Virtual Hosts

Objective

This guide provides instructions on how to create and advertise a Virtual Host. A Volterra virtual host is a reverse proxy that provides reachability to destinations that are in the inside network and clients are in the outside network. To know more about Volterra virtual host and associated key system entities, see Virtual Host.

Note: It is recommended that you use virtual hosts only for advanced configuration and most of the virtual host functionality is now available through the HTTP Load Balancer or TCP Load Balancer.

Using the instructions provided in this guide, you can create a virtual host that advertises a service deployed on a site and provide reachability to the endpoint where the service is available.


Prerequisites

The following prerequisites apply:


Configuration

The following image shows the virtual host creation workflow:

FlowChart
Figure: Setting up a Volterra VirtualHost

Configuration Sequence

Creating and advertising a virtual host requires performing the following sequence of actions:

Phase Description
Discover Service Discover a service from a Site or a Virtual Site. Sites are in the system namespace. Virtual Sites can be created in a namespace.
Create Endpoint Create an Endpoint object which requires an endpoint address type. Endpoint address can be of type IP or DNS Name or Service Info.
Create Cluster Create a cluster object which points to one or more endpoints in that namespace.
Create Route Create a Route object which maps to one or more Clusters in that namespace.
Create Advertise Policy Create an Advertise Policy object where the service can be advertised on Site or Virtual Site or Virtual Network (including the Public Internet).
Create Virtual Host Creates a Virtual Host object in a namespace where above Advertise Policy and Route are associated.

Create Endpoint

Features can be viewed, and managed in multiple services.

This example shows Virtual Host setup in Load Balancers.

Step 1: Open VoltConsole, select Endpoints.
  • Open VoltConsole > select Load Balancers box.

Note: Homepage is role based, and your homepage may look different due to your role customization. Select All Services drop-down menu to discover all options. Customize Settings: Administration > Personal Management > My Account > Edit work domain & skills button > Advanced box > check Work Domain boxes > Save changes button.

NEW HOME PAGE3
Figure: Homepage

Note: Confirm Namespace feature is in correct namespace, drop-down selector located in upper-left corner. Not available in all services.

  • Select Manage in left-menu > select Virtual Hosts > Endpoints.

Note: If options are not showing available, select Show link in Advanced nav options visible in bottom left corner. If needed, select Hide to minimize options from Advanced nav options mode.

  • Select + Add Endpoint button.

VIRTUALHOSTS ENDPOINTS2
Figure: Endpoints

See Endpoint for more information on Endpoints.

Step 2: Select a desired namespace, or create a namespace where endpoint needs to be created.

NavNS
Figure: Navigate to Namespace

Step 3: Select and add endpoints.
  • In Load Balancers.
  • Select Manage > Endpoints.
  • Select + Add endpoint button.
  • The Add endpoint form loads.

EndptCreate
Figure: Create an Endpoint

Step 4: Enter values for Name, Labels, and Description.
  • Enter Name, enter Labels and Description as needed.

EPConfig
Figure: Configure an Endpoint

Note: Enter the values as per the following guidelines:

Name: Provide a name for identifying the endpoint object on the Volterra platform.

Labels: Associate multiple labels from either known keys/known labels or custom keys and labels.

Description: Provide a description to the endpoint object.

Step 5: Enter endpoint address by selecting one of the three options as shown in the image.
  • Toggle Show Advanced Fields to populate Endpoint Name (Advanced) option in drop-down menu.
  • IP: IP Address of the origin service. For example, if a service is running in public cloud platform like AWS, provide the publicly reachable IP address in the IP field.

EPIPAddr
Figure: Endpoint Address IP option

  • DNS name: DNS name of the origin service. For example, if a service called ‘webapp’ has a resolvable DNS name ‘webapp.customer1.net’ associated with it, provide the DNS name in the DNS field.
  • Service Info: Kubernetes Service information of the origin service. Select this option to directly discover a service running on Volterra Kubernetes Service or any other public cloud kubernetes services such as EKS, AKS and GCP. An explicit ‘Service Discovery’ object has to be created if selected service is running on public cloud kubernetes services. There is no need to create ‘Service Discovery’ object if the service is deployed using VoltStack (Virtual Kubernetes Service). Enter the service name in the <Name of the Kubernetes Service>.<Namespace in which the Kubernetes Service is placed> format.

The Service Info field has two options in the ‘Discovery Type’ subfield:

  • K8S: Use this when you deploy the service on Volterra Kubernetes Service or any public cloud platform (EKS/AKS/GCP). Configure an extra object in case a public cloud platform is involved. If the service is hosted on Volterra Kubernetes Service, then Volterra seamlessly enables the service discovery.
  • Consul: Use this option when you have an existing Consul cluster or create a Consul cluster for service discovery where Volterra reads discovery information directly from Consul. This requires you to create a discovery object with Consul connection information.
Step 6: Configure Virtual-Site, Site, or Network.

