Professional Documents
Culture Documents
Initial Setup
/config/bigip_base.conf
-Holds all information relevant to the basic
elements of the BigIP
Like: management IP, vlans, routes few more things
/etc/hosts.allow
-hosts which are allowed to use the local INET
services.
Such as services are SSH, snmp for the snmp devices
/config/BigDB.dat
-bigdb database holds a set of bigdb configuration
keys
-Keys define the behaviours of various aspects of the
BIG-IP system
Traffic Processing
Pools , Members & Nodes
Virtual Server
-Big-IP is default deny device, so listener (virtual) is must
-Virtual server gules everything together
-Typically virtual are associated with pool
-Before virtual server can load balance it should mapped to pool
-Big-IP translate the destination ip address from virtual server to
actual server
-Client see the pool servers as single server, hence the term Virtual
Server
Asymetric Routing Problem
Full Proxy Architecture
-It is basically Ratio load balancing but with Ratio assigned by Big-
IP
-Servers with connections lower than average will given ratio of 3
-Servers with connections higher than average will given ratio of 2
#b pool lab_Pool { lb method member observed }
Observed
>Connections status
-server B & C with Ratio 3
-Servers A & D with Ration 2
Predictive
-Predictive method is similar to Observed, but assigns more
aggressive value
#b pool lab_Pool { lb method member predictive }
Predictive
>Connections status
-server A & C with Ratio 1
-Servers B & D with Ration 4
Pool Member vs. Node
Load Balancing by:
>Node
-Total service for one IP Address
-Take all transactions for the IP address into account
#b node <ip_addr> { ratio <no.>/ session <enable/disable>}
>Pool Member
-IP Address & Service
-Take the decision based transactions happening on
the service port.
Priority Group Activation
Monitor
Monitor Functionality
Monitor Types
Configuring Monitor
Assigning Monitor
Status
Intro to monitor
Big-IP system can monitor the health of nodes &
member
Step 3: Customize
Step 4: Assign
- to pool/node/pool member
Step 5: Status
Types of monitoring
Address Check
-IP address node
Service Check
-IP:port
Content Check
-IP:port & check data returned
Interactive Check
-Interactive with servers
-Multiple commands and multiple response
Address Check
Example
System Custom
Profile
Profile Concept
Profile Configuration
Profile Concept
Contain settings that instruct how to pass the traffic
through virtual server
FTP
Profile Dependencies
Persistence Profiles
-cookie, dest_addr, source_addr, hash.
Protocol Profiles
-tcp, udp, fastL4
SSl Profiles
-client, server
Authentications Profiles
-RADIUS servers, CRLDP servers
Other Profiles
-OneConnect, NTLM, stream
Profile Configuration Concepts
Custom Profiles
-Stored in /config/bigip.conf
-Created from default profile
-Dynamic child & parent relationship
Services Profiles
Parent HTTP profiles Custom HTTP profile
profile http http {
basic auth realm none
oneconnect transformations enable
#b profile http pan_http_profile {
compress disable defaults from http_master
compress uri include none header insert "X-SSL: True"
compress uri exclude none fallback "http://foo.com/f.asp?u=[HTTP::host]"
compress prefer gzip
}
compress min size 1024
compress buffer size 4096
compress vary header enable #b profile http help ---for more option
.
.
.
ramcache max age 3600
ramcache min object size 500
ramcache max object size 50000
ramcache uri exclude none
ramcache uri include none
ramcache uri pinned none
ramcache ignore client cache control all
ramcache aging rate 9
ramcache insert age header enable
}
Chapter 6
Persistence
Persistence profile
Source Address Persistence
Cookie Persistence
Concept
What is the need of Persistence ?
Custom Profile
#b profile persist pan_cookie { mode cookie cookie mode rewrite cookie
name paa }
Parent Profile:
profile persist cookie {
mode cookie
mirror disable
timeout immediate
cookie mode insert
cookie name none
cookie expiration 0d 00:00:00
cookie hash offset 0
cookie hash length 0
rule none
}
Chapter 7
Bi-directional traffic
Dedicated IP Address
Virtual
Virtual
Forwarding (Layer 2)
Generally used when LTM is configured in a bridge mode (VLAN Groups)
Essentially just forwards packets at Layer 2
Forwarding (IP)
Used when LTM needs to forward or route packets
Can either just route them based on its IP routing table of load balance
multiple routers/firewalls etc
Performance (HTTP)
Used for very simple, very fast HTTP load balancing
Loose a number of features (see next slide)
Performance (Layer 4)
Used for general purpose fast load balancing of packets using the PVA ASIC
Loose a number of features depending on PVA Acceleration mode (see next
few slides)
Configuration of virtual
>Forwarding (IP)
#b virtual forward_vip { destination any:any ip forward }
>Forwarding (Layer 2)
#b virtual forward_vip { destination any:any l2 forward }
>Standard
b virtual accel_vip {
destination 10.118.10.12:https
ip protocol tcp
profile http_profile oneconnect_master www.foo.com tcp
persist simple_1800_profile
pool https_pool
}
Chapter 11
iRule
What is an iRule?
Simply add the line log xxx (where xxx is anything you
like) to any iRule, for example:
when HTTP_REQUEST {
log "Client [IP::remote_addr] has requested page
[HTTP::uri] from server [HTTP::host]."
}
Change directory: cd
Print working directory: pwd
List directory contents: ls
View file: more <filename>
Edit file: vi <filename>
Copy file: cp <source> <dest>
Delete file: rm <filename>
Useful vi commands
i to start inserting text where the cursor is
A to start inserting text at the end of the line
Esc exits the editing mode
dd delete entire line
x delete single character
Esc then : then w to write the file
Esc then : then q to quit vi
/ starts a search through the file
To run TCPDUMP from the CLI and save the output to a file
that can be opened in Ethereal/Wireshark use the following
command:
Example:
TIP: Use WinSCP to copy the file from the BIG-IP to your PC
Software Downloads
http://downloads.f5.com
Redundant Pair
High Availability
Failover Trigger
Failover Detection
Stateful Failover
MAC Masquerading
Failover Managers
Failover Mangers detects a failed process,
takes one of the several action restarting the
process, failing back to the standby, reboot the big-
ip
Watchdog
Performs hardware health checks
Overdog
Software to correct hardware failures
SOD
monitors the switch fabric and takes corrective action for
switch failures
All failover Managers update and monitor the high
Availability Table
High Availability Table
Update & Monitor by Failover Managers
Table Fields
-Feature Name
-Action on Failure
-Enabled
-Failed State
Command Line: b ha table show
HA Table
Failover Trigger
Processes (Daemons)
Switchboard
VLAN Failsafe
Gateway Failsafe
Failover Triggers - Daemans
VLAN Failsafe
Detects no network traffic Tries to generate traffic
Timeout reached Time Action; Standby becomes
active
Gateway Failsafe
Hardware Failover
Standby notices a loss of voltage, it Takes over the
active role
Network Failover
Heartbeat sent over network
No 50 foot (15.24 meter) limitation
Slower than Hardware Failover
Setting not synchronized between peers
If Both Hardware Failover & Network Failover are being
used..
Network Failover Settings
Network Communication
Stateful Failover
Types of Mirroring
Failover without MAC Masquerading
MAC Masquerading
MAC Masquerading
Thanks