You are on page 1of 193

F5 Virtual Environment

LTM Fundamentals Exercise Guide

Document version 13.0.K


Written for: TMOS® Architecture v13.0
VMware Workstation 10.0.0 or VMware Fusion 6.0.3
Virtual images:
BIGIP-13.0.0.0.0.1645.ALL-scsi.ova
LAMP_v4
Windows_7_External
vLab download Files
Latest Partner_vLab_Package

NOTE: The F5 vLab (virtual lab environment) is an F5-community supported tool.


Please DO NOT contact F5 Support for assistance with the vLab. For help with the setup of the vLab
or running a demonstration, you should contact your F5 Channel Account Manager (CAM).

F5 Worldwide Field Enablement Last Updated: 10/6/2017


Learn More, Sell More, Sell Faster
©2017 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in
certain other countries. Other F5 trademarks are identified at f5.com.

Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or
affiliation, express or implied, claimed by F5.

These training materials and documentation are F5 Confidential Information and are subject to the F5 Networks Reseller Agreement. You
may not share these training materials and documentation with any third party without the express written permission of F5.

The F5 vLab (virtual lab environment) is an F5-community supported tool. Please DO NOT contact F5 Support for assistance with the vLab.
For help with the setup of the vLab or running a demonstration, you should contact your F5 Channel Account Manager (CAM).
Table of Contents

Introduction .................................................................................................................................................. 6

Module 1 Exercises – Initial Installation ....................................................................................................... 8


Windows Exercise 1.1 – VMware Workstation Configuration ................................................................. 8
Windows Exercise 1.2 – Initial BIG-IP Configuration .............................................................................. 16
Windows Exercise 1.3 – User Access and System Preferences .............................................................. 24
Mac Exercise 1.1 – VMware Fusion Configuration ................................................................................. 28
Mac Exercise 1.2 – Initial BIG-IP Configuration ...................................................................................... 36
Mac Exercise 1.3 – User Access and System Preferences ...................................................................... 45

Module 2 Exercises – Processing Traffic..................................................................................................... 49


Exercise 2.1 – Create an HTTP Pool and Virtual Server .......................................................................... 49
Exercise 2.2 – Using the Network Map .................................................................................................. 54

Module 3 Exercises – Virtual Servers ......................................................................................................... 57


Exercise 3.1 – Virtual Server Priority ...................................................................................................... 57
Exercise 3.2 – Forwarding and Reject Virtual Servers ............................................................................ 60

Module 4 Exercises – Pools ........................................................................................................................ 63


Exercise 4.1 – Install JMeter for Web Load Testing ............................................................................... 63
Exercise 4.2 – Create a Web Load Test................................................................................................... 65
Exercise 4.3 –Load Balancing Methods .................................................................................................. 67
Exercise 4.4 –Priority Group Activation.................................................................................................. 69

Module 5 Exercises – Monitors .................................................................................................................. 71


Exercise 5.1 – Using Monitors with Nodes ............................................................................................. 71
Exercise 5.2 – Using Monitors with Pools .............................................................................................. 73
Exercise 5.3 – Using an Inband Monitor................................................................................................. 78
Exercise 5.4 – Using Manual Resume ..................................................................................................... 80

Module 6 Exercises – Using Profiles ........................................................................................................... 83


Exercise 6.1 – Using an HTTP Profile ...................................................................................................... 83
Exercise 6.2 – Using a Stream Profile ..................................................................................................... 86

Module 7 Exercises – Performance Profiles ............................................................................................... 89


Exercise 7 – Using Compression and Acceleration ................................................................................. 89
Module 8 Exercises – Persistence Profiles ................................................................................................. 97
Exercise 8.1 – Using Source Address Persistence................................................................................... 97
Exercise 8.2 – Using Cookie Persistence............................................................................................... 100
Exercise 8.3 – View Persistence with Disabled and Offline Pool Members ......................................... 101
Exercise 8.4 – Using Match Across Virtual Servers .............................................................................. 103

Module 9 Exercises – SSL Termination ..................................................................................................... 107


Exercise 9.1 – Supporting SSL Traffic .................................................................................................... 107
Exercise 9.2 – Enabling SSL Offload ...................................................................................................... 112

Module 10 Exercises – NATs and SNATs .................................................................................................. 117


Exercise 10.1 – Using a NAT ................................................................................................................. 117
Exercise 10.2 – Using SNATs ................................................................................................................. 120

Module 11 Exercises – iRules ................................................................................................................... 125


Exercise 11.1 – Setting Up iRule Development .................................................................................... 125
Exercise 11.2 – Using iRule Events ....................................................................................................... 131
Exercise 11.3 – Using Variables ............................................................................................................ 135
Exercise 11.4 – Using TCL and iRules Commands................................................................................. 137
Exercise 11.5 – Using Conditional Statements ..................................................................................... 142
Exercise 11.6 – Working with Lists ....................................................................................................... 150
Exercise 11.7 – Using iRules Best Practices .......................................................................................... 155

Module 12 Exercises – iApps .................................................................................................................... 157


Exercise 12.1 – Working with iApp Application Services ..................................................................... 157
Exercise 12.2 – Working with iApp Templates ..................................................................................... 165

Final Project .............................................................................................................................................. 169


Exercise 13 – Reconfigure the BIG-IP System ....................................................................................... 169

Appendices ............................................................................................................................................... 175


Appendix A – Exercise Question and Answer Key ................................................................................ 175
Appendix B – Virtual Environment Diagram ........................................................................................ 193
Introduction

Introduction
Welcome to the F5 LTM Fundamentals Exercise Guide.

This guide provides hands-on experience with F5 BIG-IP® Local Traffic Manager™ (LTM).
You can use these exercises and the virtual environment (vLab) – this includes VMware Workstation or
VMware Fusion and BIG-IP® Virtual Edition (VE) – as a learning tool or to give customer demonstrations.

Note, this guide is written for the following product and vLab version:
• TMOS architecture v13.0.0
• VMware Workstation 10.0.0 or VMware Fusion 6.0.3
• Virtual images:
 BIGIP 13.0.0.0.0.1645.ALL-scsi-ova
 LAMP v4
 Windows 7 External

The F5 vLab (virtual lab environment) is an F5-community supported tool. Please DO NOT contact F5 Support
for assistance with the vLab. For help with the setup of the vLab or running a demonstration, you should
contact your F5 Channel Account Manager (CAM).

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 6


Introduction

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 7


Windows Exercise 1.1 – VMware Workstation Configuration

Module 1 Exercises – Initial Installation


For Microsoft Windows users, complete exercise Windows 1.1 – Windows 1.3
For Mac users, complete exercises Mac 1.1 – Mac 1.3.

Windows Exercise 1.1 – VMware Workstation


Configuration
These steps guide you through download and installing VMware Workstation, installing and configuring the
VMware Workstation environment, downloading and installing the VMware images used in the environment,
and making some required manual changes to the LAMP back-end server images.
• Use a Windows environment with this setup guide.
• Estimated completion time: 20 minutes

WINDOWS Task 1 – Install VMware Workstation and Install the Trial License
You can skip this step if you already have VMware Workstation 10, 11, or 12 installed on your laptop. If not,
download and install VMware Workstation 12.

 Open a new Web browser and access http://www.vmware.com/products/workstation/overview.html.


 Download and install the trial version of VMware Workstation 12.

→NOTE: These exercises are tested for VMware Workstation version 10. There may be issues
with previous versions.

You need to purchase a VMware Workstation license; however, you have 30 days to
use the trial version.

WINDOWS Task 2 – Set Up the VMware Network Environment


You will configure three VMware networks. VMnet1 acts as the Out of Band Management network for accessing
the BIG-IP Configuration Utility. VMnet2 acts as the external network for users accessing virtual servers. VMnet3
acts as the internal VLAN where the back-end web servers are located.

 Launch VMware Workstation, and then select Edit > Virtual Network Editor.

 Remove any existing VMnet Networks except for VMnet0.


 Click the Add Network button, and add VMnet1, VMnet2 and VMnet3.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 8


Windows Exercise 1.1 – VMware Workstation Configuration
 Select VMnet1, and configure as follows:
o Select the Host-only (connect VMs internally in a private network) option.
o Select the Connect a host virtual adapter to this network checkbox.
o Leave the Use local DHCP service to distribute IP address to VMs checkbox selected.
o In the Subnet IP field enter 10.1.1.0,
o In the Subnet mask field enter 255.255.255.0.

→NOTE: You will use this network to access the BIG-IP management interface.

This configures your local workstation with a VMware Network Adapter VMnet1 IP address within the
10.1.1.0 network.
 Select VMnet2 and configure as follows:
o Select the NAT (shared host’s IP address with VMs) option.
o Select the Connect a host virtual adapter to this network checkbox.
o Leave the Use local DHCP service to distribute IP address to VMs checkbox selected.
o In the Subnet IP field enter 10.1.10.0.
o In the Subnet mask field enter 255.255.255.0.
o Click the NAT Settings button.
o In the Gateway IP field enter 10.1.10.2, and then click OK.

→NOTE: These NAT settings enable the BIG-IP system reach the Internet through your
workstation’s network adapter.

This configures your local workstation with a VMware Network Adapter VMnet 2 IP address within
the 10.1.10.0 network.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 9


Windows Exercise 1.1 – VMware Workstation Configuration
 Select VMnet3, and configure as follows:
o Select the Host-only (connect VMs internally in a private network) option.
o Clear the Connect a host virtual adapter to this network checkbox.
o Clear the Use local DHCP service to distribute IP address to VMs checkbox.
o In the Subnet IP field enter 10.1.20.0.
o In the Subnet mask field enter 255.255.255.0.

→NOTE: Ensure that the “Connect a host virtual adapter to this network” checkbox is cleared.
This prevents your local PC from having direct access to the internal network.

 Click OK.
Your local workstation should not receive a VMware Network Adapter VMnet3 IP address.
 Open a command prompt and type:
ipconfig

 Use the table below to note the IP addresses for your VMnet adapters.
Adapter IPv4 Address
VMnet1
VMnet2

 Close the command prompt.

WINDOWS Task 3 – Download the Virtual Images


Download the BIG-IP image file to your local workstation, and then download and unzip the VMware back-end
server images and other vLab files.

 Access and log in to the F5 product download page at https://downloads.f5.com/esd/productlines.jsp.


 Click BIG-IP v13 x / Virtual Edition, and ensure that 13.0.0 is selected in the product version list box.
 Click Virtual-Edition, and then accept the license agreement.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 10


Windows Exercise 1.1 – VMware Workstation Configuration
 Click BIGIP-13.0.0.0.0.1645.ALL-scsi.ova.

 Click the best download link for your location.


 Save the file to a directory on your local workstation.

→NOTE: Ensure the location of this directory has at least 6GB of free disk space.

 Access the F5 product download page again.


 Click Virtual Lab Environment (vLab).

 Ensure that 4.0 is selected in the version list box.


 Click vLab_files, and then accept the software terms and conditions.
 Download the following files:
o The most current Partners_vLab_Package.zip file
o LAMP_v4.zip
o Windows_7_External.zip

→NOTE: You can use the Windows 7 image instead of your own workstation to prevent
installing agents on your own workstation. In addition, all browsers and utilities
needed for hands-on exercises or customer demonstrations have already been
configured on this image. In order to use the Windows 7 image it is expected that you
have a valid Microsoft license key.

 Unzip each downloaded file in the local directory you created earlier in this task.

WINDOWS Task 4 – Open the BIG-IP system VMware Image


Use VMware Workstation to open the BIG-IP VE image file.

 In VMware Workstation, go to File > Open.


 Navigate to the location where you saved the BIG-IP image file, then select the
BIGIP-13.0.0.0.0.1645.ALL-scsi.ova image file, and then click Open.
 Name the new virtual machine BIGIP-13.0_LTMFund

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 11


Windows Exercise 1.1 – VMware Workstation Configuration
 Enter or browse to a location with at least 4 GB of free disk space and click Import.

 Click the Accept button.


It will take a few minutes for the BIG-IP VE image to import.
 After the import completes, select BIGIP-12.0_LTMFund from the Library menu, and then
click Edit virtual machine settings.

 Adjust the Memory as follows:


o If your system has 8GB to 12GB of RAM, set the Memory to 4096 MB.
o If your system has 16GB of RAM or more, set the Memory to 8192 MB.
 Select Hard Disk (SCSI), and then on the right-side of the window go to Utilities > Expand.
 ONLY IF the current value is less than 80, set the Maximum disk size (GB) to 80, and then click Expand.

 Select Hard Disk 2 (SCSI), and then on the right-side of the window go to Utilities > Expand.
 ONLY IF the current value is less than 20, set the Maximum disk size (GB) to 20, and then click Expand.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 12


Windows Exercise 1.1 – VMware Workstation Configuration
 Map the network adapters to the appropriate VMware networks using the following table:
Device Network connection Use
Network Adapter Custom: VMnet1 (Host-only) Used for the management port IP address
Network Adapter 2 Custom:VMnet2 (NAT) Used for the external self IP address
Network Adapter 3 Custom: VMnet3 Used for the internal self IP address
Network Adapter 4 Bridged (Automatic) Not used; clear the Connect at power on
checkbox

 Click OK.

WINDOWS Task 5 – Open the LAMP VMware Image


Use VMware Workstation to open the LAMP image.

 In VMware Workstation, go to File > Open.


 Select the LAMP_v4.vmx image file, and then click Open.
 In the VMware Workstation dialog box, click Take Ownership.

 Select LAMP_v4 from the Library menu, and then click Edit virtual machine settings.
 Map the network adapters to the appropriate VMware networks using the following table:
Device Network connection Use
Network Adapter Custom: Used for direct access from your host workstation
VMnet1 (Host-only)
Network Adapter 2 Bridged (Automatic) Not used; clear the Connect at power on checkbox
Network Adapter 3 Custom: VMnet3 Used to communicate within the internal VLAN
Network Adapter 4 Bridged (Automatic) Not used; clear the Connect at power on checkbox

 Click OK.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 13


Windows Exercise 1.1 – VMware Workstation Configuration

WINDOWS Task 6 – Edit the Settings of the LAMP Image


The LAMP_v4 image requires manual network configuration changes.

 Select LAMP_v4 from the Library menu, and then click Power on this virtual machine.
 If prompted, click “I copied it”.
 After the image powers on, within the VMware window on the LAMP desktop, leave the Xubuntu user
account selected and click Log in.
 Click the Applications Menu icon on the top-left of the screen and go to Settings > Settings Manager.

 In the Hardware section, click Network Connections.


 Select Wired connection 1, and then click Edit.
 From the Device MAC address list select the MAC address for eth0.

 Click Save, and then repeat these steps for the following:
o Wired connection 2  eth1
o Wired connection 3  eth2
o Wired connection 4  eth3
 Delete Wired connection 5 – Wired connection 8.

