Documente Academic
Documente Profesional
Documente Cultură
3. Linkcontroller :
BIG-IP AAM
BIG-IP AFM
BIG-IP Analytics
BIG-IP APM
BIG-IP ASM
BIG-IP DNS
BIG-IP GTM
BIG-IP LTM
BIG-IP PEM
BIG-IP PSM
BIG-IP WebAccelerator
BIG-IP WOM
In this diagram, BIG-IP Lies between your server & the internet, it receives
incoming traffic and most cases sents outgoing taffic.
Internet
BIG-IP LTM
Servers
The LTM Examines values in the header or pay load of incoming packet and based
on its value it intercepts transforms and directs application and web services
requests.
One of the best feature of LTM is handling of SSL Traffic. The BIG-IP LTM can
of load this processing intensive function from the application servers,
greatly increasing application performance.
##########################################################
####################################################
##########################################################
####################################################
1. Lesson 1- Exploring BIG-IP Hardaware
5. Lesson 5- Hardware,Software.OS
#######################################################
USB Ports : There are two USB ports. use this port to
connect other devices to BIG-IP.
1. During the first step you set the IP address, net mask and
optionally the default route for the management port if the
default IP address is not appropriate for your network.
#######################################################
SETUP-OVERVIEW
Licensing BIG-IP
Manual
If your BIG-IP has internet access, you can use the automatic
method.
1. https://(BIG-IP IP address)
Note this first time during any browser session that you
connect to BIG-IP, the web browser alerts you that BIG-IP
security certificate is not known this is normal behavior.
connect pc to internet
send dossier to F5 licensing server
click next
2. Admin account
3. Host account
SNATs
Web config utility :- interface
This open the archive screen from which you can upload
existing backup files BIG-IP or create new backup files.
For example if you are licensed for both GTM and LTM & you
know that you are implementation of GTM will require fewer
resourses than LTM.
Configuring provisioning :-
Nominal
Minimum
None
##########################################################
####################################################
BIG-IP VIPRION
processor
SSL chip
AOM
switch fabric
Adding hardware
Additional RAM
This power supply and FAN chassis included with the
product are customer replaceable.
VIPRION V9.6 + Y
5.520,540 V9.2+ N
SSCP is on the 8800, 6400, 3400, and 1500 models. Both AOM
and SCCP are embedded linux systems.
==================================================
====
==================================================
==================================================
========.
==================================================
====
BIG-IP LTM Processing Traffic Technology | BIG-IP LTM
Processing Traffic
Combination
####################################################
####
Processing traffic
Network flow-packet #2
For the next initiated packet from either the same client or a
different client the same process occurs flow ever. Here we
show BIG-IP load balancing this next request to a different
pool member.
Network flow-packet #3
####################################################
####################################################
##########
Configuring Pools :
Click finished.
Click finished
Network Map
Statistics
Logs:
##################################
##################################
##################################
############
####################################################
####################################################
##########
1.Round robin
2.Ratio
1.least connections
2.fastest
3.observed
4.predictive
5.dynamic ratio
1.Round Robin:-
Server availability
2.Ratio:-
If one server that was much faster than the others. After
receiving the available load balancing methods to choose
Ratio method. Knowing it would allow BIG-IP to letter utilize
his more efficient server.
Remember that both ratio and Round robin are static load
balancing methods. This means that if a server with a higher
ratio is available, it will still receive more requests then the
other servers even if its performance is shown then the
others.
1.Least Connections :-
2.Fastest:-
3.Observed:-
4.Predictive:-
In this example server B and D are the ones with lower than
average connection counts and receive more requests.
Note:- The ratio numbers mentioned for observed and
predictive were used as explain the difference between these
two dynamic load balancing methods.
Take a look at this diagram. As you can see all six servers
are members of a single pool.
With priority group activation set to 2, and 3 of highest
priority member available, lower priority member are not
used.
BIG-IP LTM then adds all available members at the next lower
priority number atleast 2 are obtained. In this scenario load
balancing occurs as shown. If another priority 10 members
becomes available, BIG-IP no longer uses the priority 5
member.
You can set the ratio and priority for each pool member by
selecting each member and then configuring it, or you can
set there values when you initially create a pool.
Note that the ratio number within a pool is only relevant if the
selected load balancing method is ratio(member) not ratio
(node). If a load balancing method other than ratio(member)
is chosen such as round robin shown here, the ratio
numbers would be ignored.
If you choose a Ratio (node) load balancing method, you
must set the ratio within the node as opposed to within the
pool member.
