Scribd
Upload
1K views7 pages

f5 101 Study Notes

The document provides an overview of the F5 BIG-IP system including its modules like Application Security Manager (ASM), Access Policy Manager (APM), Global Traffic Manager (GTM), and licensing process. It also discusses traffic processing features such as load balancing methods, health monitoring, profiles, and high availability options like device service clustering. Additional sections cover accelerating traffic using connection reuse and an introduction to BIG-IP Access Policy Manager (APM) configuration and features.

Uploaded by

Kishore Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views7 pages

f5 101 Study Notes

The document provides an overview of the F5 BIG-IP system including its modules like Application Security Manager (ASM), Access Policy Manager (APM), Global Traffic Manager (GTM), and licensing process. It also discusses traffic processing features such as load balancing methods, health monitoring, profiles, and high availability options like device service clustering. Additional sections cover accelerating traffic using connection reuse and an introduction to BIG-IP Access Policy Manager (APM) configuration and features.

Uploaded by

Kishore Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

2/8/2015

https://cld.pt/dl/download/9732dc58110448e08c2032722ca82a1d/Start.with.BIGIP.txt

ApplicationSecurityManager(ASM)
AccessPolicyManager(APM)

PolicyBasedCOntrol

SSLVPN

Authentication

SingleSignon
GlobalTrafficManager(GTM)
BIGIPFullProxyArchitecture
Encrypt>unencrypt
compressed>uncompressed
ipv6>ipv4

TMOSOperatingSystemfromF5
FRomLCDyoucan:
ClearAlarms
Reloaddevice
ConfigManagementNetwork
GUIUtility
SelfIP
ManagementIP
TMOSshell(tmsh)
SetupBIGIP
DefaultIPAddress192.168.1.245/24becausehexadecimalofF5is245
ActivateBIGIPLicencehttps://activate.f5.com
Steps:
Generatedossier
senddosssiertoF5licenseserver
Generatelicence
BringlicensebacktoBIGIP
FinishlicensingprocessonBIGIP
ProcessofLicensingcanbeAutomaticorManual
ProvisioningLevels
Nominal(recommended)
Allocateonlywhatsneededtoenablemodulefunctions
Allocateadditionalasneededduringoperation
Minimum
Allocateonlywhatsneededtoenablemodulefunctions
Noadditionalresources
Dedicated
Takeeverything
Onemoduleonly
InstallingaDeviceCertificate
Usedforadministrativetasksandintersystemcommunications
BIGIPselfsignedcertificate(default)
ImportCAsignedcertificate(optional)
Storeceriticateon/config/httpd/conf/ssl.crt/server.crt
data:text/htmlcharset=utf8,%3Cpre%20style%3D%22color%3A%20rgb(0%2C%200%2C%200)%3B%20fontstyle%3A%20normal%3B%20fontvariant%3A

1/7

2/8/2015

https://cld.pt/dl/download/9732dc58110448e08c2032722ca82a1d/Start.with.BIGIP.txt

Rootaccount,noGUIaccess(onlyCLI)andisnotpossibleenableit
Adminaccount,noCLIaccessbutispossibleenableit
Thisbothaccountscannotbedisabe
(ONCLI)
username:root
password:default
(ONGUI)
username:admin
password:admin
Usethecommandconfigtosetupthemanagementnetwork
tmshlistsysmanagementip
(tmos)#save/sysucstrain1_base.ucs
Storeon/var/local/ucs
TheUCSfilehas:
ALLBIGIPspecificconfigfiles
Porductlicences
useraccounts/passwords
DNSzonefiles&ZoneRunnerconfig
SSLcertificatesandkeys
Rollingarchives,configbeforeapplyanewconfig
cs_backup.ucs
cs_backup_rotate.ucs
Allowcheckissues,defects,bestpractises
https://ihealth.f5.com
NecessarytogenerateQKViewFile
BIGIPPart2ApplicationDelivery
VirtualServer(VIP)
http_poolpoolofservers
AFullProxyArchitecture
Separateclientandserverconnections
CLIENTSYN>SYN_ACK>ACKVIRTUALSERVER
CLIENTHTTP_GET
SYN>SYN_ACK>ACKandHTTP_GET(totherealserver)
HTTP_RESPONSE(fromrealservertotheclient)
LoadBalacingMethods
Homogeneouspool
NonHomogeneouspooldiferentserverswithdiferentcapacity
Methods:
Static:predefineddistributionpattern
data:text/htmlcharset=utf8,%3Cpre%20style%3D%22color%3A%20rgb(0%2C%200%2C%200)%3B%20fontstyle%3A%20normal%3B%20fontvariant%3A