→NOTE: The wired connection entries will not be removed from the Network Connections list
until you reboot the image.

 Close the Network Connections and Settings dialog boxes.


 In the VMware library, power off the LAMP_v4 image.
 Right-click LAMP_v4 in the Library menu and select Snapshot > Take Snapshot.
 Name the snapshot LAMP_v4_Clean, and then click Take Snapshot.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 14


Windows Exercise 1.1 – VMware Workstation Configuration

WINDOWS Task 7 – Open the Windows_7 Image


Use VMware Workstation to open the Windows 7 image.

 Select File > Open.


 Select the Windows_7.vmx image file, and then click Open.
 Click Take Ownership.
 Click Edit virtual machine settings.
 Map the network adapter to the appropriate VMware networks using the following table:
Device Network connection Use
Network Adapter Custom: VMnet2 (Host-only) Used to communicate within the external
VLAN

 Right-click Windows_7 in the Library bar and select Snapshot > Take Snapshot.
 Name the snapshot Windows_7_Clean, and then click Take Snapshot.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 15


Windows Exercise 1.2 – Initial BIG-IP Configuration

Windows Exercise 1.2 – Initial BIG-IP Configuration


In this exercise you will configure the BIG-IP management interface, you’ll use TMSH to create a VLAN and a
self IP address, and you’ll request and install a BIG-IP VE license key.
• Your workstation needs Internet access to complete the licensing portion of this exercise.
• Required virtual images: BIGIP-13.0_LTMFund
• Estimated completion time: 25 minutes

WINDOWS Task 1A –Configure your System BIOS if needed


Complete this task ONLY if you receive the incompatibility message below regarding 64-bit operation.

 Launch VMware Workstation.


 Click BIGIP-13.0_LTMFund from the Library menu, and then click Power on this virtual machine

→NOTE: If you do receive the incompatibility message regarding 64-bit operation below, then
continue, otherwise skip to WINDOWS Task 1B.

This is an issue with the Intel virtualization. To resolve it, you must reconfigure your system BIOS
 Access your system BIOS. To find the disabled virtualization features, perform the following, depending
on the model of your devices:
o Go to Configuration, and then enable Intel Virtual Technology.
o Go to Security > Virtualization, and then enable Intel (R) Virtualization Technology and Intel (R)
VT-d Feature.
 Press F10 to save and exit the system BIOS. The system reboots and you can proceed.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 16


Windows Exercise 1.2 – Initial BIG-IP Configuration

WINDOWS Task 1B –Configure BIG-IP Management Interface Settings


Start up the BIG-IP VE image, configure the management interface settings, and then use TMSH to create the
external VLAN, self IP address, and default gateway route.

 Launch VMware Workstation.


 Click BIGIP-13.0_LTMFund from the Library menu, and then click Power on this virtual machine

 After the BIG-IP system has powered on, you are presented with the localhost login screen.

 Log in to the BIG-IP system using the following credentials:


localhost login: root
Password: default
 At the CLI prompt, type:
config

→NOTE: The following must be completed using your keyboard only.

 Press the Enter key to activate the OK option.


 Use the Tab key to activate the No option, and then press the Enter key.
 Edit the IP Address to 10.1.1.245, then press the Tab key to activate the OK option, and then press
the Enter key.
 Ensure that the Netmask is 255.255.255.0, press the Tab key to activate the OK option, and then press
the Enter key.
 Press the Enter key to activate the Yes option to create a default route for the management port.
 Edit the Management Route to 10.1.1.1, then press the Tab key to activate the OK option, and then
press the Enter key.
 Press the Enter key to activate the Yes option to accept the settings.

WINDOWS Task 2 – Generate a BIG-IP VE License Key


Request BIG-IP trial licenses from F5.com.

 Use a new tab to access https://f5.com/products/trials/product-trials.


 Under Download a Free Trial Now click Start your trial.

→NOTE: You can generate up to 9 BIG-IP trial licenses each year. Each license is good for 90
days. However, you are only able to submit a request 3 times each year. Therefore, it
is recommended that each time you request a trial license you request the maximum
of 3 licenses per request.

 Click Generate Registration Key.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 17


Windows Exercise 1.2 – Initial BIG-IP Configuration
 On the next screen, answer the first two questions.
 We recommend you request 3 license keys.
 Enter the correct CAPTCHA challenge and then click Request license keys.
You will receive an email with 3 BIG-IP trial licenses and 1 BIG-IQ trial license.

WINDOWS Task 3 – Activate the BIG-IP License


Access the management port of the BIG-IP system using a web browser, and then use the manual licensing
method with the registration key emailed to you to activate the BIG-IP system.

 Open a web browser and access https://10.1.1.245.


 Proceed with the untrusted security certificate.
 Log in to the BIG-IP system using the following credentials:
Username: admin
Password: admin
The BIG-IP system does not yet have a license.
 On the Welcome page click Next.
 On the License page click Activate.
 Open the email from F5 Networks with your Evaluation Registration Key and copy the
Registration Key text.
 In the Setup Utility, in the Base Registration Key field, paste the registration key text.
 For Activation Method, select Manual, and then click Next.

 Select and copy all the dossier text to your clipboard. (NOTE: Use Ctrl + A and then Ctrl + C.)
 Select Click here to access F5 Licensing Server.
 On the Activate F5 Product page, paste the dossier text in the field, and then click Next.
 Select to accept the legal agreement, and then click Next.
 Select and copy all the license key text to your clipboard (NOTE: Use Ctrl + A and then Ctrl + C.),
and then close the Activate F5 Product page.
 On the Setup Utility > License page, paste the license key text into the Step 3: License field, and then
click Next.
The BIG-IP system configuration updates. This takes several seconds.
 After the configuration changes complete, log in to the BIG-IP system.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 18


Windows Exercise 1.2 – Initial BIG-IP Configuration

WINDOWS Task 4 – Complete the Setup Utility


Complete the remaining steps of the Setup Utility.

 On the Resource Provisioning page, ensure only Local Traffic (LTM) is set to Nominal and click Next.
 On the Device Certificate page click Next.
 On the Platform page, configure these settings using the following information, and then click Next.
Host Name bigipA.f5demo.com
Root Account (Password and Confirm) Default
Admin Account (Password and Confirm) Admin

You are prompted to log out and log back in to the BIG-IP system.
 Click OK, and then log back in to the BIG-IP system.
 Under Standard Network Configuration click Next.
 On the Redundant Device Wizard Options page leave the default settings and click Next.

 In the Internal Network Configuration and Internal VLAN Configuration sections, configure the settings
using the following information, and then click Next.
Self IP: Address 10.1.20.241
Self IP: Netmask 255.255.255.0
Self IP: Port Lockdown Allow Default
Floating IP: Address 10.1.20.240
Floating IP: Port Lockdown Allow Default
Interfaces 1.2 (untagged)

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 19


Windows Exercise 1.2 – Initial BIG-IP Configuration
 In the External Network Configuration and External VLAN Configuration sections, configure the settings
using the following information, and then click Next.
External VLAN Create VLAN external
Self IP: Address 10.1.10.241
Self IP: Netmask 255.255.255.0
Self IP: Port Lockdown Allow 443
Default Gateway 10.1.10.2
Floating IP: Address 10.1.10.240
Floating IP: Port Lockdown Allow 443
VLAN Interfaces 1.1 (untagged)

 On the High Availability Network Configuration page, configure the highlighted settings using the
following information, and then click Next.
High Availability VLAN Select existing VLAN
Select VLAN internal
Self IP: Address 10.1.20.241
Self IP: Netmask 255.255.255.0
VLAN Interfaces 1.2 (untagged)

 On the Network Time Protocol Configuration page, enter10.1.20.252, then click Add, and then
click Next.
 On the Domain Name Server Configuration page, enter 4.2.2.2 and then click Add.
 If listed, select the 10.1.1.1 entry, then click Delete, and then click Next.
 On the ConfigSync Configuration page, leave 10.1.20.241 (internal) selected and click Next.
 On the Failover Unicast Configuration page, leave the default settings and click Next.
 On the Mirroring Configuration page, leave the default settings and click Next.
 On the Active/Standby Pair page, under Advanced Device Management Configuration click Finished.

You are presented with the BIG-IP Web Configuration Utility.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 20


Windows Exercise 1.2 – Initial BIG-IP Configuration
 To find manuals and product information, click the User Documentation link to go to AskF5.com.
The AskF5 knowledge base web site displays. You can use this site to view knowledge base articles and
download product manuals.
 Close the Ask F5 tab.
 Click the Run the Setup Utility link.
You can run the Setup Utility at any time. However, you can also make changes manually using the
Network option on the left navigation menu.

WINDOWS Task 5 – Review Configuration Objects


Use the Configuration Utility to view the TMOS objects created with the Setup Utility.

 Open the Network > VLANs > VLANs List page.


The Setup Utility created two VLANs: external and internal.
 Open the Network > Self IPs page.
The Setup Utility created four self IP addresses:

Self IP Address VLAN


10.1.10.241 external
10.1.10.240 external
10.1.20.241 internal
10.1.20.240 internal

 Open the Network > Routes page.


The Setup Utility created the following route:

Name Resource
external_default_gateway 10.1.10.2

WINDOWS Task 6 – Explore Command Line Access (CLI) and tmsh


Access the BIG-IP system and view configuration details using an SSH client (such as Putty).

 Use an SSH client (such as Putty) to connect to the external self IP address 10.1.10.241.

You are unable to access the BIG-IP system.


 In the Configuration Utility, open the Network > Self IPs page and click 10.1.10.241.
You were unable to access the self IP address using SSH because the Port Lockdown option is set to
allow access for TCP port 443 only.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 21


Windows Exercise 1.2 – Initial BIG-IP Configuration
 Add TCP port 22 to the Custom List box, and then click Update.

 Use the SSH client again to connect to 10.1.10.241.


 In the PuTTY Security Alert dialog box, click Yes.
 Log in to the BIG-IP CLI using the following credentials:
Login as: root
Password: default
 At the CLI type:
tmsh list net se (and then press the Tab key)

Question:
Did autocomplete display options? _____________________

 At the CLI, complete the command:


tmsh list net self

Question:
What information is listed? ________________________________

 At the CLI type:


tmsh

 At the tmos prompt type:


list net vl (and then type the Tab key)

Questions:
Did autocomplete display options? _______________________

Which options are available? _______________________________________

Why did the tmos prompt replace “list net vl” with “list net vlan”?

_______________________________________________________________________

 Press the Enter key.

Question:
What information is listed? ________________________________

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 22


Windows Exercise 1.2 – Initial BIG-IP Configuration
 At the tmos prompt, navigate to another location by typing the following:
ltm
node

 At the tmos prompt type:


?
TMOS displays the commands you can use for nodes in LTM.
 At the tmos prompt type:
q (NOTE: This will exit the list of commands)
create ?
TMOS displays available commands and required objects. The create command requires a name to
identify the node.
 At the tmos prompt type:
create test_node ?
The create command followed by a name requires a text name or an IP address.
 At the tmos prompt type:
create test_node address ?
You must include an IP address.
 At the tmos prompt type:
create test_node address 10.20.30.40 (and then press the Enter key)
list

 In the Configuration Utility, open the Local Traffic > Nodes > Node List page.

You created a node on the BIG-IP system.


 In the SSH client, at the tmos prompt type:
delete test (and then press the Tab key)
There is only one possible option, so autocomplete finishes the next word.
 Press the Enter key to complete the delete command.
 In the Configuration Utility, refresh the Node List page.
You’ve removed the node from the BIG-IP system.
 In the SSH client, at the tmos prompt type:
/ (this brings you back to the root TMOS level)
quit

 At the CLI type:


exit

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 23


Windows Exercise 1.3 – User Access and System Preferences

Windows Exercise 1.3 – User Access and System


Preferences
In this exercise you will verify the default capabilities of the built-in admin and root user accounts. You’ll then
create a new BIG-IP user account and experiment with two user roles. Finally, you’ll examine the log files and
create an archive file.
• Required virtual images: BIGIP-13.0_LTMFund
• Estimated completion time: 15 minutes

WINDOWS Task 1 – Verify User Access


Attempt to log in using the SSH client and the admin user account.

 Open an SSH session and connect to 10.1.10.241.


 Attempt to log in using the following credentials:
Username: admin
Password: admin
By default, you cannot open an SSH session using the admin account.
 In the Configuration Utility, open the System > Users > User List page and click admin.
 From the Terminal Access list select Advanced shell, and then click Update.

 Use the SSH client again to connect to: 10.1.10.241, and then log in using the admin account.
 Close the SSH session.
 In the Configuration Utility, attempt to log back in to the BIG-IP system using the following credentials:
Username: root
Password: default
You cannot log in to the Configuration Utility using the root account. You can only use the root
account for CLI access.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 24


Windows Exercise 1.3 – User Access and System Preferences

WINDOWS Task 2 – Create a New BIG-IP System User Account


Use the Configuration Utility to create a new BIG-IP system user account for yourself and experiment with
different user roles.

 Log in to the BIG-IP system using the admin account.


 Open the System > Users > User List page and click Create.
 Create a new user account using the following information, and then click Finished.
User Name your first name
Password your last name (all lowercase)
Partition Access Role: Operator
Partition: All (Click Add)
Terminal Access tmsh

 Use the SSH client to access: 10.1.10.241, and then log in using your new user account.

Question:
Are you at the CLI prompt or the tmos prompt? _________________________

 At the tmos prompt, type:


ltm node
create test_node address 10.20.30.40
You receive a syntax error: incomplete command.
 At the tmos prompt, type:
create ?
There are no commands available. Your user account does not have privileges to create nodes.
 At the tmos prompt, type:
quit
Because you only have TMSH access, quitting TMSH ends the SSH session.
 In the Configuration Utility, click Log out.

 Log back into the Configuration Utility using your new user account.
 Open the Local Traffic > Pools > Pool List page.

Question:
Why are the Create and Delete buttons greyed out? ________________________________

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 25


Windows Exercise 1.3 – User Access and System Preferences
 Open the System > Users > User List page and click your user account.

Question:
Can you modify the role assigned to your user account? _______________________

 Log out, and then log back in using the admin account.
 Open the System > Users > User List page and click your user account.
 Select the Operator entry in the box, and then click Edit.

 From the Role list select Resource Administrator, and then click Add.
 From the Terminal Access list select Advanced shell, and then click Update.

Question:
Were you successful? _______________________

 Log out, and then log in using your new user account with the WRONG password. (NOTE: You will view
this failed login attempt in the LTM audit log.)
 Log in using your new user account with the correct password.
 Open the Local Traffic > Pools > Pool List page.
You now have privileges to create and delete pools.

WINDOWS Task 3 – View Logging Information


View recent security logging activity using an SCP client (such as WinSCP) to.

