Professional Documents
Culture Documents
F5 BIGIP Configuration
F5 offers free training for the LTM module. You have to register
and create your account and using this account you can take the
online training classes.
https://f5.learn.com/learncenter.asp?
Advanced
p- prepod-tctssw.con-way.com-8080
Health Monitor:
eweb_lb_healthcheck
Note: Select health monitors from the Available box. You can also
create custom health monitors by selecting Monitors under Local
Traffic.
Availability Requirement:
Allow SNAT:
Yes
LB and hence server will use LB as their gateway. The client source
address is forwarded by the F5 to the server as is. In this mode
both the URL access and a direct server access will be routed via the
F5. Default route for the servers will point to F5 gateway IP.
2) Proxy mode- In this mode LB uses SNAT to NAT the source IPs so
that the physical server sees the connection come in from the SNAT
IP pool configured on F5 and will not see the real client IP. F5
maintains the translations and will route the packets from clients to
the physical servers. In this case the server VLAN will not reside on
the F5, instead it will reside on the layer 3 switch. All the traffic
destined to the URL VIP will be directed to the F5, F5 will NAT the
source IP and will proxy the request to the physical servers. If a
connection is sent directly to the physical server from the client, the
packets will be routed by the layer 3 switch directly to the server
and not via the F5. F5 will have default pointing to the VIP subnet
gateway IP assigned to one of its physical interface connected to
layer 3 switch, while the routes to all the server subnets will point
to another physical interface IPed out of the SNAT Subnet. The
gateway on the servers will be their respective subnet network
address which will reside on the layer 3 switch.
Allow NAT:
Action On Service Down:
Yes
None
10 seconds
IP ToS to Client:
Pass Through
IP ToS to Server:
Pass Through
Pass Through
Pass Through
Reselect Tries:
0 (zero)
New Address
Note: Select New Address if you dont have the physical server
added under Nodes (under LTM). Select Node list if the Node exist
already.
Service Port:
8080
Under Configuration:
Ratio:
Priority Group: 0
Connection limit:
Health Monitors:
Step 3: Create virtual server (URL) and assign the pool to the
virtual server
Note: VS Referred to as Virtual Server
LTM -> VIRTUAL SERVERS -> + (create)
Under General Properties:
Name:
vs- prepod-tctssw.con-way.com-80
Destination:
Type: Host
80 (HTTP)
State:
Enabled
Standard
Protocol:
TCP
TCP
OneConnect Profile :
None
None
HTTP Profile :
http-eweb
Note: This is a custom HTTP profile which can be created under Local
Traffic Profiles HTTP
FTP Profile:
None
Stream Profile:
None
None
None
Authentication Profiles:
None
RTSP Profile:
None
Diameter Profile:
None
SIP Profile:
None
Statistics Profile:
None
Auto Map
Traffic Class:
None
Connection Limit:
Connection Mirroring:
Address Translation:
Enabled
Port Translation:
Enabled
Source Port:
Preserve
None
None
None
p- prepod-tctssw.con-way.com-8080
In the same way if you want to assign HTTP Class Profile to the VS (Virtual
server = URL)
Understanding iRule
An iRule is a powerful and flexible feature of BIG-IP devices based on F5's
exclusive TMOS architecture. iRules provide you with unprecedented control
to directly manipulate and manage any IP application traffic. iRules utilizes
an easy to learn scripting syntax and enables you to customize how you
intercept, inspect, transform, and direct inbound or outbound application
traffic.