A selector can be a site, virtual site, virtual network, or known network. This defines the location from which origin service is discovered.

  • Select Virtual-Site or Site or Network drop-down menu option.

EPRefSel
Figure: Configure Virtual-Site, Site, or Network

See Volterra Virtual Site for more information.

Configure the selector as per the following guidelines:

  • Site: Select a site that is already registered in the specific tenant. You can list all the registered sites from system:Sites:SiteList. Sites are scoped under a Volterra tenant.

Choose a Site from the Select Ref pane once the Selector type is chosen.

  • Virtual Site: Select a virtual site that is already created in the specific namespace (volterra-demo in this example) or in the shared namespace. A virtual site can map one or more sites.

Choose a Virtual Site from the Select Ref pane once the Selector type is chosen.

  • Virtual Network: Select a virtual network that is already created in the tenant.

Choose a Virtual Network from the Select Ref pane once the Selector type is chosen.

Step 7: Configure port and protocol.

Port refers to the port on which the service is serving and protocol refers to the protocol that the application uses.

EPPortProto
Figure: Endpoint Port and Protocol

Configure the port and protocol.

  • Port: port on which the application is serving. For example a web service application serving on port 8080.
  • Protocol: Defaults value is TCP. TCP is the only protocol supported.
Step 8: Create endpoint.
  • Select Add endpoint to create the endpoint.

After all the parameters are entered in the respective fields, selecting Add endpoint adds the endpoint object to Volterra.

EPCreated
Figure: Endpoint Created


Create Cluster

See Cluster for more information.

Step 1: Select the Namespace in which the associated endpoint is located.
  • Select the Namespace in which the associated endpoint is located.

NavtoNS
Figure: Navigate to Namespace

Step 2: Add Clusters.
  • In Load Balancers.
  • Select Manage > Virtual Host > select Clusters.
  • Select + Add cluster button.

AddClust
Figure: Add Cluster

Step 3: The Add cluster form loads.

ConfigClust
Figure: Add Cluster Form

Step 4: Configure name, labels, and description.
  1. Name: Provide a name for identifying cluster object.
  2. Labels: Associate multiple labels from either known keys/known labels or custom keys and labels.
  3. Description: Provide a description to the cluster object.
Step 5: Configure endpoints associated with the cluster.

Endpoints refer to list of endpoints that are mapped to a specific cluster. A cluster can point to one or more endpoints.

  • + Select Endpoints button in the List of Endpoint Origin Servers(Endpoints) box.
  • Select + Add new endpoint or select existing endpoints by checking the boxes.

ConfigClust
Figure: Add Cluster Form

ClustEPSel
Figure: Cluster Endpoint Selection

Step 6: Configure health checks associated with the cluster.

Health check refers to configuring checks to ensure underlying endpoints are available. It is required to configure a health check object first to list them while creating the cluster.

  • Toggle Show Advanced Fields to show more options in Origin Pool(cluster) Parameters section.

ClustHC
Figure: Cluster Health Check

Step 7: Select the health check object created.
  • Select the health check object created, or select + Add new Healthcheck button.
  • Select Health Check button to add, and return to cluster configuration page.
  • Enter Name, enter Labels and Description as needed.

ClustHCSel
Figure: Cluster Health Check Selection

Step 8: Configure load-balancer algorithm.

The Load balancer algorithm refers to a specific method of load-balancing to be applied on cluster object. Choose from the supported algorithms Random, Round_Robin, Least_Request, Load Balancer Override and Ring_Hash. If no value is configured, the default value Round_Robin is applied .

ClustLBAlgo
Figure: Cluster Load Balance Algorithm

Step 9: Configure endpoint subsets for fallback policy.

Endpoint subset is a subset of endpoints grouped together using a key/value pair. Provide multiple keys and associate a label to group available endpoints. These are used in setting fallback policy.

  • Toggle Show Advanced Fields to open Endpoint Subsets box.
  • Select Configure link in Endpoint Subsets.
  • Select Default Subset label in drop-down menu.
  • Select Configure link in Fallback Policy.

ClustEPSubSet
Figure: Cluster Endpoint Subsets

Step 10: Configure TLS for cluster object.

You can set TLS version and configure TLS certificates for the cluster object using the TLS parameters.