 Open the System > Logs > Audit > List page.
 Type fail in the search field, and then click Search.
 Locate the log entry for the failed login attempt by your user account.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 26


Windows Exercise 1.3 – User Access and System Preferences

WINDOWS Task 4 – Update System Preferences


Update the BIG-IP system preferences with custom settings.

 Open the System > Preferences page.


 From the System Settings list select Advanced.
 Update the Records Per Screen value to 20.
 From the Start Screen list select Statistics.
 Select the Redirect HTTP to HTTPS checkbox.
 Under the Security Settings section: update the Idle Time Before Automatic Logout value to 100000.
 Update the Security Banner Text to Show on the Login Screen to:
Welcome to the F5 BIG-IP VE (Virtual Edition) vLab environment.

The vLab environment is intended for F5 Networks training and demonstration purposes only. You are
not authorized to distribute the vLab to any other parties.
 Click Update, and then click Log out.
 Change the URL to http://10.1.1.245.
You are redirected to the HTTPS site, and the Login page now displays the custom message.
 Log in using your new user account.
The startup page is now the Statistics page.

WINDOWS Task 5 – Create an Archive File


Use the command line to create an archive file.

 Use an SSH client to connect to: 10.1.10.241, and then log in using your new user account.
 At the CLI type:
tmsh

 At the TMOS prompt type:


sys ucs
?

 Use the Enter key to scroll through the available commands.


 At the tmos prompt type:
q
save ?
save ltmfund_mod01_clean_install_v13.0.ucs

 Quit TMSH, and then exit the SSH client.


 In the Configuration Utility, open the System > Archives page.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 27


Mac Exercise 1.1 – VMware Fusion Configuration

Mac Exercise 1.1 – VMware Fusion Configuration


These steps guide you through download and installing VMware Fusion, installing and configuring the VMware
Fusion environment, downloading and installing the VMware images used in the environment, and making
some required manual changes to the LAMP back-end server images.
• Use a Mac environment with this setup guide.
• Estimated completion time: 20 minutes

MAC Task 1 – Install VMware Fusion and Install the Trial License
You can skip this step if you already have VMware Fusion 8 installed on your laptop. If not, download and install
VMware Fusion 8.

 Open a new Web browser and access http://www.vmware.com/products/fusion.


 Download and install the trial version of VMware Fusion 8 Pro.

→NOTE: These exercises are tested for VMware Fusion version 6 Professional. There may be
issues with previous versions.

You need to purchase a VMware Fusion Professional license; however, you have
30 days to use the trial version.

MAC Task 2 – Set Up the VMware Network Environment


You will configure three VMware networks. VMnet1 acts as the Out of Band Management network for accessing
the BIG-IP Configuration Utility. VMnet2 acts as the external network for users accessing virtual servers. VMnet3
acts as the internal VLAN where the back-end web servers are located.

 Launch VMware Fusion, and then select VMware Fusion > Preferences.

 Click the Network icon.

→NOTE: If you do not see a Network icon, you did not install VMware Fusion Professional. Go
back to the VMware web site and install VMware Fusion Pro.

 Click the lock icon.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 28


Mac Exercise 1.1 – VMware Fusion Configuration
 Click the + icon.

This adds a custom network named vmnet2.


 Click the + icon two more times to create vmnet3 and vmnet4 networks.

 Select vmnet2, and configure as follows:


o Leave the Allow virtual machines on this network to connect to external networks (using NAT)
checkbox cleared.
o Leave the Connect the host Mac to this network checkbox selected.
o Leave the Provide addresses on this network via DHCP checkbox selected.
o In the Subnet IP field enter 10.1.1.0,
o In the Subnet mask field enter 255.255.255.0.

→NOTE: You will use this network to access the BIG-IP management interface.

This configures your local workstation with a vmnet2 IP address within the 10.1.1.0 network.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 29


Mac Exercise 1.1 – VMware Fusion Configuration
 Select vmnet3 and configure as follows:
o Select the Allow virtual machines on this network to connect to external networks (using NAT)
checkbox.
o Leave the Connect the host Mac to this network checkbox selected.
o Leave the Provide addresses on this network via DHCP checkbox selected.
o In the Subnet IP field enter 10.1.10.0.
o In the Subnet mask field enter 255.255.255.0.

→NOTE: The NAT option enables the BIG-IP system reach the Internet through your
workstation’s network adapter.

This configures your local workstation with a vmnet3 IP address within the 10.1.10.0 network.
 Select vmnet4, and configure as follows:
o Leave the Allow virtual machines on this network to connect to external networks (using NAT)
checkbox cleared.
o Clear the Connect the host Mac to this network checkbox.
o Leave the Provide addresses on this network via DHCP checkbox selected.
o In the Subnet IP field enter 10.1.20.0.
o In the Subnet mask field enter 255.255.255.0.

→NOTE: Ensure that the “Connect the host Mac to this network” checkbox is cleared. This
prevents your local workstation from having direct access to the internal network.

 Click Apply, and then close the Network window.


 Open a terminal window and type:
ifconfig
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 30
Mac Exercise 1.1 – VMware Fusion Configuration
 Use the table below to note the IP addresses for your VMnet adapters.
Adapter IP address
vmnet2
vmnet3

 Close the terminal window.

MAC Task 3 – Download the Virtual Images


Download the BIG-IP image file to your local workstation, and then download and unzip the VMware back-end
server images.

 Access and log in to the F5 product download page at https://downloads.f5.com/esd/productlines.jsp.


 Click BIG-IP v13 x / Virtual Edition, and ensure that 13.0.0 is selected in the product version list box.
 Click Virtual-Edition, and then accept the license agreement.
 Click BIGIP-13.0.0.0.0.1645.ALL-scsi.ova.

 Click the best download link for your location.


 Access the F5 product download page again.
 Click Virtual Lab Environment (vLab).

 Ensure that 4.0 is selected in the version list box.


 Click vLab_files, and then accept the software terms and conditions.
 Download the following files:
o The most current Partners_vLab_Package.zip file
o LAMP_v4.zip
o Windows_7_External.zip

→NOTE: In order to use the Windows 7 image it is expected that you have a valid Microsoft
license key. In addition, all hands-on exercise and customer demonstration documents
are written for a Windows workstation. You should use the Windows 7 VMware image
to perform the exercises and demos. If you choose to, you can use your Macintosh
workstation and Safari web browser, but it will be your responsibility to translate the
steps (written for a Windows environment) into the Mac environment.

 Unzip each downloaded file to a folder on your Mac.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 31


Mac Exercise 1.1 – VMware Fusion Configuration

MAC Task 4 – Import the BIG-IP system VMware Image


Use VMware Fusion to import the BIG-IP VE image file.

 In VMware Fusion, go to File > Import.

 Click Choose File.


 Navigate to the Downloads folder, then select the BIGIP-13.0.0.0.0.1645.ALL-scsi.ovaimage file,
and then click Open.
 Click Continue.
 Name the new virtual machine BIGIP-13.0_LTMFund, and then click Save.
 Click the Accept button.
It will take a few minutes for the image to import.
 After the import completes click Finish, and then click Customize Settings.

 Click Processors & Memory.

 Adjust the Memory as follows:


o If your system has 8GB to 12GB of RAM, set the Memory to 4096 MB.
o If your system has 16GB of RAM or more, set the Memory to 8192 MB.
 Click Show All.

 Click Hard Disk (SCSI).


 ONLY IF the current value is less than 80, adjust the Disk size to 80 GB.

 Click Show All, and then click Hard Disk 2 (SCSI).

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 32


Mac Exercise 1.1 – VMware Fusion Configuration
 ONLY IF the current value is less than 20, adjust the Disk size to 20 GB.
 Click Show All, then click Network Adapter, and then click the vmnet2 option. (NOTE: Ensure you have
selected the option button.)

 Click Show All, then click Network Adapter 2, and then click the vmnet3 option.
 Click Show All, then click Network Adapter 3, and then click the vmnet4 option.
 Click Show All, then click Network Adapter 4, and then modify the Enable Network Adapter option
to OFF.

 Close the BIGIP-13.0_LTMFund: Settings window.

MAC Task 5 – Open the LAMP VMware Image


Use VMware Fusion to open the LAMP image.

 In VMware Fusion, go to File > Open.


 Navigate to the Downloads > LAMP_v4 directory.
 Select the LAMP_v4.vmx image file, and then click Open.
 Click Take Ownership.

 Select LAMP_v4 from the Virtual Machine Library, and then click Settings.
 Click Network Adapter, and then click the vmnet2 option. (NOTE: Ensure you have selected the option
button.).

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 33


Mac Exercise 1.1 – VMware Fusion Configuration
 Click Show All, then click Network Adapter 2 and ensure the Enable Network Adapter is set to OFF.
 Click Show All, then click Network Adapter 3, and then click the vmnet4 option.
 Click Show All, then click Network Adapter 4 and ensure the Enable Network Adapter is set to OFF.
 Close the LAMP_v4: Settings window.

MAC Task 6 – Edit the Settings of the LAMP Image


The LAMP_v4 image requires manual network configuration changes.

 Select LAMP_v4 from the Virtual Machine Library, and then click Start Up.
 After the image powers on, within the VMware window on the LAMP desktop, leave the Xubuntu user
account selected and click Login.
 Click the Applications Menu icon on the top-left of the screen and go to Settings > Settings Manager.

 In the Hardware section, click Network Connections.


 Select Wired connection 1, and then click Edit.
 From the Device MAC address list select the MAC address for eth0.

 Click Save, and then repeat these steps for the following:
o Wired connection 2  eth1
o Wired connection 3  eth2
o Wired connection 4  eth3
 Delete Wired connection 5 – Wired connection 8.

→NOTE: The wired connection entries will not be removed from the Network Connections list
until you reboot the image.

 Close the Network Connections and Settings dialog boxes.


 In the Virtual Machine Library, select LAMP_v4 and go to Virtual Machine > Shut Down.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 34


Mac Exercise 1.1 – VMware Fusion Configuration
 Select LAMP_v4 and then click Snapshots.

 Click Take, and then name the snapshot LAMP_v4_Clean, and then click Take.
 Close the LAMP_v4: Snapshots window.

MAC Task 7 – Open the Windows 7 VMware Image


Use VMware Fusion to open the Windows 7 image.

 In VMware Fusion, go to File > Open.


 Navigate to the Downloads directory.
 Select Windows_7_External, and then click Open.
 Select Windows_7 from the Virtual Machine Library, and then click Settings.
 Click Network Adapter, and then click the vmnet3 option. (NOTE: Ensure you have selected the
option button.)
 Select Windows_7 and then click Snapshots.
 Click Take, and then name the snapshot Windows_7_ Clean, and then click Take.
 Close the Windows_7: Snapshots window.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 35


Mac Exercise 1.2 – Initial BIG-IP Configuration

Mac Exercise 1.2 – Initial BIG-IP Configuration


In this exercise you will configure the BIG-IP management interface, you’ll use TMSH to create a VLAN and a
self IP address, and you’ll request and install a BIG-IP VE license key.
• Your workstation needs Internet access to complete the licensing portion of this exercise.
• Required virtual images: BIGIP-13.0_LTMFund
• Estimated completion time: 25 minutes

MAC Task 1 – Configure BIG-IP Management Interface Settings


Start up the BIG-IP VE image and then configure the management interface settings.

 Click BIGIP-13.0_LTMFund from the Virtual Machine Library, and then click Start Up.

 After the BIG-IP system has powered on, you are presented with the localhost login screen.

 Log in to the BIG-IP system using the following credentials:


localhost login: root
Password: default
 At the CLI prompt, type:
config

→NOTE: The following must be completed using your keyboard only.

 Press the Enter key to activate the OK option.


 Use the Tab key to activate the No option, and then press the Enter key.
 Edit the IP Address to 10.1.1.245, then press the Tab key to activate the OK option, and then press
the Enter key.
 Ensure that the Netmask is 255.255.255.0, then press the Tab key to activate the OK option, and then
press the Enter key.
 Press the Enter key to activate the Yes option to create a default route for the management port.
 Edit the Management Route to 10.1.1.1, then press the Tab key to activate the OK option, and then
press the Enter key.
 Press the Enter key to activate the Yes option to accept the settings.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 36


Mac Exercise 1.2 – Initial BIG-IP Configuration

MAC Task 2 – Generate a BIG-IP VE License Key


Request BIG-IP trial licenses from F5.com.

 Use a new tab to access https://f5.com/products/trials/product-trials.


 Under Download a Free Trial Now click Start your trial.

→NOTE: You can generate up to 9 BIG-IP trial licenses each year. Each license is good for 90
days. However, you are only able to submit a request 3 times each year. Therefore, it
is recommended that each time you request a trial license you request the maximum
of 3 licenses per request.

 Click Generate Registration Key.


 On the next screen, answer the first two questions.
 We recommend you request 3 license keys.
 Enter the correct CAPTCHA challenge and then click Request license keys.
You will receive an email with 3 BIG-IP trial licenses and 1 BIG-IQ trial license.

MAC Task 3 – Activate the BIG-IP License


Access the management port of the BIG-IP system using a web browser, and then use the manual licensing
method with the registration key emailed to you to activate the BIG-IP system.

 Open a web browser and access https://10.1.1.245.


 Proceed with the untrusted security certificate.
 Log in to the BIG-IP system using the following credentials:
Username: admin
Password: admin
The BIG-IP system does not yet have a license.
 On the Welcome page click Next.
 On the License page click Activate.
 Open the email from F5 Networks with your Evaluation Registration Key and copy the
Registration Key text.
 In the Setup Utility, in the Base Registration Key field, paste the registration key text.
 For Activation Method, select Manual, and then click Next.

 Select and copy all the dossier text to your clipboard. (NOTE: Use ⌘ + A and ⌘+ C)

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 37


Mac Exercise 1.2 – Initial BIG-IP Configuration
 Select Click here to access F5 Licensing Server.

 On the Activate F5 Product page, paste the dossier text in the field (NOTE: Use ⌘ + V), and then
click Next.
 Select to accept the legal agreement, and then click Next.
 Select and copy all the license key text to your clipboard (NOTE: Use ⌘ + A and ⌘+ C), and then close
the Activate F5 Product page.
 On the Setup Utility > License page, paste the license key text into the Step 3: License field, and then
click Next.
The BIG-IP system configuration updates. This takes several seconds.
 After the configuration changes complete, log in to the BIG-IP system.

MAC Task 4 – Complete the Setup Utility


Complete the remaining steps of the Setup Utility.