##################################
##################################
##################################
###########
Module 4 - Monitors
####################################################
####################################################
#########
####################################################
####
Monitor Functionality
Types of monitoring:-
An address check only the tests the node and does not tell
BIG-IP any thing about how a service is performing i.e pool
members.
If there is no response from the node within the monitors set
timeout period, the node is marked unavailable. This will also
cause the pool member using this IP address to be marked
down.
Customizing a monitor
For example, many sites use the default HTTP monitor, but
because it does not check content, it would not generally be
recommended.
The reverse receive rule will mark the member down, when
the receive string response is found. This allows BIG-IP to
check for down conditions like the server error-404page.
Monitor Timers
.recommended : 3n+1
Associating a Monitor
Select the appropriate pool then the Member Tab, and then
the individual Pool Member that needs its own monitor
check.
With in the configuration Screen header, select advanced.
States
Status options
Module 5 - Profiles
Profile concepts
Persistence
SSL Termination
PTP Protocol
Lets say you have an HTTPS virtual server. The client traffic
to this server is encrypted from the client to the server. But
what if needs to examine some of the encrypted content?
And what if you want to offload the SSL encryption and
decryption work from your servers? These are the two
excellent reasons for using a clients profile and having BIG-
IP terminate the SSL session rather then the servers.
Because it contains accelerator hardware, BIG-IP can speed
up SSL processing. Terminating SSL session on BIG-IP also
allows the servers to speed their CPU cycles on serving up
the content rather than doing SSL encryption and decryption
work. Certificate management also becomes easier because
the administrator only need to install the SSL certificate at
one device(BIG-IP) rather then one each pool member.
Profile Dependencies
Some profile requires the presence of other profiles on the
virtual server. The OSI model provides a help full context for
explaining this requirement. The rule of thumb to remember
is if you are using a higher level profile in terms of the OSI
model, the lower level profiles are required for that virtual
server.
Protocol-Layer4 Profiles
The most commonly used protocol profiles are TCP, UDP and
Fast L4. you do not have worry about which one the choose
because BIG-IP automatically selects the appropriate one for
your situation.
Configuring profiles
Profile types
Service Profiles
Persistence Profiles
Protocol Profiles
SSL Profiles
Authentication Profiles
Other Profiles
Service Profiles:-Service profiles are layer7 oriented. Two
examples are HTTP and FTP.
Stored in / config/profile_base.conf
cannot be deleted.
Custom profiles
Stored in / config/bigip.conf
Creating Profiles
Use the Flyout menu to get to the group and specific type
and then click create.
If you dont use the Flyout menus be careful to select the
appropriate group and type of profile before clicking the
create button or you might create the wrong type.
Configuring Profiles
After creating the profile, from the new profile screen, enter
the profile name and if necessary select the appropriate type.
In this example we are creating a persistence profile and we
need to select the persistence type.
The parent profile field defaults to the template for that type,
but you can specify
Then you specify the value for each setting you are
changing. It is important to understand how these custom
values are treated. Setting that are not customized inherit the
same value as the parent. If the parent profile settings are
later changed, the child will dynamically receive that change
also.
Lets say you are creating a persistence profile and you are
customizing only the time out value later on, someone
changes the values for time out and mark in the parent
profile.
The time out value in your child profile would not change
(because you customize it)but the mask value would change
(because the child profile inherited its value from parent).
Note that if the custom check box is selected, that setting is
considered to be a static value even if it matches the default
value.
Persistence Profile
Introduction to Persistence: -
When an application maintains the client state, a persistent
session between the server and client must be maintained in
order to properly process client requests.
Session Data
Insert mode
Rewrite mode
Passive mode
Insert mode: -
Pool name
Pool member
Rewrite mode: -
Passive mode: -
Web server creates special cookie and
For cookie insert mode, the first time the client connects to
the virtual server the clients web browsers does not yet have
a cookie.
The member issue its HTTP reply to the client, again with no
BIG-IP cookie attached.
Next, select the Resources tab and select the name of your
cookie persistence profile from the Default Persistence
Profile drop down menu. Here we are using of the default
cookie persistence profile named cookie.
Administrative Status
3 Administrative States
Disabled State
lets look at the Disabled Administrative state and its impact
on the state of the pool and virtual server
Ex: -
Now two members have been disabled, but the pool and
virtual server are still marked available.
Even after the last member is disabled, the pool and virtual
server and virtual server are still marked available because
they will need to process client traffic for open existing
connections and supports new connections from client
matching existing persistence records.
Forced Offline State
Now lets load at the forced offline administrative state and its
impact on the state of pool and virtual server.
Ex:-
This results in the pool and virtual server still being marked
available.
SSL Termination
SSL Acceleration