  • Toggle Show Advanced Fields to open more Origin Pool(cluster) Parameters options below TLS Parameters.
  • Select Configure link in TLS Parameters Origin in Pool(cluster) Parameters.
  • Upstream TLS Parameters form*** SNI Selection drop-down menu > enter SNI Value > Configure link in Common Parameters > Form > Apply button.

ClustTLS
Figure: Cluster TLS Config

Step 11: Add the cluster object to Volterra.

After all the parameters are entered in the respective fields, select Add cluster. This adds the cluster object to Volterra.

  • Select Save and Exit button after all the parameters are entered in the respective fields to addthe cluster object to Volterra.

ClustCreated
Figure: Cluster Created


Create Route

See Route for more information.

Step 1: Select the Namespace in which the associated cluster object is located.

NavNS
Figure: Navigate to Namespace

Step 2: Add Route.
  • In Load Balancers.
  • Select Manage > Virtual Host > select Routes.
  • Select Add Routes button.
  • The Add route form gets loaded.

AddRoute
Figure: Add Route

Step 3: Enter the values for Name, Labels, and Description.
  • Enter values for Name, Labels, and Description.

AddRouteConfig
Figure: Add Route Config Options

Enter the values as per the following guidelines:

  1. Name: Provide a name for identifying route object on Volterra platform.
  2. Labels: You can associate multiple labels from either known keys/known labels or custom keys and labels.
  3. Description: Provide a description to the route object.
Step 4: Configure routes associated with the route object.
  • Select Configure link in List of Routes box on bottom of Route form to open the Routes configuration form for different routing options.

AddRouteConfig
Figure: Add Route Config Options

  • Select + Add Item button.

ConfRoutesforRouteObj
Figure: Configure Routes for Route Object

  • Enter the configuration parameters in new page.
  • Toggle Show Advanced Fields to show more options in each section.

Route Action: Route action specifies the action executed when this route object is accessed. You can choose one of the three options:

  • Select Action in drop-down menu options:

    • Destination List: Route destination enables you to map one or more cluster objects to this specific route.
    • Redirect: Route redirect enables you to redirect requests received by this route.
    • Direct Response: Route direct response enables you to provide a response code.

Configuring Route Destination:

Selecting Destination List in route action provides with options to associate one or more clusters to the destination.

RouteAction
Figure: Route Action Options

Step 5: Implement traffic match patterns, and rules based on different HTTP methods.
  • Select Configure link in Request Match box to implement traffic match patterns and rules based on different HTTP methods like GET, PUT, POST, etc.
  • Select + Add Item button.
  • In Match Condition page select Patch Match drop-down menu option:

Choose one of the three available match patterns:

  • Prefix > enter Prefix value in box.
  • Path > enter Path value in box.
  • Regex > enter Regex value in box.

You can also specify an optional combination of HTTP methods, query parameters, and headers.

  • Select Add Item button.
  • Select Apply button on Match page.

RouteMatch
Figure: Route Match Options

Step 6: Apply Advanced Options, and Add Route.
  • Configure Advanced Options, toggle Show Advanced Fields to expand box.
  • Select WAF Config drop-down menu in WAF box to apply Application Firewall option.
  • Check box for Service Policy if needed.
  • Select Add Item to add the route object to Volterra.

Route
Figure: Route Options

  • Select Apply button in Routes > Global Configuration Specification page.

Route
Figure: Route Options

  • Select Save and Exit button to add route.

Route
Figure: Route Created


Create Advertise Policy

See Advertise Policies for more information.

Step 1: Select the namespace in which the advertise policy needs to be created.
  • Select the namespace in which the advertise policy needs to be created.

NavNS
Figure: Navigate to Namespace

Step 2: Add advertise policy.
  • In Load Balancers.
  • Select Manage > Virtual Host > select Advertise Policies.
  • Select Advertise Policies button.
  • The Add route form gets loaded.

AddAdvPol
Figure: Add Advertise Policy

Step 3: Enter name, labels, and description in the Add advertise policy form.
  • Enter name, labels, and description in the Add advertise policy form.
  • Name: Provide a name for identifying advertise policy.
  • Labels: Users can associate multiple labels from either Known Keys/Know Labels or custom keys and labels.
  • Description: Users can provide a description to Advertise policy object.

ConfAdvPolOpt
Figure: Advertise Policy Config Options

Step 4: Enter Where to advertise the service.

Enter Where to advertise the service.

The field Where enables you to advertise a service on a site, virtual site, and virtual network. For example, if multiple sites are spatially distributed across regions (cloud and physical), you can discover a service from one site and advertise the same on one or more sites.

  • Select Virtual-Site or Site or Network drop-down menu in Advertise Policy box.