 On the Resource Provisioning page, ensure only Local Traffic (LTM) is set to Nominal and click Next.
 On the Device Certificate page click Next.
 On the Platform page, configure these settings using the following information, and then click Next.
Host Name bigipA.f5demo.com
Root Account (Password and Confirm) default
Admin Account (Password and Confirm) admin

You are prompted to log out and log back in to the BIG-IP system.
 Click OK, and then log back in to the BIG-IP system.
 Under Standard Network Configuration click Next.
 On the Redundant Device Wizard Options page leave the default settings and click Next.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 38


Mac Exercise 1.2 – Initial BIG-IP Configuration
 In the Internal Network Configuration and Internal VLAN Configuration sections, configure the settings
using the following information, and then click Next.
Self IP: Address 10.1.20.241
Self IP: Netmask 255.255.255.0
Self IP: Port Lockdown Allow Default
Floating IP: Address 10.1.20.240
Floating IP: Port Lockdown Allow Default
Interfaces 1.2 (untagged)

 In the External Network Configuration and External VLAN Configuration sections, configure the settings
using the following information, and then click Finished.
External VLAN Create VLAN external
Self IP: Address 10.1.10.241
Self IP: Netmask 255.255.255.0
Self IP: Port Lockdown Allow 443
Default Gateway 10.1.10.2
Floating IP: Address 10.1.10.240
Floating IP: Port Lockdown Allow 443
VLAN Interfaces 1.1 (untagged)

 On the High Availability Network Configuration page, configure the highlighted settings using the
following information, and then click Next.
High Availability VLAN Select existing VLAN
Select VLAN Internal
Self IP: Address 10.1.20.241
Self IP: Netmask 255.255.255.0
VLAN Interfaces 1.2 (untagged)

 On the Network Time Protocol Configuration page, enter10.1.20.252, then click Add, and then
click Next.
 On the Domain Name Server Configuration page, enter 4.2.2.2 and then click Add.
 Select the 10.1.1.1 entry, then click Delete, and then click Next.
 On the ConfigSync Configuration page, leave 10.1.20.241 (internal) selected and click Next.
 On the Failover Unicast Configuration page, leave the default settings and click Next.
 On the Mirroring Configuration page, leave the default settings and click Next.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 39


Mac Exercise 1.2 – Initial BIG-IP Configuration
 On the Active/Standby Pair page, under Advanced Device Management Configuration click Finished.

You are presented with the BIG-IP Web Configuration Utility.

 To find manuals and product information, click the User Documentation link to go to AskF5.com.
The AskF5 knowledge base web site displays. You can use this site to view knowledge base articles and
download product manuals.
 Close the Ask F5 web page.
 Click the Run the Setup Utility link.
You can run the Setup Utility at any time. However, you can also make changes manually using the
Network option on the left navigation menu.

MAC Task 5 – Review Configuration Objects


Use the Configuration Utility to view the TMOS objects created with the Setup Utility.

 Open the Network > VLANs > VLANs List page.


The Setup Utility created two VLANs: external and internal.
 Open the Network > Self IPs page.
The Setup Utility created two self IP addresses:

Self IP Address VLAN


10.1.10.241 external
10.1.10.240 external
10.1.20.241 internal
10.1.20.240 internal

 Open the Network > Routes page.


The Setup Utility created the following route:

Name Resource
external_default_gateway 10.1.10.2
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 40
Mac Exercise 1.2 – Initial BIG-IP Configuration

MAC Task 6 – Explore Command Line Access (CLI) and tmsh


Access the BIG-IP system and view configuration details using an SSH client (such as Putty).

 Open a Terminal window, and at the prompt type:


ssh root@10.1.10.241

 Use the following credentials:


Password: default
You are unable to access the BIG-IP system.
 In the Configuration Utility, open the Network > Self IPs page and click 10.1.10.241.
You were unable to access the self IP address using SSH because the Port Lockdown option is set to
allow access for TCP port 443 only.
 Add TCP port 22 to the Custom List box, and then click Update.

 Use the SSH session again to connect to 10.1.10.241.


 At the security warning type Yes.
 Log in to the BIG-IP CLI using the following credentials:
Password: default
 At the CLI type:
tmsh list net se (and then press the Tab key)

Question:
Did autocomplete display options? _____________________

 At the CLI, complete the command:


tmsh list net self

Question:
What information is listed? ________________________________

 At the CLI type:


tmsh

 At the tmos prompt type:


list net vl (and then type the Tab key)

Questions:
Did autocomplete display options? _______________________

Which options are available? _______________________________________

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 41


Mac Exercise 1.2 – Initial BIG-IP Configuration
Why did the tmos prompt replace “list net vl” with “list net vlan”?

_______________________________________________________________________

 Press the Enter key.

Question:
What information is listed? ________________________________

 At the tmos prompt, navigate to another location by typing the following:


ltm
node

 At the tmos prompt type:


?
TMOS displays the commands you can use for nodes in LTM.
 At the tmos prompt type:
q (NOTE: This will exit the list of commands)
create ?
TMOS displays available commands and required objects. The create command requires a name to
identify the node.
 At the tmos prompt type:
create test_node?
The create command followed by a name requires a text name or an IP address.
 At the tmos prompt type:
create test_node address ?
You must include an IP address.
 At the tmos prompt type:
create test_node address 10.20.30.40 (and then press the Enter key)
list

 In the Configuration Utility, open the Local Traffic > Nodes > Node List page.

You created a node on the BIG-IP system.


 In the SSH session, at the tmos prompt type:
delete test (and then press the Tab key)
There is only one possible option, so autocomplete finishes the next word.
 Press the Enter key to complete the delete command.
 In the Configuration Utility, refresh the Node List page.
You’ve removed the node from the BIG-IP system.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 42


Mac Exercise 1.2 – Initial BIG-IP Configuration
 In the SSH session, at the tmos prompt type:
/ (this brings you back to the root TMOS level)
quit

 At the CLI type:


exit

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 43


Mac Exercise 1.3 – User Access and System Preferences

Mac Exercise 1.3 – User Access and System Preferences


In this exercise you will verify the default capabilities of the built-in admin and root user accounts. You’ll then
create a new BIG-IP user account and experiment with two user roles. Finally, you’ll examine the log files and
create an archive file.
• Required virtual images: BIGIP-13.0_LTMFund
• Estimated completion time: 15 minutes

MAC Task 1 – Verify User Access


Attempt to log in using the SSH client and the admin user account.

 In the Terminal window type:


ssh admin@10.1.10.241

 Attempt to log in using the following credentials:


Password: admin
By default, you cannot open an SSH session using the admin account.
 In the Configuration Utility, open the System > Users > User List page and click admin.
 From the Terminal Access list select Advanced shell, and then click Update.

 Use the SSH session again to connect to: 10.1.10.241 using the admin account.
 Exit the SSH session.
 In the Configuration Utility, attempt to log back in to the BIG-IP system using the following credentials:
Username: root
Password: default
You cannot log in to the Configuration Utility using the root account. You can only use the root
account for CLI access.

MAC Task 2 – Create a New BIG-IP System User Account


Use the Configuration Utility to create a new BIG-IP system user account for yourself and experiment with
different user roles.

 Log in to the BIG-IP system using the admin account.


 Open the System > Users > User List page and click Create.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 45


Mac Exercise 1.3 – User Access and System Preferences
 Create a new user account using the following information, and then click Finished.
User Name your first name
Password your last name (all lowercase)
Partition Access Role: Operator
Partition: All
(Click Add)
Terminal Access tmsh

 Use the SSH session to access: 10.1.10.241 using your new user account.

Question:
Are you at the CLI prompt or the tmos prompt? _________________________

 At the tmos prompt, type:


ltm node
create test_node address 10.20.30.40
You receive a syntax error: incomplete command.
 At the tmos prompt, type:
create ?
There are no commands available. Your user account does not have privileges to create nodes.
 At the tmos prompt, type:
quit
Because you only have TMSH access, quitting TMSH ends the SSH session.
 In the Configuration Utility, click Log out.

 Log back into the Configuration Utility using your new user account.
 Open the Local Traffic > Pools > Pool List page.

Question:
Why are the Create and Delete buttons greyed out? ________________________________

 Open the System > Users > User List page and click your user account.

Question:
Can you modify the role assigned to your user account? _______________________

 Log out, and then log back in using the admin account.
 Open the System > Users > User List page and click your user account.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 46


Mac Exercise 1.3 – User Access and System Preferences
 Select the Operator entry in the box, and then click Edit.

 From the Role list select Resource Administrator, and then click Add.
 From the Terminal Access list select Advanced shell, and then click Update.

Question:
Were you successful? _______________________

 Log out, and then log in using your new user account with the WRONG password. (NOTE: You will view
this failed login attempt in the LTM audit log.)
 Log in using your new user account with the correct password.
 Open the Local Traffic > Pools > Pool List page.
You now have privileges to create and delete pools.

MAC Task 3 – View Logging Information


View recent security logging activity using an SCP client (such as WinSCP) to.

 Open the System > Logs > Audit > List page.
 Type fail in the search field, and then click Search.
 Locate the log entry for the failed login attempt by your user account.

MAC Task 4 – Update System Preferences


Update the BIG-IP system preferences with custom settings.

 Open the System > Preferences page.


 From the System Settings list select Advanced.
 Update the Records Per Screen value to 20.
 From the Start Screen list select Statistics.
 Select the Redirect HTTP to HTTPS checkbox.
 Under the Security Settings section: update the Idle Time Before Automatic Logout value to 100000.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 47


Mac Exercise 1.3 – User Access and System Preferences
 Update the Security Banner Text to Show on the Login Screen to:
Welcome to the F5 BIG-IP VE (Virtual Edition) vLab environment.

The vLab environment is intended for F5 Networks training and demonstration purposes only. You are
not authorized to distribute the vLab to any other parties.
 Click Update, and then click Log out.
 Change the URL to http://10.1.1.245.
You are redirected to the HTTPS site, and the Login page now displays the custom message.
 Log in using your new user account.
The startup page is now the Statistics page.

MAC Task 5 – Create an Archive File


Use the command line to create an archive file.

 Use the SSH session to connect to: 10.1.10.241 using your new user account.
 At the CLI, type:
tmsh

 At the TMOS prompt, type:


sys ucs
?

 Use the Enter key to scroll through the available commands.


 At the tmos prompt, type:
q
save ?
ltmfund_mod01_initial_setup_v13.0.0.ucs

 Quit TMSH, and then exit the SSH client.


 In the Configuration Utility, open the System > Archives page.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 48


Exercise 2.1 – Create and HTTP Pool and Virtual Server

Module 2 Exercises – Processing Traffic


Exercise 2.1 – Create an HTTP Pool and Virtual Server
In this exercise you will configure a pool for HTTP web servers, a virtual server that uses the HTTP pool, and
then verify its functionality. You’ll then update the SNAT settings for the virtual server.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 15 minutes

Task 1 – Create a Pool


Create a pool containing three HTTP web servers.

 In the VMware library, start up the BIGIP-13.0_LTMFund and LAMP_v4 images.


 For Mac users, start up the Windows_7 image, and then log in as vLab User.
 Open a web browser and access https://10.1.1.245.
 Log in with the new user account you created in Exercise 1.2.
 Open the Local Traffic > Pools > Pool List page and click Create.
 Create a pool using the following information, and then click Finished.
Name http_pool
Health Monitors none (leave empty)
Load Balancing Method Round Robin
Priority Group Activation Disabled
New Members Node Name Address Service Port
(Click Add for each entry) leave empty 10.1.20.11 80
leave empty 10.1.20.12 80
leave empty 10.1.20.13 80

 Open the Local Traffic > Nodes > Node List page.
The BIG-IP system automatically creates a node for each pool member, using the node IP address as
the node name.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 49


Exercise 2.1 – Create and HTTP Pool and Virtual Server

Task 2 – Create a Virtual Server that Uses the Pool


Create an HTTP virtual server that uses http_pool.

 Open the Local Traffic > Virtual Servers > Virtual Server List page and click Create.
 Create a virtual server using the following information, and then click Finished.
Name http_virtual
Type Standard
Destination Address 10.1.10.20
Service Port 80 (HTTP)
State Enabled
Default Pool http_pool

Task 3 - Document the vLab Environment


Use the TCP/IP utilities to fill in the vLab Environment diagram.

 Windows users: On your host workstation, open a command prompt and type:
ipconfig

 Mac users: On your host workstation, open a terminal window and type:
ifconfig

 Identify the IP address issued in the external VLAN (in the 10.1.10.0 subnet) and document it in the
diagram on the next page.
 Identify the IP address issued in the Management network (in the 10.1.1.0 subnet) and document it in
the diagram on the next page.
 In the Windows 7 VMware image, open a command prompt and type:
ipconfig

 Identify the IP address issued in the external VLAN (in the 10.1.10.0 subnet) and document it in the
diagram on the next page.
 In VMware, access the LAMP desktop, then open a terminal window and type:
ip address list

 Each IP address represents a different web server on the internal VLAN. Document the IP addresses for
each different LAMP server in the diagram on the next page.
 Document the virtual server IP address you created in Task 2 in the diagram.
 Draw arrows from the virtual server IP address to each pool member you configured in Task 1.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 50


Exercise 2.1 – Create and HTTP Pool and Virtual Server

external IP: Mgmt IP:

Host workstation

external IP:

Windows 7 image

http_virtual
IP:
VLAN: external Management network
Self IP: 10.1.10.240 IP: 10.1.1.245

VLAN: internal
Self IP: 10.1.20.240

LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:

LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 51


Exercise 2.1 – Create and HTTP Pool and Virtual Server

Task 4 – Verify the Virtual Server and Pool Functionality


Use a web browser to access http_virtual and ensure that you’re receiving information from all three pool
members.

 Use a new tab to access the virtual server at http://10.1.10.20.


Each image file identifies which node supplied it. You can also see which node identified the index.php
page. There are page elements coming from all three of the pool members.

 In the Configuration Utility, open the Statistics > Module Statistics > Local Traffic page.
 From the Statistics Type list select Virtual Servers.

Question:
How many connections were opened to create the web page? ___________

 In the F5 vLab Test web page, type Ctrl+F5 several times to force the web browser to refresh without
using its cache.
 In the Configuration Utility, from the Statistics Type list select Pools, and then expand http_pool.

Questions:
Did traffic go to each pool member? _____________

Did each member manage approximately the same number of connections? __________

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 52


Exercise 2.1 – Create and HTTP Pool and Virtual Server

Task 5 – Modify the Virtual Server SNAT Setting


Identify the effects of adding SNAT Automap to http_virtual.

 In the F5 vLab Test web page, review the Request Details and examine the Client IP address/port

Questions:
What is the client IP address? ________________________

Which device is configured with this IP address? ___________________________

 In the Configuration Utility, open the Local Traffic > Virtual Servers > Virtual Server List page and
click http_virtual.
 In the Configuration section, from the Source Address Translation list select Auto Map,
and then click Update.
 In the F5 vLab Test web page, use Ctrl+F5 to refresh the page.

