What Happened?
You have restrictions on what kind of traffic you can allow to your origin servers and know that F5 Distributed Cloud Console has Regional Edges (REs) all around the world that receive traffic and if you follow. this article can limit the dist_site you saw in logs to allow specific REs to your origin sever.
Environment
- F5® Distributed Cloud
- Sites
- F5® Distributed Cloud Regional Edge
Resolution/Answer
Note: We encourage to use as much REs as possible to avoid failure during Maintenance Windows. There should be always more than one Regional Edge in a Virtual Site. The F5 Distributed Cloud SaaS platform is upgraded every 4-6 weeks. The F5XC SRE team assumes multiple Regional Edge paths are always available. To Avoid any unexpected outages, ensure there is more that one Regional Edge in your Virtual Site providing the redundant path during upgrades.
To enable only traffic from specific REs to your site you need to add a custom endpoint in your Origin Pool configurations and your endpoint should refer to a virtual site (vSite) that further refers to RE sites you want.
Here are the steps:
1. Go to Distributed Apps > Applications > Virtual Sites > Add Virtual Site
2. Type the RE name in the Name field
3. Under Site Type select RE
4. Under Selector Expression select ves.io/siteName > In > "RE name"
5. Create an Endpoint object by going to Multi-cloud App Connect > Manage > Virtual Host
6. Add the just created this virtual site under Virtual-Site or Site or Network > Reference
7. Create an Origin Pool and attach this Endpoint to it
Additional Information
With above configuration, we would perform health checks only from REs which are part of that custom virtual site
used in the endpoint object; hence, you should see Health score as 100.