    • Site: A site registered and listed in the Site List in the system namespace.
    • Virtual Site: One or more sites grouped into a virtual site using key/label. If a virtual site has more than one site, advertise policy will announce the services on all the sites.
    • Virtual Network: A Virtual network created by user. Advertise policy advertises the service on all devices which comprise the chosen virtual network.
  • Select Reference and Network Type options in drop-down menu options.

AdvPolWhere
Figure: Advertise Policy Where Options

Step 5: Enter port and protocol.
  • Toggle Show Advanced Fields in Advertise Policy box to show more options.
  • Select Protocol in drop-down menu, TCP or UPD.

    • Protocol: Refers to protocol that the service supports. Default is TCP
  • Enter TCP/UDP Port number in box.

    • Port: Refers to port on which the discovered service is advertised. This can be a different port than the originally discovered port from the ‘Endpoint’ object. Advertising on public networks is supported for only ports 80 and 443.

AdvPolPortProto
Figure: Advertise Policy Protocol and Port

Step 6: Add configurations as needed, and advertise policy object to Volterra.
  • Select or enter VIP, TLS Parameters, Disable X-Forwarded-For Header, and List of Public IP sections as needed.
  • After entering all required parameters in the respective fields, select Save and Exit button to add the advertise policy object to Volterra.

AdvPol
Figure: Advertise Policy


Create Virtual Host

See Virtual Host for more information.

Step 1: Select the Namespace in which virtual host needs to be created.

Select the Namespace in which virtual host needs to be created.

NavNS
Figure: Navigate to Namespace

Step 2: Add virtual host.
  • In Load Balancers.
  • Select Manage > Virtual Host > select Virtual Hosts.
  • Select + Virtual Host button.

AddVHost
Figure: Add Virtual Host

Step 3: Enter name, labels, and description in the Add virtual host form.
  • Enter name, labels, and description in the Add virtual host form.
  • Name: Provide a name for identifying advertise policy object on Volterra platform.
  • Labels: You can associate multiple labels from either known keys/known labels or custom keys and labels.
  • Description: Provide a description to advertise policy object.

AddVHConf
Figure: Virtual Host Config Options

Step 4: Select Add domain in Domains.
  • Select + Add domain in the Domains box.

Note: Domain is used to access the virtual host. A virtual host can have one or more domains associated with it.

VHDomConf
Figure: Virtual Host Domain Config

Step 5: Select a value for the Proxy Type.
  • Select a value for the Proxy Type drop-down menu.

Note: Proxy type enables you to configure specific type of proxy on the virtual host. The supported proxy types are TCP Proxy, TCP Proxy with SNI, HTTPS Proxy, UDP Proxy, and HTTP Proxy.

VHProxType
Figure: Virtual Host Proxy Type Options

Note: The virtual host of the UDP Proxy type can be monitored in the Virtual Hosts > HTTP Connect & DRP page in your application namespace. The UDP Proxy type does not support extensive monitoring that other types of virtual hosts support.

Step 6: Select Select route to associate one or more routes with the virtual host.
  • + Select route button in Routes box to associate one or more routes with the virtual host.
  • Check existing Route or + Add new Route, configure as needed. `
  • Select Route button to add and return to previous page.

VHRouteSel
Figure: Virtual Host Route Selection

Step 7: Select advertise policy to associate an advertise policy with the virtual host.
  • + Select Advertise Policy button in Routes box to associate an advertise policy with the virtual host.
  • Check existing Advertise Policy or + Add new Advertise Policy, configure as needed.
  • Select Advertise Policy button to add and return to previous page.

VHAdvPol
Figure: Virtual Host Advertise Policy Selection

Step 8: Add virtual host to create a virtual host object.
  • Select or enter other sections as needed.
  • After entering all required parameters, select Save and Exit button to create a virtual host object.

Example - Redirect HTTP to HTTPS (NEW) Redirect UPD Proxy to Secret Management Access Proxy

This example redirects a HTTP request for the destination bookinfovk8s-qasim.customer1.demo1.volterra.us.02 to secured HTTPS service. Enabling HTTP redirection requires you to configure two virtual hosts with one host of type HTTPS_PROXY and other of type HTTP_PROXY. Although there are two virtual hosts, the endpoint needs to be associated only with the host of type HTTPS_PROXY as the other host is used for redirection purpose.

The following image shows the configuration topology for redirecting HTTP to HTTPs.

http https
Figure: HTTP Redirecting Using Virtual Hosts

Perform the following steps to configure HTTP redirection:

Step 1: Select the namespace in which the virtual hosts are needed to be created.
  • Select the namespace in which the virtual hosts are needed to be created.