Question:
What is the client IP address? ________________________

Which device is configured with this IP address? ___________________________

 Close the F5 vLab Test Web Site tab.


 In the Configuration Utility, from the Source Address Translation list box select None,
and then click Update.
Without SNAT Automap configured, the pool member sees the client’s actual IP address as the
source IP address. With SNAT Automap configured, the pool member sees the BIG-IP system’s internal
self IP address as the source IP address.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 53


Exercise 2.2 – Using the Network Map

Exercise 2.2 – Using the Network Map


In this exercise you will use the Network Map feature to examine availability information on virtual servers,
pools, pool members, and nodes.
• Estimated completion time: 10 minutes

Task 1 – View Configuration and Status from the Network Map


Use the Network Map to view status information for BIG-IP system configuration objects.

 In the Configuration Utility, open the Local Traffic > Network Map page.
 Use the mouse to hover over the virtual server and pool objects and notice the information displayed for
each object.
 Hover over the pool member objects and notice the information displayed.
 Click the 10.1.20.11:80 pool member.
The pool member properties page displays.
 In the Parent Node row, click 10.1.20.11.
The node properties page displays.
 Open the Local Traffic > Pools > Pool List page and click http_pool.
 Open the Members page.

 Select the checkbox for 10.1.20.11:80, and then click Disable.

 Open the Network Map page.


 In the Search box, type 20.12, and then click Update Map.
All objects that match the search criteria are highlighted.
 Click 10.1.20.11:80.
 In the State row, select the Enabled option to re-enable this pool member, and then click Update.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 54


Exercise 2.2 – Using the Network Map

Task 2 – Reset Statistics


Reset the statistics for http_virtual, http_pool, and all pool members.

 Open the Statistics > Module Statistics > Local Traffic page, and from the Statistics Type list
select Virtual Servers.
 Select the http_virtual checkbox, and then click Reset.

 From the Statistics Type list select Pools.


 Use the Select All checkbox to select the http_pool and all three pool members, and then click Reset.

Task 3 – View the Local Traffic Log File


Use the Local Traffic log file to identify pool member availability.

 Open the System > Logs > Local Traffic page.


 Click the Timestamp column header to sort in descending order. (The most recent entry should be at the
top of the list.)

 In the Search box type disabled, and then click Search.


You can quickly identify when a pool member or node has been disabled.

Task 4 – Save the Configuration


Use the Configuration Utility to create an archive file.

 Open the System > Archives page and click Create.


 Create an archive using the following information, and then click Finished.
File Name ltmfund_mod02_processing_traffic_v13.0
Encryption Disabled
Private Keys Include

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 55


Exercise 3.1 – Virtual Server Priority

Module 3 Exercises – Virtual Servers


Exercise 3.1 – Virtual Server Priority
In this exercise you will configure a pool and a virtual server that listen on all ports, and then test application
access using the virtual server.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 10 minutes

Task 1 – Create a Wildcard Pool


Create a pool containing three pool members listening on all ports.

 In the VMware library, start up the BIGIP-13.0_LTMFund and LAMP_v4 images.


 For Mac users, start up the Windows_7 image, and then log in as vLab User.
 Access https://10.1.1.245 and log in to the BIG-IP system.
 Open the Local Traffic > Pools > Pool List page and click Create.
 Create a new pool using the following information, and then click Finished.
Name open_pool
Load Balancing Method Round Robin
Priority Group Activation Disabled
New Members Address Service Port
(Click Add for each entry) 10.1.20.11 * All Services
10.1.20.12 * All Services
10.1.20.13 * All Services

 Open the Local Traffic > Nodes > Node List page.

Questions:
Did BIG-IP LTM create new nodes for this pool? _________________

Why or why not? ____________________________________________________________

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 57


Exercise 3.1 – Virtual Server Priority

Task 2 – Create a Wildcard Virtual Server


Create a virtual server listening on all ports that references open_pool.

 Open the Local Traffic > Virtual Servers > Virtual Server List page and click Create.
 Create a virtual server using the following information, and then click Finished.
Name open_virtual
Type Standard
Destination Address 10.1.10.20
Service Port * All Ports
Default Pool open_pool

There are now two virtual servers listening on the same IP address, one on port 80 only, the other on
all ports.

Task 3 – Verify the Virtual Server and Pool Functionality


Use a web browser to access both http_virtual and open_virtual and verify which virtual server processes
requests for different applications.

 Open the Statistics > Module Statistics > Local Traffic page, and then select to view Virtual Servers
statistics.
 Ensure the statistics for both virtual servers are reset.
 Use a new tab to access http://10.1.10.20.
 In the Configuration Utility, on the Virtual Servers statistics page, click Refresh.

Question:
Which virtual server processed this request? _________________________

 Reset the virtual server statistics.


 Use an SSH client to access 10.1.10.20.

→NOTE: It’s not necessary to log into the CLI to complete this task.

 Close the SSH session.


 In the Configuration Utility, on the Virtual Servers statistics page, click Refresh.

Question:
Which virtual server processed this request? _________________________

 Reset the virtual server statistics.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 58


Exercise 3.1 – Virtual Server Priority
 In the F5 vLab Test Web Site tab, edit the URL to https://10.1.10.20.
You can identify the port used to access the pool member in the Request Details section and the
Pool member address/port row.

 In the Configuration Utility, on the Virtual Servers statistics page, click Refresh.

Question:
Which virtual server processed this request? _________________________

The HTTP request was processed by http_virtual, as this virtual server is more specific than
open_virtual. The SSH and HTTPS requests were processed by open_virtual.
 Open the Local Traffic > Virtual Servers > Virtual Server List page.
 Select the open_virtual checkbox, and then click Delete twice.
 Open the Local Traffic > Pools > Pool List page.
 Select the open_pool checkbox, and then click Delete twice.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 59


Exercise 3.2 – Forwarding and Reject Virtual Servers

Exercise 3.2 – Forwarding and Reject Virtual Servers


In this exercise you will configure and test a forwarding network virtual server. You’ll then configure and test a
reject virtual server for SSH access and a forwarding host virtual server to a single server.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 15 minutes

Task 1 –Test Access to the 10.1.20/24 Network


 Use a new tab to attempt to access a pool member directly at http://10.1.20.13.
The request fails as you don’t have access to the internal network.
 In the Start menu, type cmd.
 Right-click cmd.exe and select Run as administrator, and then click Yes.

→NOTE: You cannot run the route add command while connected to an F5 VPN.

 At the command prompt, type:


route add 10.1.20.0 mask 255.255.255.0 10.1.10.240
route PRINT

Notice this adds a route to the 10.1.20.0 network through 10.1.10.240 which is the external floating
self IP address of the BIG-IP system.
 Use a new tab to attempt to access a pool member directly at http://10.1.20.13. The request fails again,
because the BIG-IP system is a default deny device and does not have a listener to match this request.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 60


Exercise 3.2 – Forwarding and Reject Virtual Servers

Task 2 – Create a Forwarding (IP) Virtual Server


 In the Configuration Utility, on the Virtual Server List page click Create.
 Create a virtual server using the following information, and then click Finished.
Name forward_virtual
Type Forwarding (IP)
Destination Address 10.1.20.0/24
Service Port * All Ports
Protocol * All Protocols

→NOTE: Notice there is no option to configure a pool for a Forwarding (IP) virtual.

 Use a new tab to attempt to access a pool member directly at http://10.1.20.13.


The request is successful. Notice in the Request Details section, the virtual server address is the same
as the pool member address. The virtual server did not process the packet, but simply forwarded it to
the internal network.
 Change the URL to https://10.1.20.12.
 In the command prompt window, type the following:
ping 10.1.20.12

 Use an SSH client to connect to 10.1.20.11.

→NOTE: It’s not necessary to log into the CLI to complete this task.

 Close the SSH session and the F5 vLab Test Web tab.
You now have access to all ports and all protocols on the 10.1.20.0 network.

Task 3 – Create a Reject Virtual Server


Create a reject virtual server to reject SSH traffic going to the 10.1.20.0 network.

 In the Configuration Utility, on the Virtual Server List page, create a virtual server using the following
information, and then click Finished.
Name reject_ssh_virtual
Type Reject
Destination Address 10.1.20.0/24
Service Port 22 (SSH)

 Use an SSH client to connect to 10.1.20.11.


 When the request times out, close the SSH session.
 Use a new tab to access http://10.1.20.11.
Although you still have HTTP access to 10.1.20.11, you no longer have SSH access to any hosts on the
10.1.20.0 network.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 61
Exercise 3.2 – Forwarding and Reject Virtual Servers
 Close the F5 vLab Test web page.

Task 4 – Create a Forwarding Host Virtual Server


Create another forwarding (IP) virtual server to host 10.1.20.11 only.

 In the Configuration Utility, on the Virtual Server List page, create a virtual server using the following
information, and then click Finished.
Name forward_virtual_20.11
Type Forwarding (IP)
Destination Address 10.1.20.11
Service Port * All Ports

 Use an SSH client to connect to 10.1.20.11.

→NOTE: It’s not necessary to log into the CLI to complete this task.

 Open another new SSH session to 10.1.20.12.


 When the request times out, close the SSH session.
You now have access to all protocols on the 10.1.20/24 network except for port 22. However, you do
have access to port 22 for 10.1.20.11 because of the more specific host virtual server.

Task 5 – Save the Configuration


Use the Configuration Utility to create an archive file.

 Open the System > Archives page and click Create.


 Create an archive using the following information, and then click Finished.
File Name ltmfund_mod03_virtual_servers_v13.0.0
Encryption Disabled
Private Keys Include

 To setup for future labs, open Virtual Servers page, select the forward_virtual, reject_ssh_virtual, and
forward_virtual_20.11 checkboxes, and then click Delete twice.
 In the command prompt window, type:
route delete 10.1.20.0

 Close the command prompt.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 62


Exercise 4.1 – Install JMeter for Web Load Testing

Module 4 Exercises – Pools


Exercise 4.1 – Install JMeter for Web Load Testing
You will need to install and configure JMeter to use this exercise guide.
• Do not perform exercise 4.1 if you already have JMeter installed.
• Estimated completion time: 10 minutes

Task 1 – Download and Install JMeter


Download and install JMeter.

→NOTE: JMeter is already installed in the Windows 7 image. If you are using the Windows 7
image you can skip to exercise 4.2.

 Use a web browser to access http://jmeter.apache.org/download_jmeter.cgi.


 From the Binaries section, download either the TGZ or ZIP file of the latest version of Apache JMeter.
 Extract the downloaded file on your workstation.
You will use the bin/jmeter.bat program to create a web server load simulation.

Task 2 – Configure a Path Value for Java.exe


To use JMeter your workstation must have a path variable value for accessing jave.exe.

 On your workstation open C:\Program Files.


 Open the Java folder. If there is no folder named Java, look in the Program Files (x86) folder.
 Open jre7, and then open bin. Verify that this folder contains the jave.exe executable file.
 Right-click in the address bar and select Copy address.

 Open the Start menu, and then type environment in the search bar.
 Click Edit environment variables for your account.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 63


Exercise 4.1 – Install JMeter for Web Load Testing
 In the Environment Variables dialog box, in the User variables for <username> section, do one of the
following:

o If there is an existing path variable:


▪ Select path, and then click Edit.
▪ At the end of the existing Variable value, add a semi-colon, and then paste the address text.
o If there is not an existing path variable:
▪ Click New.
▪ Name the new variable path.
▪ In the Variable value field, past the address text.
 Click OK twice.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 64


Exercise 4.2 – Create a Web Load Test

Exercise 4.2 – Create a Web Load Test


Use JMeter to record a visit to your virtual server, and then create a load configuration to simulate 50 users
accessing the recording.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 10 minutes

Task 1 – Use JMeter to Record a Visit to the Web Site


Use JMeter to record a series of requests to the http_virtual virtual server.

 In the VMware library, start up the BIGIP-13.0_LTMFund and LAMP_v4 images.


 For Mac users, start up the Windows_7 image, and then log in as vLab User.
 In the location you extracted JMeter, go the /bin directory, and then launch the jmeter.bat file

NOTE: If you do not have JMeter installed, return and complete Exercise 4.1.

NOTE: If you are using the Windows 7 image you can open JMeter from the desktop.

 In the navigation panel, right-click Test Plan, and then select Add > Threads (Users) >
Thread Group.

 Change the name to 10.1.10.20 Test.

NOTE: Above is different on a Mac. Look for it in same thread.

 In the Number of Threads (Users) field, enter 100.


 In the Loop Count field, enter 3.
 Go to File > Save, and save the file as 10.1.10.20_Test.jmx.
This will simulate 100 users accessing the BIG-IP system and visiting each page three times.
 In the navigation panel, right-click 10.1.10.20 Test, and then select Add > Config Element >
HTTP Request Defaults.
o In the Server Name or IP field, enter 10.1.10.20.
o In the Port Number field, enter 80.
 In the navigation panel, right-click 10.1.10.20 Test, and then select Add > Sampler > HTTP Request.
o Change the name to Home Page
o In the Path field, enter /
o Clear the Use KeepAlive checkbox.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 65


Exercise 4.2 – Create a Web Load Test
 In the navigation panel, right-click 10.1.10.20 Test, and then select Add > Sampler > HTTP Request.
o Change the name to Welcome Page
o In the Path field, enter /welcome.php
o Clear the Use KeepAlive checkbox.
 In the navigation panel, right-click 10.1.10.20 Test, and then select Add > Listener >
Summary Report.

 Click the Save button.

Task 2 – Use JMeter to Simulate Multiple Visits to the Web Site


Use JMeter to play the recording to http_virtual on the BIG-IP system.

 In JMeter, select 10.1.10.20 Test, and then go to Run > Start.


 Select Summary Report to monitor the results.
When the total # Samples value reaches 600, the test is complete.

Task 3 – Verify Virtual Server and Pool Statistics


View the virtual server and pool statistics, and then reset all statistics.

 Access https://10.1.1.245 and log in to the BIG-IP system.


 Open the Statistics > Module Statistics > Local Traffic page and select to view the Pools statistics, and
then expand http_pool.

Question:
Were the connections distributed evenly between the three pool members? ________

 Reset the statistics for the pool and all pool members.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 66


Exercise 4.3 –Load Balancing Methods

Exercise 4.3 –Load Balancing Methods


In this exercise you will change the load balancing method to Ratio and view the resulting behavior.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 15 minutes

Task 1 – Configure Ratio Member Load Balancing


Update http_pool by changing the load balancing method to Ratio (member), and then assign ratio values to
the pool members.

 Open the Local Traffic > Pools > Pool List page and click http_pool.
 Open the Members page.
 In the Load Balancing section, from the Load Balancing Method list select Ratio (member), and then
click Update.