2/7

2/8/2015

https://cld.pt/dl/download/9732dc58110448e08c2032722ca82a1d/Start.with.BIGIP.txt

Dynamic:Observesruntimeenvironment
adjustdistributionpattern"onthefly"
RoundRobindefaultloadbalancing
Stillexistsloadbalacingevenstatusofpoolisunknown
StatisticsModuleStatisticsLocalTrafficPools/Virtualservers
SourceNATTranslation(SNAT)
YoucanuseAutoMAP,thisusetheFloatingSelfIPoftheinterface
TheSNATisconfiguredinvirtualserversettings
MethodsofHealthMonitoring
Address/ServiceexampleICMP,TCPecho
ContentCheckMonitorexampleHTTP,HTTPS
ApplicationCheckMonitorexampleFTP
PathCheckMonitorexampleGatewayICMP
ConstructingHTTPMonitoring

ApplicationSpecific

ispossibleuseregularexpressions
BehaviourswithProfiles

ProfileParentChildRelationshipandInheritanceDefaultProfile
Parent>ChildInheritbutispossiblecustomizeorcreateacustomprofile
ProfileDependencies
AllVShaveaLayer4profile(defaultisTCP)
Someprofilesdependonothersbutsomeprofilesaremuttualyexclusive
ClientSSLProfile
ServerSSLProfile
System>FileManagement>SSLCertificateList
****LTMPart1HighAvailabilityandTrafficProcessing****
DeviceServiceClustering(DSC)
Devicetrustbasedonmutuallyauthentication(digitalcertificates)
syncfailover
synconlydonotprocessingfailoverdata
DevicetrustDevicesthattrustoneanother
Devicegroupmultipledevicesthattrusteachotherandcansynchronizeconfigdatawithand
failovertooneanother
Onversion11.xadevicegroupcanhaveuntil8BIGIP
TrafficFroupsandConfigSync
data:text/htmlcharset=utf8,%3Cpre%20style%3D%22color%3A%20rgb(0%2C%200%2C%200)%3B%20fontstyle%3A%20normal%3B%20fontvariant%3A

3/7

2/8/2015

https://cld.pt/dl/download/9732dc58110448e08c2032722ca82a1d/Start.with.BIGIP.txt

Trafficgrouprelatedconfigobjectthatproccessparticularapplicationtraffic
ConfigSynctheprocessofsynchronizationconfigdata(virtualservers,pools,monitors,
profiles,....)betweendevicesinadevicegroup
TheHAusestheSelfIPandnottheFloatingSelfIP
UseNTP,andavalidcertificatetoestablishHAcorrectly
LoadBalancingMethods
Static:

RoundRobin(default)

Ratio
Dynamic:

LeastConnections

WeightedLeastConnections

Fastest

Observed

Predictive

DynamicRatio

LeastSessions
Failuremechanisms:

PriorityBasedMemeberActivation

FallbackHost
Theratio3receives3morerequeststhanaRatio1
Ratio(member)andRatio(node)
Ratio1
Ratio2
Ratio3
PriorityBasedMemberactivation
poolRatio(member)
Prioritygroup
Prioritygroupactivation
Thinkingin3PriorityGroups,withratio331
SpecifyingthePriorityGroupActivaiton<2meansthegroupwithlessprioritywillbeused
onlyifoneofthegroupfails
****Module3DirectingTrafficwithiRules*****
AfeweventsiniRules:
CLIENT_ACCEPTED
SERVER_CONNECTED
SERVER_DATA
iRulesConstruct
OPerators==<>starts_withcontainsends_with
Functionsfindstrgetfieldsubstr
Statementsif,switch,log,pool
CommandsHTTP::uriHTTP::headerAES::encryptSIP::call_id
https://devcentral.f5.com/login?returnurl=%2fwiki%2firules.homepage.ashx
https://devcentral.f5.com/d/tag/irules%20editor
data:text/htmlcharset=utf8,%3Cpre%20style%3D%22color%3A%20rgb(0%2C%200%2C%200)%3B%20fontstyle%3A%20normal%3B%20fontvariant%3A

