Document created by Kalpesh Dalwadi

F5 BIGIP Configuration
F5 offers free training for the LTM module. You have to register
and create your account and using this account you can take the
online training classes.
https://f5.learn.com/learncenter.asp?

Configuration examples via iApp GUI:

Project example: Add new url tctssw.con-way.com with 80 &
443 services. The physical servers (pool members) will be
listneing on tcp/8080 for http request while for https request they
will listen on tcp/443. The physical servers in this example are
10.6.109.79 & 10.6.109.80
Implementation:
Step 1: Selecting correct partition on F5 where the URL
configuration will reside: After login to the correct F5, select the right
partition for the new url (There are different partitions on F5 based on
application types) : Click on Local traffic and then Pools. On the right hand
top you have Partition drop box where you can select correct partition where
the URL configuration should reside.
Note: LTM Refers to Local Traffic Manager This is the module in the iApp
GUI.

Step 2: Create Pool and add pool members (physical servers) in

the pool:
LTM -> POOLS -> + (there is a + sign by clicking which you can add
new configuration) - We will start with configuring the pool for
http://tctssw.con-way.com. The pool consist of physical server members and
their ports (which can be same or different then the url ports)
Configuration:
Name:

Advanced
p- prepod-tctssw.con-way.com-8080

Health Monitor:

eweb_lb_healthcheck

Note: Select health monitors from the Available box. You can also
create custom health monitors by selecting Monitors under Local
Traffic.
Availability Requirement:
Allow SNAT:
Yes

All (Health Monitors)

Note: SNAT option depends on how the F5 is setup:

1) Transparent mode- In this mode the server VLAN resides on the

LB and hence server will use LB as their gateway. The client source
address is forwarded by the F5 to the server as is. In this mode
both the URL access and a direct server access will be routed via the
F5. Default route for the servers will point to F5 gateway IP.
2) Proxy mode- In this mode LB uses SNAT to NAT the source IPs so
that the physical server sees the connection come in from the SNAT
IP pool configured on F5 and will not see the real client IP. F5
maintains the translations and will route the packets from clients to
the physical servers. In this case the server VLAN will not reside on
the F5, instead it will reside on the layer 3 switch. All the traffic
destined to the URL VIP will be directed to the F5, F5 will NAT the
source IP and will proxy the request to the physical servers. If a
connection is sent directly to the physical server from the client, the
packets will be routed by the layer 3 switch directly to the server
and not via the F5. F5 will have default pointing to the VIP subnet
gateway IP assigned to one of its physical interface connected to
layer 3 switch, while the routes to all the server subnets will point
to another physical interface IPed out of the SNAT Subnet. The
gateway on the servers will be their respective subnet network
address which will reside on the layer 3 switch.
Allow NAT:
Action On Service Down:

Yes
None

Slow Ramp Time:

10 seconds

IP ToS to Client:

Pass Through

IP ToS to Server:

Pass Through

Link QoS to Client:

Pass Through

Link QoS to Server:

Pass Through

Reselect Tries:

0 (zero)

Click on Update box to save the Pool configuration.

Now we need to add the physical servers as Pool members under
the newly created pool. Click on Members as show in below image.

Under Load balancing:

Load Balancing Method:

Least Connections (members)

Note: There are different types pf LB algorithms supported by F5.

Ask the application team/requestor of the project on what algorithm
they want to use.
Note: Difference between a node and a member is node is just
referred to as an IP, while member refers to IP & a service port.
Priority Group Activation: Disabled

Then click on Add to add physical members.

Under New Pool Members
Address:

New Address

Note: Select New Address if you dont have the physical server
added under Nodes (under LTM). Select Node list if the Node exist
already.
Service Port:

8080

Under Configuration:
Ratio:

Priority Group: 0
Connection limit:

Health Monitors:

Inherit From pool

Select Monitor: We have already configured health monitor for the

Pool so the same will be applicable to the members in the pool.
Click on Update to save.

Step 3: Create virtual server (URL) and assign the pool to the
virtual server
Note: VS Referred to as Virtual Server
LTM -> VIRTUAL SERVERS -> + (create)
Under General Properties:
Name:

vs- prepod-tctssw.con-way.com-80

Destination:

Type: Host

Address: 10.6.111.130 (this is the virtual IP for the URL if

new URL you need to assign the IP from the VIP pool depending on the F5
environment for e.g. test/dev/prod etc and need to register the URL in
DNS)
Service Port:

80 (HTTP)

State:

Enabled

Under Configuration (Select Advanced)

Type:

Standard

Protocol:

TCP

Protocol Profile (client):

TCP

Protocol Profile (Server):

Use client Profile

OneConnect Profile :

None

NTLM Conn Pool:

None

HTTP Profile :

http-eweb

Note: This is a custom HTTP profile which can be created under Local
Traffic Profiles HTTP
FTP Profile:

None

Stream Profile:

None

SSL Profile (client):

None

SSL Profile (server):

None

Authentication Profiles:

None

RTSP Profile:

None

Diameter Profile:

None

SIP Profile:

None

Statistics Profile:

None

VLAN and Tunnel Traffic:

SNAT Pool:

All VLANs and Tunnels

Auto Map

Traffic Class:

None

Connection Limit:

0 (zero meaning no limit)

Connection Mirroring:

Do not check this box

Address Translation:

Enabled

Port Translation:

Enabled

Source Port:

Preserve

Clone Pool (Client):

None

Clone Pool (Server):

None

Last Hop Pool:

None

Click on Update to save.

Now click on resource at the top as shown in the below picture

Under Load Balancing:

Default Pool:

p- prepod-tctssw.con-way.com-8080

Default Persistence Profile: None

Fallback Persistence Profile: None
Click on update to save.
Note: If you have to assign existing iRule to the VS (iRule is a custom
script written in TCL which provides different type of manipulation,
responses for a given URL request that comes to the F5 LB.) the click on
Manage Under Resource Management select the iRule you want to
assign from the Available box and click on finish.

In the same way if you want to assign HTTP Class Profile to the VS (Virtual
server = URL)

Understanding iRule
An iRule is a powerful and flexible feature of BIG-IP devices based on F5's
exclusive TMOS architecture. iRules provide you with unprecedented control
to directly manipulate and manage any IP application traffic. iRules utilizes
an easy to learn scripting syntax and enables you to customize how you
intercept, inspect, transform, and direct inbound or outbound application
traffic.

An iRule consists of one or more event declarations, each containing TCL

code that is executed when that event occurs.
To further understand the iRules and how they work, please refer the below
link.
https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/a
rticleId/122/iRules-101--01--Introduction-to-iRules.aspx
To learn more about TCL language operators and commands refer the below
link.
http://tmml.sourceforge.net/doc/tcl/index.html
Note: Curl and bigpipe commands are very helpful in troubleshooting F5
issues from CLI (ssh to the F5 and login via root user)