 In the Current Members section, click 10.1.20.11:80.


 In the Configuration section, set the Ratio value to 5 and then click Update.
 Return to the Members page and for 10.1.20.12:80 set the Ratio value to 2 and then click Update.

 In JMeter, select Summary Report, and then go to Run > Clear, and then go to Run > Start.
 Use the Summary Report to monitor the results.
When the total # Samples value reaches 600, the test is complete.
 In the Configuration Utility, view the Pools statistics.

Questions:
Were the connections distributed evenly? _____________

Were the connections distributed using a 5 – 2 – 1 ratio? _____________

 Reset the statistics for the pool and all pool members.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 67


Exercise 4.3 –Load Balancing Methods

Task 2 – Configure Weighted Least Connections Load Balancing


Update the http_pool by assigning connection limit values to the different pool members and then changing the
load balancing method to Weighted Least Connections (member).

 Click to edit the http_pool object, and then open the Members page.
 Update the pool members using the following information:
Member Connection Limit
10.1.20.11: 80 1200
10.1.20.12: 80 250
10.1.20.13: 80 50

 Return to the Members page, then from the Load Balancing Method list
select Weighted Least Connections (member), and then click Update.
 In JMeter, select Summary Report, and then go to Run > Clear, and then go to Run > Start.
 Use the Summary Report to monitor the results.
When the total # Samples value reaches 600, the test is complete.
 Close JMeter.
 In the Configuration Utility, view the Pools statistics.

Question:
Were the pool members utilized properly based on the configured connection limits?

_________

 Reset the statistics for the pool and all pool members.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 68


Exercise 4.4 –Priority Group Activation

Exercise 4.4 –Priority Group Activation


In this exercise you will enable priority group activation, and then add two additional pool members to the
HTTP pool. You’ll then examine how the BIG-IP system utilizes the pool members.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 15 minutes

Task 1 – Enable Priority Group Activation


Update http_pool by enabling priority group activation, and then assign priority values to the different pool
members. Add two additional members to the pool.

 Click to edit the http_pool object, and then open the Members page.
 Change the Load Balancing Method back to Ratio (Member).
 From the Priority Group Activation list select Less than.
 In the Available Member(s) field, enter 2, and then click Update.

 Update the pool members using the following information:


Member Priority Group
10.1.20.11: 80 8
10.1.20.12: 80 8
10.1.20.13: 80 4

 From the Members page, add new pool members using the following information:
Address Service Port Ratio Priority Group Connection Limit
10.1.20.14 80 2 4 10
10.1.20.15 80 1 3 10

 Use a new tab to access http://10.1.10.20, and then use Ctrl+F5 several times to refresh the page.

Question:
Which members are supplying content for the request? _____________________________

 In the Configuration Utility, disable pool member 10.1.20.11:80.


 In the F5 vLab Test Web Site tab, use Ctrl+F5 several times to refresh the page.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 69
Exercise 4.4 –Priority Group Activation
Question:
Which members are supplying content for the request? _____________________________

With priority group activation set to 2 members, why are there now three members
supplying content?

___________________________________________________________________________

 In the Configuration Utility, disable pool member 10.1.20.13:80.


 In the F5 vLab Test Web Site tab, use Ctrl+F5 several times to refresh the page.

Question:
Which members are supplying content for the request? _____________________________

 In the Configuration Utility, disable pool member 10.1.20.12:80.


 In the F5 vLab Test Web Site tab, use Ctrl+F5 several times to refresh the page.
Using priority group activation, we can always be assured that we have at least two pool members
available to fulfill user requests.
 In the Configuration Utility, re-enable pool members 10.1.20.11:80 and 10.1.20.13:80.
 In the F5 vLab Test Web Site tab, use Ctrl+F5 several times to refresh the page.
For the first couple of refreshes, content might continue to come from node #5 (10.1.20.15:80),
because the connections had yet to close. Eventually requests come only from 10.1.20.11, 10.1.20.13,
and 10.1.20.14.
 In the Configuration Utility, re-enable pool member 10.1.20.12:80.
 In the F5 vLab Test Web Site tab, use Ctrl+F5 several times to refresh the page.
After refreshing a several times, all requests now come from 10.1.20.11 and 10.1.20.12 only.
 Close the F5 vLab Test Web Site tab.
 Update the http_pool by changing the Priority Group Activation value back to Disabled, and then click
Update.
 Open the System > Archive page and click Create.
 Create an archive file named ltmfund_mod04_load_balancing_v13.0.0.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 70


Exercise 5.1 – Using Monitors with Nodes

Module 5 Exercises – Monitors


Exercise 5.1 – Using Monitors with Nodes
In this exercise you will assign the default monitor to be used for all nodes, in addition to assigning a node-
specific monitor as well as disassociating the default monitor from a node.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 15 minutes

Task 1 – Verify the Snapshot for the LAMP Image


In these exercises you will make modifications to the LAMP_v4 VMware image. Ensure that you have a snapshot
before moving on.

 In the VMware library, power off the LAMP_v4 image.


 Right-click LAMP_v4 and select Snapshot.
 If you do not have a snapshot named LAMP_v4_Clean, select Take Snapshot, and name the snapshot
LAMP_v4_Clean, and then click Take Snapshot.
 Start up the BIGIP-13.0_LTMFund and LAMP_v4 images.
 For Mac users, start up the Windows_7 image, and then log in as vLab User.

Task 2 – Assign a Default Monitor for all Nodes


Assign the BIG-IP system default icmp monitor as the default monitor for all nodes.

 Access https://10.1.1.245 and log in to the BIG-IP system.


 Open the Local Traffic > Nodes > Node List page.
Notice the status of all nodes is unknown.
 Open the Default Monitor page.

 Select icmp from the Available list box, then click <<, and then click Update.
 Open the Node List page, and examine the Status of the listed nodes.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 71


Exercise 5.1 – Using Monitors with Nodes

Task 3 – Create a Custom ICMP Monitor


Create a custom ICMP monitor that will be used with only one node.

 Open the Local Traffic > Monitors page and click Create.
 Create a new monitor using the following information, and then click Finished.
Name custom_icmp_monitor
Type ICMP
Parent Monitor icmp
Interval 4
Timeout 13
Transparent No

Task 4 – Assign the Custom Monitor to a Specific Node


Assign custom_icmp_monitor to 10.1.20.12.

 Open the Local Traffic > Nodes > Node List page and click 10.1.20.12.
 From the Health Monitors list select Node Specific.
 From the Available list select custom_icmp_monitor, then click <<, and then click Update

Task 5 – Assign No Monitors to a Specific Node


Assign no monitors to 10.1.20.13.

 Open the Node List page and click 10.1.20.13.


 From the Health Monitors list select None, and then click Update.
 Open the Node List page, and examine the Status of the listed nodes.
Nodes 10.1.20.11, 10.1.20.14, and 10.1.20.15 are available due to the node default monitor.
Node 10.1.20.12 is available due to the custom_icmp_monitor.
Node 10.1.20.13 is unknown as there is no monitor assigned.

This is not a recommended configuration. This set up is only to demonstrate three methods to assign
monitors to nodes.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 72


Exercise 5.2 – Using Monitors with Pools

Exercise 5.2 – Using Monitors with Pools


In this exercise you will create a custom HTTP monitor and assign the monitor to the HTTP pool. You will then
view the effects of using monitors on the virtual server, pool, pool members, and nodes.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 30 minutes

Task 1 – Check Current Pool Member Status


Use the Pool List page to examine the current status of the members of the HTTP pool.

 Open the Local Traffic > Pools > Pool List page, then click http_pool, and then open the Members page.
 Examine the Status of the listed members.

Question:
Will BIG-IP LTM distribute traffic to pool members that are unknown? _____________

Task 2 – Create a Custom HTTP Monitor


Create a custom HTTP monitor that requests a specific web page from the pool member and that verifies a
specific text string is returned in the HTTP response.

 Open the Local Traffic > Monitors page and click Create.
 Create a monitor using the following information, and then click Finished.
Name custom_http_monitor
Type HTTP
Interval 3
Timeout 10
Send String GET /HealthCheck.html\r\n
Receive String SERVER_UP

Task 3 – Assign the Custom Monitor to the Pool


Assign custom_http_monitor to http_pool.

 Open the Local Traffic > Pools > Pool List page and click http_pool.
 For Health Monitors, select custom_http_monitor, then click <<, and then click Update.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 73


Exercise 5.2 – Using Monitors with Pools

Task 4 – View the Network Map


View the status of virtual server, pool, pool members, and nodes using Network Map.

 Open the Local Traffic > Network Map page.

 Use the mouse to hover over the different pool members.

Question:
Why is the status of node 10.1.20.13 different from the other nodes?

___________________________________________________________________

Task 5 – View the Effects of Using Monitors


Make changes to the web site on the LAMP_v4 image, and view how the changes affect the Network Map.

 Use an SSH client to connect to the LAMP_v4 image at 10.1.1.252.


 Log in using the following credentials:
Username: root
Password: default
 Access and view the web server components on 10.1.20.11:80 by typing:
cd /var/www/server/1
ls

The HealthCheck.html web page currently exists on pool member 10.1.20.11:80.


 To rename this web page, type:
mv HealthCheck.html HealthCheck.html.down
ls
There is no longer a HealthCheck.html web page on pool member 10.1.20.11:80.
 Wait 10 seconds, and then in the Configuration Utility on the Network Map page, click Update Map
several times.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 74


Exercise 5.2 – Using Monitors with Pools
 Hover over each pool member.
The virtual server and pool display available.
Pool member 10.1.20.11:80 displays offline. These pool members display available:
o 10.1.20.12:80
o 10.1.20.13:80
o 10.1.20.14:80
o 10.1.20.15:80
All the nodes display as available, except 10.1.20.13, which displays unknown.
 In the SSH session, to change contents of the HealthCheck.html web page on 10.1.20.12:80 using
visual editor, type:
cd ..
cd 2
vi HealthCheck.html

→NOTE: You can use the Tab key to autocomplete the web page name.

 Use the ↓ key to move the cursor to the SERVER_UP paragraph, and use the → key to move the cursor
after the word UP.
 Type X twice to delete UP.
 To save and quit visual editor, type:
:wq (followed by the Enter key)
The text string SERVER_UP will no longer be found in HealthCheck.html on pool member
10.1.20.12:80.
 Wait 10 seconds, and then in the Configuration Utility on the Network Map page, click Update Map
several times.
The virtual server and pool still display available.
Pool members 10.1.20.11:80 and 10.1.20.12:80 display offline. These pool members display available:
o 10.1.20.13:80
o 10.1.20.14:80
o 10.1.20.15:80
 In the SSH session, to delete the IP address from 10.1.20.14:80, type:
ip addr del 10.1.20.14/24 dev eth1
This removes the IP address from node 4. The BIG-IP system will not receive an ICMP response from
the node.
 Wait 10 seconds, and then in the Configuration Utility on the Network Map page, click Update Map
several times.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 75


Exercise 5.2 – Using Monitors with Pools
 Hover over each pool member.

The virtual server and pool display offline.


Node 10.1.20.14 displays offline, which causes pool member 10.1.20.14:80 to display offline.
 Click http_pool to open the pool properties page, and then open the Members page.
o Update the Connection Limit of 10.1.20.13:80 to a value of 100.
o Update the Connection Limit of 10.1.20.15:80 to a value of 5.
 In the location you extracted JMeter, go the /bin directory, and then launch the jmeter.bat file.
 Open 10.1.10.20 Test.jmx.
 In the navigation panel, right-click 10.1.10.20 Test, and then select Add > Sampler > HTTP Request.
o Change the name to Big Text Page
o In the Path field, enter /bigtext.html
o Clear the Use KeepAlive checkbox.
 Select 10.1.10.20 Test, and then go to Run > Start.
 While the test runs, in the Configuration Utility continue to refresh the Network Map page.

Eventually pool member 10.1.20.15:80 displays unavailable because it reaches the configured
connection limit.
 Use a new tab to access http://10.1.10.20.
The page will be slow to load, and there should only be page elements supplied by pool member
10.1.20.13:80.
 In the Configuration Utility, go to node 10.1.20.13, select Forced Offline, and then click Update.
 Open the Network Map page and click Update Map.
 In the F5 vLab Test Web Site tab, use Ctrl+F5 several times to refresh the page.
Eventually you’ll receive a page error, as there will be no pool members left to fulfill the request.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 76


Exercise 5.2 – Using Monitors with Pools
 In JMeter, if the load test is still running, click the Stop button.

 Save the 10.1.10.20 Test, and then close JMeter.


 In the Configuration Utility, continue to click Update Map until pool member 10.1.20.15:80 is again
available.
 In the F5 vLab Test Web Site tab, use Ctrl+F5 several times to refresh the page.
The web page displays. All elements come from pool member 10.1.20.15:80.
 In the SSH session, to replace the text string in the HealthCheck.html web page on 10.1.20.12:80:
o Type: vi HealthCheck.html
o Use the ↓ and → keys to move the cursor the location where you removed the word UP.
o Type an “i” to enter insert mode.
o Type UP.
o Type the following commands:
<ESC> :wq <ENTER>

 In the F5 vLab Test Web Site tab, use Ctrl+F5 several times to refresh the page.
There are now page elements coming from both 10.1.20.12:80 and 10.1.20.15:80.
 In the Configuration Utility on the Network Map page, click Update Map.
The virtual server and pool display available.
Pool members 10.1.20.11:80 and 10.1.20.14:80 display offline.
Pool member 10.1.20.13:80 displays forced offline.
Pool members 10.1.20.12:80 and 10.1.20.15:80 display available.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 77


Exercise 5.3 – Using an Inband Monitor

Exercise 5.3 – Using an Inband Monitor


In this exercise you experiment with using a combination of passive monitoring and active monitoring.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 15 minutes

Task 1 –Create and Use an Inband Monitor


Create a custom inband monitor with a retry time of 0.

 Open the Local Traffic > Monitors page and click Create.
 Create a monitor using the following information, and then click Finished.
Name custom_inband_monitor
Type Inband
Retry Time 0 seconds
With this configuration, BIG-IP LTM determines if a pool member is available based on it’s responses to
actual user requests. If the pool member responds BIG-IP LTM considers the pool member available. If
the pool member has 3 failures (no response within 10 seconds) within 30 seconds,
BIG-IP LTM considers the pool member down.

Task 2 –Update the HTTP Monitor


Configure custom_http_monitor to use the Up Interval setting.

 On the Monitors page, click custom_http_monitor.


 From the Configuration list select Advanced.
 For the Up Interval value, select Enabled, then enter 60 seconds, and then click Update.

With this configuration, BIG-IP LTM uses the up interval setting for the active monitor (60 seconds) if
the inband monitor identifies the pool member available. If the inband monitor identifies the pool
member as suspect or offline, the regular interval is used for the active monitor (3 seconds).