4/7

2/8/2015

https://cld.pt/dl/download/9732dc58110448e08c2032722ca82a1d/Start.with.BIGIP.txt

iRulesSyntax
whenCLIENT_ACCEPTED{

if{[[IP::remote_address]starts_with"10."]}{

poolten_pool

}else{

poolcustomer_pool

}
}
iRulebasedonaHeader
whenHTTP_REQUEST{

switch[stringtolower[substr[stringtrimleft[HTTP::headerAcceptLanguage]]02]]
{

"fr"{poolhttp_fr_pool}

"jp"{poolhttp_jp_pool}

default{poolhttp_pool}

}
}
ToapplyaiRulethevirtualserverrequiresaHTTPProfileashttp,afterconfigtheprofile
gotoresourcesandapplutheirulecreatedbefore
****Module4AcceleratingTraffic****
LeveragingOneConnect
OnceaclientconnectedtheBIGIPkeepaConnectionreusepooltousefromthesameclientor
otherclientstoconnecttothesameserverwithaopenedconnection
OptionunderLocalTraffic>Profiles:Services:HTTP
SourceMaskdetermineseligibilityforreusingandopen/idleconnection,thevalue0.0.0.0
meansallclientscanreusethesameconnection.And255.255.255.255onlythesameclientis
abletoreusetheconnectionopened
MaximumSizeMaxconnsheldinConnectionreusepool,ifthemaximumisreached,theBIGIP
systemwillcloseaserversideconnectionaftertheresponseisreceived
MaximumAgeMaxtimeaconnecitoncanstayopenANDidle
Maximumreusemaximumnumberoftimesaconnectioncanbereused
****GettingStartedwithBIGIPAccessPolicyManager(APM)****
WhatisaBIGIPAPM
RemoteAccessSolution
NetworkAccessSSLVN
PortalAccessreverseProxyWebApplications
ApplicationsAccessSingleApplicationTunnelincludingRemoteDesktop
PolicyEnforcementPoint
AuthenticationandAuthorization
EndpointInspection
AccessControlLists
DynamicResourceAssignment(perUserorGroupBasis)
SingleSignon(includeOAM,KerberosandSAML)
data:text/htmlcharset=utf8,%3Cpre%20style%3D%22color%3A%20rgb(0%2C%200%2C%200)%3B%20fontstyle%3A%20normal%3B%20fontvariant%3A

5/7

2/8/2015

https://cld.pt/dl/download/9732dc58110448e08c2032722ca82a1d/Start.with.BIGIP.txt

PolicyenforcementonLTMusingAPM
ProfilesrequiredtoimplementAPM:TCP,ClientSSL,HTTP,ServerSSL,Access
LookslikeaFlowchartconfiguringaAPM
ConfigFullWebTop
Config

HTTPBasics
StatusCodes
100Informational
200Success
300Redirection(301MovedPermanently)
400ClientErrors(400Badrequests,401NotAuthorized,402Notfound)
500ServerErrors(500InternalServerError,505HTTPVersionUnsupported)
ResponseHeaders
ServerandContentFormatInformation
Age
ETag
Location
Server
EntityHeaders
Contentinformation
ContentLength
ContentEncoding
ContentType
LastModified
ProcessExamples
Caching
ContentTransferCompletion
Caching
CachingModels:
Expiration>ReducesRequests
Validation>Reducescontenttransfer
CacheExpiration
ReducesRequests
Example:
ExpiresTues13Feb200713:00:00GMT
CacheControl:maxage3600
CacheValidation
ReducesContentTransfer
304NotModifiedStatusCodes
Example:
EtagandIfNoneMatch
LastModifiedandIfModifiedSince
Whenclientreceives304codeusetheobjectinlocalcache
data:text/htmlcharset=utf8,%3Cpre%20style%3D%22color%3A%20rgb(0%2C%200%2C%200)%3B%20fontstyle%3A%20normal%3B%20fontvariant%3A

6/7

2/8/2015

https://cld.pt/dl/download/9732dc58110448e08c2032722ca82a1d/Start.with.BIGIP.txt

ContentTransferCompletion
VIPRIONBasics
Failovercanbedoneusingunicastormulticast.Canbespecifiedaminimumnumberofblades
todoafailover
Mirroringcanbedoneinsamecluster,cloneallsessionstatetootherblade.Andbetween
clusters,mirroringsesseionstatetoapeer
VirtualClusteredMultiProcessing(vCMP)aclusterofvirtualmachinesrunningTMOSis
calledavCMPguest
ImportantVIPRIONcommands
Bladectlallowauserremotelyperformsimpletasks(likerebootablade,connecttoconsole
ports)inotherbladesinaVIPRIONchassis
clshallowausertoexecutethecommandoneveryactiveblade,userclshcommandasa
prefixtothebeginningosanothercommand
tmsh/sysvcmp
tmsh/sysclustermodifytheconfioftheprimarybladeinacluster,thesystemwill
propagateallchangestotheotherbladesinthecluster(knownasclustersynchronization)
TroubleshootingBasics
EndUSerDiagnostics(EUD)
AccessedviaGRUB
VIPRIONSpecifictests:Clustering,Hardwareproblems
TwoVIPRIONEUDBranches
EUD_V(VIPRION4000)
EUD_S(VIPRION2000)
!!!!Warning!!!!
DonorunitinaproductionEnvironment
Removeallbladesfromchassis
RunEUDdirectlyonbladebeingtested
OutofBandManagement
LightsOutProcessor(LOP)VIPRION2000Series
SerialPortRedirector(SPR)VIPRION4000Series
invokeLOP/SPRattheconsolewithEscthenShift+(9

data:text/htmlcharset=utf8,%3Cpre%20style%3D%22color%3A%20rgb(0%2C%200%2C%200)%3B%20fontstyle%3A%20normal%3B%20fontvariant%3A

7/7

You might also like