Documente Academic
Documente Profesional
Documente Cultură
First-Time Configuration
Login over console and configure mgmt IP and host name.
initial console login root, default.
initial web login admin, admin.
Whenever issuing bigpipe commands, save the configuration.
bigpipe save
Under Construction
run the config command and follow the instructions to enter the Viprion Management IP Address, the Network Mask, and Management Default
Gateway and specific routes.
-or-
Next the Viprion must be licensed. Use a web browser to connect to the Viprion's management IP using HTTPS ( https:// ), and follow the initial
setup prompts.
End Under Construction
run the bigpipe system hostname command to configure the fully qualified domain name.
Syslog
copy syslog.inc to the /config directory or create a file syslog.inc in the /config directory:
destination d_loghost {
# The priority is the result of facility * 8 + severity.
# So priority = 19 (facility local5) * 8 + 5 (Severity NOTICE) = 157
udp("135.201.104.65" port(514) template("<157>$DATE $HOST $MSG\n"));
udp("132.201.226.83" port(514) template("<157>$DATE $HOST $MSG\n"));
};
log {
source(s_syslog_pipe);
source(s_cluster);
destination(d_loghost);
};
Then run
SNMP
run the following command within bpsh:
bpsh
bp snmpd community CompuLert {
access ro
community name "CompuLert"
ipv6 disable
oid none
source "default"
}
bp snmpd allow {
127.
135.201.104.65
135.201.104.67
135.201.104.69
132.201.226.83
132.201.226.86
132.201.226.89
}
NTP
Configure NTP and time zone. Note that "America/Swift Current" is equivalent to NWT/CST with no daylight savings time, and will be displayed as
CST in both the top of the F5 Web GUI and from a console session to the F5.
HTTPS Security
Since the Big-IP can be managed through HTTPS, and since SSL certificates expire, create a self-signed certificate with an expiration date in 10
years (3,650 days in this case).
Record the fingerprint of the SSL certificate. Run the following two commands and store the output in a safe place. When accessing the Viprion
for the first time via web browser, compare the fingerprints to ensure that the SSL session has not been highjacked.
In order to restrict less secure algorithms (refer to https://support.f5.com/kb/en-us/solutions/public/6000/700/sol6768.html for more detail) modify
the cipher string.
HealthChecks
In F5 nomenclature, healthchecks are undertaken by "monitors". Several monitors are included, and some we have added or customized.
DNS-monitor
The DNS-monitor health-check uses an external script located at /usr/bin/monitors/DNS-monitor. It takes 2 parameters - a DNS name to lookup,
and the expected answer.
Example:
monitor DNS-monitor {
defaults from external
args "wr01000ldns0001.vni.ec.att.com 10.198.111.212"
run "DNS-monitor"
}
monitor http-ImAlive {
defaults from http
recv "200 OK"
send "GET /ImAlive/ImAlive.jsp HTTP"
}
Watson_Wireline
The Watson_Wireline monitor open up a connection to TCP port 8889 on an ASR, and sends the string "HealthCheck", and expects the reply to
be the string "HealthAvailable".
monitor Watson_Wireline {
defaults from tcp
dest *:8889
recv "HealthAvailable"
send "HealthCheck"
}
SIP_Proxy
The SIP_Proxy monitor sends a SIP OPTIONS request to an SPX and expects a valid SIP response code. Note that any response code is
considered as a success.
monitor SIP_Proxy {
defaults from sip
debug "no"
filter "\x2a"
mode "tcp"
}
Profiles
Nodes
node 10.198.111.212 {
monitor icmp
screen wr01000ldns0001
}
Pools
pool DNS {
monitor all DNS-monitor
members {
10.198.111.212:domain {}
10.198.111.213:domain {}
}
}
Virtual Servers
virtual AAS-1 {
pool AAS-1
destination 10.198.111.11:http
ip protocol tcp
profiles fastL4 {}
}
virtual ASR-1 {
pool ASR-1
destination 10.198.111.13:any
ip protocol tcp
profiles fastL4 {}
}
virtual CAS-1 {
pool CAS-1
destination 10.198.111.12:http
ip protocol tcp
profiles fasthttp {}
}
virtual DNS {
pool DNS
destination 10.198.111.53:domain
ip protocol udp
}
virtual TDD-1 {
pool TDD-1
destination 10.198.111.13:22000
ip protocol tcp
profiles fastL4 {}
}
virtual TTS-1 {
pool TTS-1
destination 10.198.111.13:5950
ip protocol tcp
profiles fastL4 {}
}
virtual SPX-1 {
pool SPX-1
destination 10.198.111.14:5060
ip protocol udp
persist sip_proxy_persist
profiles udp_sip {}
}