Task 3 –Update the HTTP Pool


Add custom_inband_monitor along with custom_http_monitor to http_pool.

 Open the Pool List page and click http_pool.


 From the Configuration list select Advanced.
 For Health Monitors, select custom_inband_monitor and click <<.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 78


Exercise 5.3 – Using an Inband Monitor
 From the Availability Requirement list select At Least and leave the value of 1,
and then click Update.

 In the F5 vLab Test Web Site tab, use Ctrl+F5 several times to refresh the page.
There are now page elements provided by 10.1.20.11:80, 10.1.20.12:80, and 10.1.20.15:80.
 In the Configuration Utility, open the Network Map page.

 Click 10.1.20.11:80 and examine the Availability and Health Monitors statuses.

Notice the custom_http_monitor fails, while the custom_inband_monitor succeeds. Because we


modified the availability requirement to 1 health monitor, the pool member is identified as available.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 79


Exercise 5.4 – Using Manual Resume

Exercise 5.4 – Using Manual Resume


In this exercise you will modify the active HTTP monitor to use manual resume.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 10 minutes

Task 1 –Update the HTTP Monitor


Modify custom_http_monitor to use manual resume. Also, remove custom_inband_monitor from http_pool.

 Open the Monitors page and click custom_http_monitor.


 For Up Interval, select Disabled.
 For Manual Resume, select Yes, and then click Update.
 Open the Pool List page and click http_pool.
 For Health Monitors, select custom_inband_monitor, and then click >>.
 From the Availability Requirement list select All, and then click Update.
 Wait 10 seconds, and then open the Network Map page.
Pool member 10.1.20.11:80 again displays offline.

Task 2 –Update the Pool Members


Replace the HealthCheck.html web page on pool member 10.1.20.11:80.

 In the SSH session, to replace the HealthCheck.html web page on 10.1.20.11:80, type:
cd ..
cd 1
mv HealthCheck.html.down HealthCheck.html

 Close the SSH session.


 In the Configuration Utility, on the Network Map page, click Update Map.

 Hover over the black diamond for pool member 10.1.20.11:80.


The pool member 10.1.20.11:80 displays as Offline Disabled, waiting for manual resume.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 80


Exercise 5.4 – Using Manual Resume
 Click 10.1.20.11:80.

When a monitor is set for manual resume, a BIG-IP system administrator must manually enable the
pool member after the monitor is again identified as available
 Select Enabled (All traffic allowed), and then click Update.
 Open the Network Map page.
The pool member 10.1.20.11:80 is available.

Task 3 –Reset the Environment


To prepare for the next exercises, reset the environment, including restoring the LAMP_v4 image from the clean
snapshot.

 Open the Node List page and click 10.1.20.13.


 Change the State to Enabled, and then click Update.
 Open the Monitors page and click custom_http_monitor.
 For Manual Resume, select No, and then click Update.
 On the Archives page, create an archive file named ltmfund_mod05_monitors_v13.0.0.
 In the VMware library, power off the LAMP_v4 image.
 Right-click LAMP_v4 in the Library menu and select Snapshot > LAMP_v4_Clean.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 81


Exercise 6.1 – Using an HTTP Profile

Module 6 Exercises – Using Profiles


Exercise 6.1 – Using an HTTP Profile
In this exercise you will create a custom HTTP profile and add it to the HTTP virtual server. You will then
examine how the HTTP profile changes the traffic management behavior.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 15 minutes

Task 1 – Create a Custom HTTP Profile


Create a custom HTTP profile.

 In the VMware library, start up the BIGIP-13.0_LTMFund and LAMP_v4 images.


 For Mac users, start up the Windows_7 image, and then log in as vLab User.
 Access https://10.1.1.245 and log in to the BIG-IP system.
 Open the Local Traffic > Profiles > Services > HTTP page and click Create.
 Create an HTTP profile using the following information, and then click Finished.
Name custom_http_profile
Proxy Mode Reverse
Fallback Host https://www.f5.com
Fallback on Error Codes 404 500-503
Response Headers Allowed Content-Type Set-Cookie Location
Insert X-Forwarded-For Enabled
Maximum Requests 50
Notice the current inherited setting for Maximum Header Size is 32768 bytes.

Task 2 – Modify the Default HTTP Profile


Modify the BIG-IP system default http profile, and then examine which values were inherited by
custom_http_profile.

 On the Profiles: Services: HTTP page, click http.


 Edit the profile using the following information, and then click Update.
Maximum Requests 30
Maximum Header Size 16384

 Open the Profiles: Services: HTTP page and click custom_http_profile.

Questions:
Did the custom profile inherit the Maximum Requests setting? _______________

Did the custom profile inherit the Maximum Header Size setting? ________________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 83
Exercise 6.1 – Using an HTTP Profile

Task 3 – Add the Custom HTTP Profile to a Virtual Server


Add custom_http_profile to http_virtual.

 Use a new tab to access http://10.1.10.20.


 In the HTTP Request and Response Information section, click Request and Response Headers.
 Leave this tab open.
 In the Configuration Utility, open the Virtual Server List page and click http_virtual.
 In the Configuration section, from the HTTP Profile list select custom_http_profile, and then click
Update.

 Use a new tab to access http://10.1.10.20, and then click the Request and Response Headers link.
 Using both tabs, examine the different Response Headers delivered to the Client sections.

Questions:
Why are there less response headers in the second version of this web page?

_______________________________________________________________

Which response headers that were exposed in the first version of this web page could be
exploited by a hacker?

________________________________________________________________

 Using both tabs, examine the different Request Headers Received at the Server section.

Question:
On the second version, what is the X-Forwarded-For value? _________________________

 In the second tab, change the URL to http://10.1.10.20/badpage.php.

Questions:
What was the result of this request? ________________

Why were you redirected to f5.com? ___________________________________

 Close the second tab.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 84


Exercise 6.1 – Using an HTTP Profile

Task 4 – Update the Custom HTTP Profile


Update custom_http_profile with additional settings.

 In the Configuration Utility, open the Local Traffic > Profiles > Services > HTTP page and
click custom_http_profile.
 Edit the profile using the following information, and then click Update.
Request Header Erase User-Agent
Request Header Insert Bigip-Http-Virtual:10.1.10.20
Response Headers Allowed Content-Type Set-Cookie Location X-Injected

 In the F5 vLab Test Web Site tab, type Ctrl+F5 to refresh the Request and Response Headers page.

Questions:
Is the new Bigip-Http-Virtual request header displaying? ________________

Are you still seeing the User-Agent header? __________________

 Close the F5 vLab Test Web Site tab.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 85


Exercise 6.2 – Using a Stream Profile

Exercise 6.2 – Using a Stream Profile


In this exercise you will create a custom stream profile that will replace a static text string for responses from
the customer’s web site.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 10 minutes

Task 1 – View a Current Web Page


View the text that needs to be replaced on the customer’s web site.

 Use a new tab to access http://10.1.10.20.


 In the Content Examples on this Host section, click Stream Profile Example.
This page has several references to the company’s previous name, Lorax Bank (including in the page
title that displays on the tab). You will update the company name using a stream profile on BIG-IP LTM
without requiring making manual updates of web pages across multiple web servers.

Task 2 – Create a Stream Profile


Create a custom stream profile that will find occurrences of the customer’s previous name and replace it with
their updated company name.

 In the Configuration Utility, open the Local Traffic > Profiles > Other > Stream page and click Create.
 Create a stream profile using the following information, and then click Finished.
Name custom_stream
Source Lorax Bank
Target Lorax Investments

Task 3 – Add the Custom Stream Profile to a Virtual Server


Add custom_stream to http_virtual.

 Open the Virtual Server List page and click http_virtual.


 Select to view the Advanced configuration settings.
 In the Configuration section, from the Stream Profile list select custom_stream.

 In the Acceleration section, from the HTTP Compression Profile list select httpcompression, and then
click Update.
 In the F5 vLab Test Web Site tab, type Ctrl+F5 to refresh the Welcome to Lorax Bank page.
The stream profile replaced all occurrences of the string Lorax Bank with Lorax Investments, including
the page title that displays on the tab.
 Close the F5 vLab Test Web Site tab.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 86
Exercise 6.2 – Using a Stream Profile
Question:
Why did we need to add an http compression profile also? ________________

 Create an archive file named ltmfund_mod06_profiles_v13.0.0.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 87


Exercise 7 – Using Compression and Acceleration

Module 7 Exercises – Performance Profiles


Exercise 7 – Using Compression and Acceleration
In this exercise you will use iMacros for Firefox to create a recording of a visit to the HTTP virtual server. You
will then create several optimization profiles, including HTTP compression, caching, and TCP. You will create a
similar HTTP pool and virtual server and add the profiles to the new virtual server. You’ll then record a similar
visit to the web site using iMacros for Firefox and identify improvements.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 25 minutes

Task 1 – Install iMacros for Firefox


Install iMacros for Firefox.

→NOTE: For Mac users, iMacros for Firefox is already installed in the Windows 7 image. If you
are using the Windows 7 image you can skip to task 2.

 Use a web browser to access https://addons.mozilla.org/en-US/firefox/addon/imacros-for-firefox/.


 Download and install iMacros for Firefox.

Task 2 – Record BIG-IP LTM Performance without Optimization


Clear the statistics, then update http_virtual by removing the HTTP and stream profiles, and then record a visit
to the HTTP virtual server using iMacros for Firefox.

 In the VMware library, start up the BIGIP-13.0_LTMFund and LAMP_v4 images.


 For Mac users, start up the Windows_7 image, and then log in as vLab User.
 Access https://10.1.1.245 and log in to the BIG-IP system.
 Open the Statistics > Module Statistics > Local Traffic page.
 Reset the virtual server, pool, and pool member statistics.
 From the Statistics Type list select Profiles Summary.
 Click the View link for HTTP Compression, and then click Clear Statistics.
 Open the Virtual Server List page and click http_virtual.
 From the HTTP Profile list select None.
 From the Stream Profile list select None, and then click Update.
 Open Mozilla Firefox, and then access http://10.1.10.20.
 If it’s not already displayed, enable the iMacros pane.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 89


Exercise 7 – Using Compression and Acceleration
 In the iMacros panel, select the Rec tab, and then click Record.
 Record the following series of clicks:
o Right-click inside the window and select Reload.
o Click Welcome, and then click the banner at the top of the page to return to the home page.
o Click HTTP Compress Example, and then click the banner at the top of the page.
o Click Mask Sensitive Content Example, and then click the banner at the top of the page.
o Click Plaintext Compress Example.
 In the iMacros panel, on the Rec tab, click Stop.
 In the iMacros panel, select the Play tab.
 In the Max box, type 15, and then click Play (Loop).
 After the iMacro has finished playing, close Mozilla Firefox.
 In the Configuration Utility, open the Statistics > Module Statistics > Local Traffic page.
 From the Statistics Type list select Profiles Summary.
 Click the View link for HTTP Compression.
There is no compression taking place.
 Click the Back button, and then click the View link for Web Acceleration.
There is no caching taking place.

Task 3 – Configure HTTP Compression and Fast Cache


Create a custom HTTP compression profile and a custom Web acceleration profile.

 Open the Acceleration > Profiles > HTTP Compression page and click Create.
 Create an HTTP Compression profile using the following information, and then click Finished.
Name custom_compression
Parent Profile wan-optimized-compression
Minimum Content Length 10 bytes
gzip Compression Level 6 – Optimal Compression
Browser Workarounds Enabled

 Open the Acceleration > Profiles > Web Acceleration page and click Create.
 Create a Web Acceleration profile using the following information, and then click Finished.
Name custom_caching
Parent Profile optimized-acceleration
Cache Size 500 megabytes

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 90


Exercise 7 – Using Compression and Acceleration

Task 4 – Configure TCP Express and Content Spooling


Enable TCP optimization between the client and BIG-IP LTM, and between BIG-IP LTM and the pool members.

 Open the Local Traffic > Profiles > Protocol > TCP page and click Create.
 Create a TCP profile using the following information, and then click Repeat.
Name custom_tcp_server_profile
Parent Profile tcp_lan_optimized

 Create another TCP profile using the following information, and then click Finished.
Name custom_tcp_client_profile
Parent Profile tcp_wan_optimized
Memory Management: 196608
Proxy Buffer High
Data Transfer: Disabled
Delayed Acks
Data Transfer: Disabled
Nagle’s Algorithm
Loss Detection and Recovery: Enabled
Selective NACK

Task 5 – Configure OneConnect


Create a custom OneConnect profile.

 Open the Local Traffic > Profiles > Other > OneConnect page and click Create.
 Create a OneConnect profile using the following information, and then click Finished.
Name custom_oneconnect
Source Prefix Length Specify: IPv4 :16
Maximum Size 12000

Task 6 – Create a Pool and Virtual Server


Create a new pool and virtual server to use with the new performance profiles.

 Create a pool using the following information, and then click Finished.
Name http_pool2
Health Monitors custom_http_monitor
Members Node Service Port
(Use the Node List option) 10.1.20.11 80
10.1.20.12 80
10.1.20.13 80
10.1.20.14 80
10.1.20.15 80

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 91


Exercise 7 – Using Compression and Acceleration
 Create a virtual server using the following information, and then click Finished.
Name http_virtual2
Destination Address 10.1.10.21
Service Port 80 (HTTP)
Protocol Profile (Client) custom_tcp_client_profile
Protocol Profile (Server) custom_tcp_server_profile
HTTP Profile http
OneConnect Profile custom_oneconnect
HTTP Compression Profile custom_compression
Web Acceleration Profile custom_caching
Default Pool http_pool2

 Document the new virtual server IP address in the diagram on the next page.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 92


Exercise 7 – Using Compression and Acceleration

external IP: Mgmt IP:

Host workstation

external IP:

Windows 7 image

http_virtual2
IP:
http_virtual
IP: 10.1.10.20
VLAN: external Management network
Self IP: 10.1.10.240 IP: 10.1.1.245

VLAN: internal
Self IP: 10.1.20.240

LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.11 10.1.20.12 10.1.20.13 10.1.20.14 10.1.20.15

LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.16 10.1.20.17 10.1.20.18 10.1.20.19 10.1.20.252

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 93


Exercise 7 – Using Compression and Acceleration

Task 7 – Record BIG-IP LTM Performance with Optimization


Record traffic statistics with BIG-IP LTM optimization configured.

 Open a new private window in Mozilla Firefox, and then access http://10.1.10.21.

 Select the Rec tab, and then click Record.


