Professional Documents
Culture Documents
Porduct licences
user accounts/passwords
DNS zone files & ZoneRunner config
SSL certificates and keys
Rolling archives, config before apply a new config
cs_backup.ucs
cs_backup_rotate.ucs
Allow check issues,defects,best practises
https://ihealth.f5.com
Necessary to generate QKView File
BIG-IP Part 2 Application Delivery
Virtual Server (VIP)
http_pool pool of servers
A Full-Proxy Architecture
Separate client and server connections
CLIENT SYN->SYN_ACK->ACK VIRTUAL SERVER
CLIENT HTTP_GET
SYN->SYN_ACK->ACK and HTTP_GET (to the real server)
HTTP_RESPONSE (from real server to the client)
Load Balacing Methods
Homogeneous pool
Non-Homogeneous pool - diferent servers with diferent capacity
Methods:
Static:predefined distribution pattern
Dynamic:Observes run-time environment
adjust distribution pattern "on the fly"
Failure mechanisms:
Priority Based Memeber Activation
Fallback Host
The ratio 3 receives 3 more requests than a Ratio 1
Ratio (member) and Ratio (node)
Ratio 1
Ratio 2
Ratio 3
Priority-Based Member activation
pool Ratio (member)
Priority group
Priority group activation
Thinking in 3 Priority Groups, with ratio 3 3 1
Specifying the Priority Group Activaiton < 2 means the group with less priority
will be used only if one of the group fails
****Module 3 Directing Traffic with iRules*****
A few events in iRules:
CLIENT_ACCEPTED
SERVER_CONNECTED
SERVER_DATA
iRules Construct
OPerators - == < > starts_with contains ends_with
Functions - findstr getfield substr
Statements - if,switch,log,pool
Commands - HTTP::uri HTTP::header AES::encrypt SIP::call_id
https://devcentral.f5.com/login?returnurl=%2fwiki%2firules.homepage.ashx
https://devcentral.f5.com/d/tag/irules%20editor
iRules Syntax
when CLIENT_ACCEPTED {
if {[[IP::remote_address] starts_with "10."]} {
pool ten_pool
} else {
pool customer_pool
}
}
iRule based on a Header
when HTTP_REQUEST {
switch [string tolower [substr [string trimleft [HTTP::header AcceptLanguage]] 0 2]] {
"fr" { pool http_fr_pool}
"jp" { pool http_jp_pool}
default { pool http_pool}
}
}
To apply a iRule the virtual server requires a HTTP Profile as http, after config the
profile go to resources and applu the irule created before
****Module 4 Accelerating Traffic****
Leveraging OneConnect
Once a client connected the BIG-IP keep a Connection reuse pool to use from the
same client or other clients to connect to the same server with a opened connection
Option under Local Traffic->Profiles:Services:HTTP
Source Mask - determines eligibility for reusing and open/idle connection, the
value 0.0.0.0 means all clients can reuse the same connection. And
255.255.255.255 only the same client is able to reuse the connection opened
Maximum Size - Max conns held in Connection reuse pool, if the maximum is
reached, the BIG-IP system will close a server-side connection after the response is
received
Maximum Age - Max time a conneciton can stay open AND idle
Maximum reuse - maximum number of times a connection can be reused
****Getting Started with BIG-IP Access Policy Manager (APM)****
What is a BIG-IP APM
Remote Access Solution
Network Access - SSL VN
Portal Access - reverse Proxy Web Applications
Applications Access - Single Application Tunnel including Remote Desktop
Policy Enforcement Point
Authentication and Authorization
Endpoint Inspection
Access Control Lists
Dynamic Resource Assignment (per-User or Group Basis)
Single Sign-on (include OAM, Kerberos and SAML)
Policy enforcement on LTM using APM
Profiles required to implement APM: TCP, ClientSSL,HTTP,ServerSSL,Access
Looks like a Flow chart configuring a APM
Config FullWebTop
Config
-----------------------------------------------------------------------------------------HTTP Basics
Status Codes
100 - Informational
200 - Success
300 - Redirection (301 Moved Permanently)
400 - Client Errors (400 Bad requests, 401 Not Authorized, 402 Not found)
500 - Server Errors (500 Internal Server Error, 505 HTTP Version Unsupported)
Response Headers
Server and Content Format Information
Age
ETag
Location
Server
Entity Headers
Content information
Content-Length
Content-Encoding
Content-Type
Last-Modified
Process Examples
Caching
Content Transfer Completion
Caching
Caching Models:
Expiration->Reduces Requests
Validation->Reduces content transfer
Cache Expiration
Reduces Requests
Example:
Expires Tues 13 Feb 2007 13:00:00 GMT
Cache-Control:max-age 3600
Cache Validation
Reduces Content Transfer
304 Not-Modified Status Codes
Example:
Etag and If-None-Match
Last-Modified and If-Modified-Since
When client receives 304 code use the object in local cache