Skip to main content

Illumio Core 21.5 Visualization User Guide

Virtual Servers in Illumination

Illumio Core supports enforcement activation on F5 Load Balancers using Local Traffic Manager (LTM) or Advanced Firewall Manager (AFM) modules on F5 BIG-IP systems. Each virtual server on a BIG-IP system is represented as a policy endpoint in the PCE, which computes policy for each virtual server and displays the virtual servers in the Illumination map, Location view, and the App Group Map.

How Virtual Servers Appear in Illumination

A virtual server is identified by a set of labels. The consumers and providers for a virtual server can be assigned different labels, which could place them in the same group or a different group in Illumination. Providers are allowed to have an incomplete label set (for example, only a Location label), so the providers can be in all groups within the specified location. As a result, a single virtual server can have providers in any group or in any number of groups in Illumination.

See "Load Balancers and Virtual Servers" in the Security Policy Guide for more information.

Based on their labels, the virtual servers are shown in the Full map. If the workload is in an enforced state, the traffic lines are displayed in green when the traffic is allowed by rules or in red when the traffic is blocked. To view more details, select a virtual server from the Illumination map or from the App Group Map command panel.

From the Illumination map, you can also add a segmentation rule for the incoming and outgoing traffic links from the virtual server by selecting the traffic line and clicking Add Segmentation Rule.

Prerequisites for Virtual Server Display

To display virtual servers in Illumination properly, the following prerequisites must be met:

  • A virtual server from the server load balancer has been discovered and is under PCE management (meaning, it exists as an object in the PCE).

  • There are traffic flows from a consumer to the VIP of the virtual server or there are traffic flows from the VIP to a pool member (backend server).

  • Labels have been assigned to the virtual server.

See also: