AVI Layer 7 HTTPS mode and configuration

Others 2021-01-28 01:45:18 views: null

AVI Layer 7 Https


AVI supports three modes for Layer 7 Https LB:

• HTTPS Off-Load
• HTTPS End-to-End SSL
• SSL Passthrough

HTTPS Off-Load

In this mode, the traffic will be fully encrypted between the user terminal and the SE, the entire encryption process is only once, and the performance will be better. This mode is also officially recommended, and it balances security, SE flexibility, and performance.
Insert picture description here
The above figure shows the process of establishing a connection. The L7 Https load balancing connection is established after the client TCP handshake + SSL Handshake + HTTP request. SE uses Http (plain text) to forward the user's connection request.

Configuration

First, upload a Server Certificate or create a Self-Signed Certificate to
Insert picture description here
Insert picture description here
configure Virtual Service.
Insert picture description here
Select Advanced Setup and
Insert picture description here
select the red part according to system parameters.
Insert picture description here
Note ssl enable and pool selection/creation.
Insert picture description here
Create a pool. Note that the service port here is the backend service port.
Insert picture description here
Insert picture description here
Others are default, SAVE

HTTPS End-to-End SSL

In this mode, the traffic will be encrypted end-to-end between the user terminal and the application. The entire encryption process is performed twice for the best security.
Insert picture description here
The above figure shows the process of establishing a connection. The Https load balancing connection of L7 is established after the client TCP handshake + SSL Handshake + HTTP, and the SE uses Https (ciphertext) to forward the user's connection requirements.

Configuration

Insert picture description here
Insert picture description here
Insert picture description here
Note that the port here is 443, and
the configuration of the SSL profile pool of the system should be https
Insert picture description here
other default, SAVE

SSL Passthrough

The SSL Passthrough mode occurs when the SSL connection does not require encryption, and the SSL connection is directly connected from the client to the server in the pool.
Insert picture description here
In actual use, when Web application security is the most important issue, SSLPassthrough mode will be used.
That is, if the system layer 4 application of the created HTTPS VS is assigned as the layer 7 HTTP profile, the SSL traffic will be treated as a pass-through (layer 4) and flow through the NSX ALB without terminating the encrypted traffic.

Configuration

Insert picture description here
Select Advanced Setup
Insert picture description here
Insert picture description here
Insert picture description here
Insert picture description here
default, SAVE

effect

Take the second type as an example:
Insert picture description here
Insert picture description here
above.

Guess you like

Origin blog.csdn.net/weixin_43394724/article/details/112773088
Recommended
Apache Doris version 2.0.10 is officially released!
Open Source Daily | Big models go to war; big model unicorns are revealed to be selling themselves; Zhou Hongyi suggests that Google open source all its products; the largest open source AI community provides $10 million to share GPUs
Ranking
JS inheritance and monitoring
[ProblemSolving][Ubuntu][LyX] The selected document class ... requires external files that are not available...
Java threads sharing static variable
balancap/SSD-Tensorflow使用及训练预测自己的数据集
Detailed core ES6
JS --- reverse traversal achieved Array array, the array is connected string
How to Uninstall (or Reinstall) Windows 10’s Ubuntu Bash Shell
Linux modify the hostname method
Charging Specification BC v1.2
node的性能和java对比分析
Daily
More
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)

Code World

© 2018 codetd.com