VIRTUALHOSTS NAMESPACES
Figure: Select Namespaces

  • In Load Balancers.
  • Select Manage > Virtual Host > select Endpoints.
  • Select + Add Endpoint button.

VIRTUALHOSTS ENDPOINTS9
Figure: Add endpoint

Step 2: Fill the necessary fields as applicable.
  • Enter Name, enter Labels and Description as needed.

VIRTUALHOSTS HTTP2
Figure: Endpoint Service Information

  • Select or enter Origin Server(Endpoint) and Port used for health check sections as needed.
  • Toggle Show Advanced Fields to show all options or open section.
  • Fill the necessary fields as applicable.

Note: This example uses Kubernetes as the service discovery mechanism and the service name as the service information. The service is available at port 9080. This example has the endpoint on a virtual site.

  • Select Save and Exit button.

VIRTUALHOSTS HTTPVK8S
Figure: Endpoint Service Information

Step 3: Create Cluster.
  • Select Clusters in Manage > Virtual Host.
  • Select + Add cluster to load cluster creation form.
  • Select the endpoint created in Step 2 for the Select endpoint field.
  • Fill the necessary fields as applicable.
  • Select Save and Exit button.

VIRTUALHOSTS CLUSTERS10 2
Figure: Cluster Creation

Step 4: Create Route for destination.
  • Select Routes in Manage > Virtual Host.

VIRTUALHOSTS ROUTES10 3
Figure: Add Route

  • Select Add Route button to load route creation form.

VIRTUALHOSTS ROUTES10 4
Figure: Route Form

  • Create a route with the route destination as the cluster created in Step 3.

    • Configure > + Add Item > Configure in Request Match > + Add Item > Add Item > Apply > Action > Destination List > Configure > + Add Item in Origin Pools and Weights > Cluster > Add Item > Apply.
  • Toggle Show Advanced Fiels to open boxes and see more options.

Note: This example shows when all items, Match > Regex, Route Action > Destination list, and Destination > Cluster are configured.

  • Select Add Item button, Apply button.
  • Select Save and Exit button to save the route.

VIRTUALHOSTS10 5
Figure: Route Configuration for Destination

Step 5: Create another route with the Redirect as the Route action.
  • Create another route with the Redirect as the Route action and apply the appropriate settings for redirection.
  • Select Routes in Manage > Virtual Hosts.

VIRTUALHOSTS ROUTES10 3
Figure: Add Route

  • Select Add Route button to load route creation form.

VIRTUALHOSTS ROUTES10 4
Figure: Route Form

  • Configure > + Add Item > Actions > Redirect.

Note: This example uses URL for the host.

VIRTUALHOSTS ROUTE10 4
Figure: Route Configuration for Redirection

Step 6: Select Advertise Policies for (UDP Proxy) HTTP Service.
  • Select Advertise Policies in Manage > Virtual Host.
  • Select Add Advertise policy to load advertise policy creation form.
  • Toggle Show Advanced Fields to show options in Advertise Policy box.
  • Select Virtual Network in Where drop-down menu.
  • Enter 80 in TCP/UDP Port box.
  • Select Save and Exit button.

VIRTUALHOSTS10 6
Figure: Advertise Policy for HTTP Service

Step 7: Advertise Policy for (Secrets Management Access Proxy) HTTPS Service.
  • Create another advertise policy with the same virtual network and 443 as the port value.
  • Set 000 as the port value.
Step 8: Select Virtual Hosts, select Add virtual host to load virtual host creation form.
  • Select Virtual Hosts in Manage > Virtual Host.
  • Select Add Virtual Host to load advertise policy creation form.

Create a virtual host with the following values:

  • Select Proxy Type drop-down menu as UDP Proxy.
  • + Select Route, and apply Route configured in Step 4 (the route with the destination as the cluster).
  • + Select Advertise Policy, and apply Advertise Policies configured in Step 7 (policy for TCP/UDP service).
  • Toggle Show Advanced Fields in Dynamic Reverse Proxy box.
  • Select Configure link, select Resolution Network Type drop-down menu options for site type.
  • Select Save and Exit button to create first virtual host.
Step 9: Create another virtual host with the following values.
  • Create another virtual host with the following values.
  • Select Proxy Type drop-down menu as Secret Access Managment Proxy.
  • + Select Route, and apply route configured in Step 5 (the route with redirection configured).
  • + Select Advertise Policy, and apply advertise policy configured in Step 6
  • Toggle Show Advanced Fields in Dynamic Reverse Proxy box.
  • Select Configure link, select Resolution Network Type drop-down menu options for site type.
  • Select Save and Exit button to create virtual host.

Concepts


API References