers OOB (out-of-the-box) automation workflows that help users create a virtual server and associate it with the appropriate profiles, monitors, pools and pool members in LTM, all using integration with ITSM and DDI systems. The platform then integrates the available address pools to create DNS binding for the new virtual server along with DDI systems (like Infoblox and BlueCat), which allows users to reserve a free IP address. The workflows also include an option to create or bind existing profiles and monitors to the virtual server and allows users to create change request tickets in ITSM systems (like ServiceNow) for approvals and tracking. The service request change ID is associated with the work order and is updated based on the implementation status.
Once the user submits the request using a predefined workflow, the platform generates ‘tmsh’ commands that need to be pushed to the devices. The user can even review the platform-generated commands using the ‘review command’ option. The work order then pre-validates load balancer device performance metrics (CPU and memory utilization) and confirms that the new virtual server and its associated objects are not present, ensuring error-free configurations across live devices. Upon successful pre-validation, the configuration changes are approved through a two-step process: first by ServiceNow, then by AppViewX. After approval is received, the configuration changes are implemented on the load balancer. A post-validation script ensures the virtual server and the associated objects are created successfully. The platform even offers an option to roll-back the pushed configuration.
Abstracting the technical nitty-gritty completely, the platform offers multiple tailor-made workflows based on the user persona and persona-specific use-cases for better self-serviceability. The users can self-service the VIP creation task by selecting the most suitable workflow from the catalogue. Also, if any unique use case-specific automation workflow is not readily available on the platform then the users can create automation workflows on their own from the ‘Studio’ module. The workflows are majorly task-oriented and enable the DevOps team to build customized solutions out of it.
AppViewX ADC+ also helps the network teams in migrating VIPs across different environments, as discussed ahead.
Migrating VIPs across different environments and devices
Migrating Virtual IPs from one device to another or from one environment to another (e.g., DEV, UAT, PROD) is a challenging task.
ADC+ provides a built-in module to migrate the configurations. This empowers the users to import basic details, such as source and destination, based on which automatic migration is performed. It facilitates an error-free migration with minimal manual intervention. ADC+ also allows the network teams to schedule the migration that performs the change management within a defined change window.
The automation platform offers cookie-cutter templates, which allow users to carry out customized migrations. These templates can be used to capture the VIP details, append necessary values, and then migrate the VIP to the destination device. This eventually empowers businesses to define workflows for approvals, validations, and implementations. Tracking the changes in a centralized logging inventory also helps the businesses keep track of the changes.
Configuration of a virtual server IP (VIP) address is not mandatory during the initial configuration of the ADCs. But while configuring the load balancing techniques, one needs to assign VIP addresses to the virtual servers.
The ADC+ platform acts as a network operation hub, where teams can easily locate all the applications and can execute the required actions like changing the load balancing ratio, clearing active connections, configuring backup systems, server changing- all this with role-based access.
Offering app-centric visibility, the automation and orchestration platform offers centralized device management, policy-driven compliances, and actionable insights with self-serviceable orchestration.
With event-driven auto-remediation, ADC+ also brings down the MTTR by troubleshooting on the fly with closed-loop, context-aware workflows. Built-in features offer instant alerts on device vulnerabilities and the inbuilt ChatOps feature helps teams to collaborate on incident management.
This way ADC+ helps the organizations in configuring the VIPs and centrally managing all the application delivery controllers.
*** This is a Security Bloggers Network syndicated blog from Blogs – AppViewX authored by Devanshu Dawn. Read the original post at: https://www.appviewx.com/blogs/whip-up-vips-in-a-minute/