 Record the following series of clicks:
o Right-click inside the window and select Reload.
o Click Welcome, and then click the banner at the top of the page to return to the home page.
o Click HTTP Compress Example, and then click the banner at the top of the page.
o Click Mask Sensitive Content Example, and then click the banner at the top of the page.
o Click Plaintext Compress Example.
 In the iMacros panel, on the Rec tab, click Stop.
 In the iMacros panel, select the Play tab.
 In the Max box, type 15, and then click Play (Loop).
 After the iMacro has finished playing, close Mozilla Firefox.
 In the Configuration Utility, view the Virtual Servers statistics.

Questions:
What are the Bits In and Bits Out values for http_virtual? ___________________________

What are the Bits In and Bits Out values for http_virtual2? ___________________________

Did compression reduce the amount of data sent to the user (Bits Out)? _____________

How many total connections were opened for http_virtual? ________________________

How many total connections were opened for http_virtual2? ________________________

 Reset the statistics for both virtual servers.


 View the Pools statistics.

Questions:
What are the Bits In and Bits Out values for http_pool? ______________________________

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 94


Exercise 7 – Using Compression and Acceleration
What are the Bits In and Bits Out values for http_pool2? _____________________________

Did caching lower the data between BIG-IP LTM and pool members (Bits In)? _____________

Did OneConnect lower the number of connections required for http_pool2? _____________

 Reset the statistics for both pools and all pool members.
 From the Statistics Type list select Profiles Summary.
 Click the View link for HTTP Compression.

Questions:
What is the pre and post compress values for HTML content? _________________________

What is the pre and post compress values for Plain content? _________________________

What is the difference in total savings from compression? _________________

 Click the Back button, and then click the View link for Web Acceleration.

Questions:
How many total items were cached? ___________________

How many bytes of data were served from the BIG-IP system cache (Hits)? ______________

 Create an archive file named ltmfund_mod07_performance_profiles_v13.0.0.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 95


Exercise 8.1 – Using Source Address Persistence

Module 8 Exercises – Persistence Profiles


Exercise 8.1 – Using Source Address Persistence
In this exercise you will create a source address persistence profile and examine how it changes the BIG-IP
load balancing decision.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 15 minutes

Task 1 – Update the HTTP Pool


Update http_pool to use round robin load balancing.

 In the VMware library, start up the BIGIP-13.0_LTMFund and LAMP_v4 images.


 For Mac users, start up the Windows_7 image, and then log in as vLab User.
 Access https://10.1.1.245 and log in to the BIG-IP system.
 Open the Pool List page, then click http_pool, and then open the Members page.
 From the Load Balancing Method list select Round Robin, and then click Update.

Task 2 – Create a Source Address Persistence Profile


Create a custom source address persistence profile and add it to http_virtual.

 Open the Local Traffic > Profiles > Persistence page and click Create.
 Create a persistence profile using the following information, and then click Finished.
Name custom_source_address
Persistence Type Source Address Affinity
Timeout 15 seconds
Prefix Length Specify: IPv4 : 24

 Open the Virtual Server List page and click http_virtual.


 Open the Resources page.
 From the Default Persistence Profile list select custom_source_address, and then click Update.
 Use a new tab to access http://10.1.10.20.
 Use Ctrl+F5 several times to refresh the page.

Questions:
Are responses coming from one or several pool members? ______________________

Which pool member is supplying the content for this request? ____________________

 Wait over 20 seconds and then use Ctrl+F5 to refresh the page again.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 97
Exercise 8.1 – Using Source Address Persistence
Questions:
Was the same pool member used for this request? _______________

Why or why not? _________________________________________________________

Task 3 – Sharing a Source Address Persistence Record


Modify custom_source_address so that two different workstations will share the same persistence record.

 In the Configuration Utility, open the Local Traffic > Profiles > Persistence page and click
custom_source_address.
 Modify the Timeout value to 45 seconds, and then click Update.
 Open the Virtual Server List page and click http_virtual.
 From the Source Address Translation list select Auto Map, and then then click Update.
 Use Ctrl+F5 to refresh the F5 vLab Test Web Site tab.
 In the VMware library, select LAMP_v4.
 Within the VMware window on the LAMP desktop, leave the Xubuntu user account selected and
click Login.

→NOTE: You may need to click Login several times.

 On the LAMP_v4 desktop, use Firefox to access http://10.1.10.20.

Questions:
Did the two different browsers use the same pool member? _______________

Why or why not? _________________________________________________________

 Open an SSH session to 10.1.10.241 and type the following command:


tmsh show /ltm persistence persist-records all-properties
This is the tmsh command to show persistence records on the BIG-IP system.

Question:
What is the Node Addr value(s) in the persistence records? ________________________

 Issue the command again and notice the Age value.


 Continue to issue the command until the persistence records are removed.
 Open the Local Traffic > Profiles > Persistence page and click custom_source_address.
 Modify the Prefix Length to 16, and then click Update.
 From the Windows client, use Ctrl+F5 to refresh the F5 vLab Test Web Site tab.
 On the LAMP_v4 desktop, right-click inside http://10.1.10.20 and select Reload.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 98


Exercise 8.1 – Using Source Address Persistence
Questions:
Did the two different client browsers use the same pool member? _______________

Why or why not? _________________________________________________________

 In the SSH session re-issue the following command:


tmsh show /ltm persistence persist-records all-properties

Question:
How many persistence records are there? ________________________

What is the Node Addr value(s) in the persistence records? ________________________

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 99


Exercise 8.2 – Using Cookie Persistence

Exercise 8.2 – Using Cookie Persistence


In this exercise you will create a custom cookie persistence profile, and then add it in place of the source
address persistence profile.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 10 minutes

Task 1 – Create a Cookie Persistence Profile


Create a custom cookie persistence profile, and then add it in place of the source address persistence profile.

 In the Configuration Utility, open the Local Traffic > Profiles > Persistence page and click Create.
 Create a persistence profile using the following information, and then click Finished.
Name custom_cookie
Persistence Type Cookie

 Open the Virtual Server List page and click http_virtual.


 From the Source Address Translation list select None, and then then click Update.
 Open the Resources page.
 From the Default Persistence Profile list select custom_cookie, and then click Update.

Questions:
Was the update successful? _______________

Why or why not? _________________________________________________________

 Open the Properties page.


 From the HTTP Profile list select the BIG-IP system default http profile, and then click Update.
 Repeat the steps above to change the persistence profile to custom_cookie., and then click Update.
 Use a new tab to access http://10.1.10.20.
 Use Ctrl+F5 several times to refresh the page.
 In the SSH session re-issue the following command:
tmsh show /ltm persistence persist-records all-properties

Question:
Is there a persistence record on the BIG-IP system for this session? _______________

Why or why not? _________________________________________________________

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 100
Exercise 8.3 – View Persistence with Disabled and Offline Pool Members

Exercise 8.3 – View Persistence with Disabled and Forced


Offline Pool Members
In this exercise you will examine how persistence works with both disabled and offline pool members.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 10 minutes

Task 1 – Update the Source Address Profile and the Virtual Server
Update the timeout value in custom_source_address, and then update http_virtual to use
custom_source_address.

 Open the Local Traffic > Profiles > Persistence page and click custom_source_address.
 Modify the Timeout to 60 seconds, and then click Update.
 Open the Virtual Server List page, then click http_virtual, and then open the Resources page.
 From the Default Persistence Profile list select custom_source_address, and then click Update.

Task 2 – View the Effects of Disabled and Forced Offline Pool Members
Identify how persistence affects disabled and offline pool members.

 Use a new tab to access http://10.1.10.20. Use Ctrl+F5 several times to refresh the page.

Question:
To which pool member are you persisting? ______________________

 In the Configuration Utility, go to this pool member and disable it.


 In the F5 vLab Test Web Site tab, use Ctrl+F5 several times to refresh the page.

Questions:
Did you persist to the same pool member? _______________

Can a disabled pool member service client requests? ________________

 In the Configuration Utility, go to this pool member and force it offline.


 In the F5 vLab Test Web Site tab, use Ctrl+F5 several times to refresh the page.

Questions:
Did you persist to the same pool member? _______________

Can a forced offline pool member service client requests? ________________

 In the Configuration Utility, re-enable the pool member from above.


WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 101
Exercise 8.3 – View Persistence with Disabled and Offline Pool Members
 In the F5 vLab Test Web Site tab, use Ctrl+F5 several times to refresh the page.

Question:
Did the persistence session go back to the original pool member? _______________

 Close the F5 vLab Test Web Site tab.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 102
Exercise 8.4 – Using Match Across Virtual Servers

Exercise 8.4 – Using Match Across Services


In this exercise you will use persistence with two virtual servers. It’s critical that users are persisted to the
same pool member, regardless of which virtual server they access.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 10 minutes

Task 1 – Clear Statistics and View Access to Two Virtual Servers


View how requests are currently being handled through http_virtual and a new https_virtual.

 Create a pool using the following information, and then click Finished.
Name https_pool
Health Monitors https_443
Members Node Service Port
(Use the Node List option) 10.1.20.11 443
10.1.20.12 443
10.1.20.13 443
10.1.20.14 443
10.1.20.15 443

 Create a virtual server using the following information, and then click Finished.
Name https_virtual
Destination Address 10.1.10.20
Service Port 443 (HTTPS)
Default Pool https_pool

 Open the Statistics > Module Statistics > Local Traffic page.
 Reset the statistics for both virtual servers, both pools, and all pool members.
 Use a new tab to access http://10.1.10.20 .
 Type Ctrl+F5 exactly three times.
 Use a second tab to access https://10.1.10.20 .
 Type Ctrl+F5 exactly three times.
 Close both F5 vLab Test Web Site tabs.
 In the Configuration Utility, on the pools Statistics page, click Refresh, and then expand both pools.

Questions:
Are requests for http_pool persisting to one pool member? _______________

Are requests for https_pool persisting to one pool member? ________________

 Reset the statistics for both pools and all pool members.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 103
Exercise 8.4 – Using Match Across Virtual Servers

Task 2 – Enable Persistence for https_virtual


Add custom_source_address to https_virtual.

 Open the Virtual Servers page, then click https_virtual, and then open the Resources page.
 From the Default Persistence Profile list select custom_source_address, and then click Update.
 Use a new tab to access http://10.1.10.20.
 Type Ctrl+F5 exactly three times.
 Use a second tab to access https://10.1.10.20.
 Type Ctrl+F5 exactly three times.
 Close both F5 vLab Test Web Site tabs.
 In the SSH session re-issue the following command:
tmsh show /ltm persistence persist-records all-properties

 In the Configuration Utility, view the pools Statistics page.

Questions:
Are requests for http_pool persisting to one pool member? _______________

Are requests for https_pool persisting to one pool member? ________________

Are requests for each different pool persisting to the same pool member? ___________

 Reset the statistics for both pools and pool members.

Task 3 – Enable Match Across Services


Update custom_source_address to use the Match Across Services option.

 Open the Persistence profiles page and click custom_source_address.


 Enable the Match Across Services option, and then click Update.
 Wait until all persistence records are deleted.
 Use a new tab to access http://10.1.10.20.
 Type Ctrl+F5 exactly three times.
 Use a second tab to access https://10.1.10.20.
 Type Ctrl+F5 exactly three times.
 Close both F5 vLab Test Web Site tabs.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 104
Exercise 8.4 – Using Match Across Virtual Servers
 In the SSH session re-issue the following command:
tmsh show /ltm persistence persist-records all-properties

 In the Configuration Utility, view the pools Statistics page.

Question:
Are requests for each different pool persisting to the same pool member? ___________

 For both http_virtual and https_virtual, change the persistence to None, and then click Update.
 Reset the statistics for both pools.
 Create an archive file named ltmfund_mod08_persistence_profiles_v13.0.0.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 105
Exercise 9.1 – Supporting SSL Traffic

Module 9 Exercises – SSL Termination


Exercise 9.1 – Supporting SSL Traffic
In this exercise you’ll configure BIG-IP LTM to support processing SSL traffic. First you’ll configure the BIG-IP
system to simply pass SSL traffic through to the pool members. Then you’ll configure the BIG-IP system for
SSL termination.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 20 minutes

Task 1 – Create a Self-Signed Certificate


Create a self-signed certificate for www.f5demo.com.

 In the VMware library, start up the BIGIP-13.0_LTMFund and LAMP_v4 images.


 For Mac users, start up the Windows_7 image, and then log in as vLab User.
 Access https://10.1.1.245 and log in to the BIG-IP system.
 Open the System > Certificate Management > Traffic Certificate Management > SSL Certificate List page
and click Create.
 Create a self-signed certificate using the following information, and then click Finished.
Name custom_ssl_cert
Type Self
Common Name www.f5demo.com
Lifetime 3650 days

Task 2 – Create a Client SSL Profile


Create a client SSL profile using custom_ssl_cert.

 Open the Local Traffic > Profiles > SSL > Client page, and then click Create.
 Name the profile custom_client.ssl.
 For Certificate Key Chain select the Custom checkbox, and then click Add.
 Use following information: (NOTE: Copy and paste the pass phrase.)
Certificate custom_ssl_cert
Key custom_ssl_cert

 Click Add for Certificate Key Chain, and then click Finished.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 107
Exercise 9.1 – Supporting SSL Traffic

Task 3 – Create a Custom HTTPS Monitor


Create a custom HTTPS monitor that requests the index.php web page from the pool member and then verifies
that a text string is returned in the response. Then apply this Monitor to https_pool.

 Open the Local Traffic > Monitors page and click Create.
 Create a monitor using the following information, and then click Finished.
Name custom_https_monitor
Type HTTPS
Send String GET /index.php\r\n
Receive String FSE vLab Test Web Site

 Open https_pool, and change the Monitor to custom_https_monitor, and then click Update.

→ NOTE: Both https_pool and https_virtual were created in Exercise 8.4 Task 1. If you skipped
that exercise then go back and configure those two objects because they are used in
this module’s exercises and beyond.

 Document the https virtual server IP address and port in the diagram on the next page.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 108
Exercise 9.1 – Supporting SSL Traffic

external IP:

Host workstation

external IP:

Windows 7 image
https_virtual
IP/port:

http_virtual2
IP/port: 10.1.10.21:80

http_virtual VLAN: external


IP/port: 10.1.10.20:80 Self IP: 10.1.10.240

VLAN: internal
Self IP: 10.1.20.240

LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.11 10.1.20.12 10.1.20.13 10.1.20.14 10.1.20.15

LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.16 10.1.20.17 10.1.20.18 10.1.20.19 10.1.20.252

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 109
Exercise 9.1 – Supporting SSL Traffic
 Use a new tab to access https://10.1.10.20.

Questions:
What is listed in your browser’s URL box? ________________________________

In the Request Details, what information is listed after Pool member address/port?

_____________________________________

Is the connection between the client and BIG-IP LTM secure? _____________

Is the connection between BIG-IP LTM and the pool member secure? _____________

 In the F5 vLab Test Web Site tab, use Ctrl+F5 several times to refresh the page.
Each request is load balanced to different pool members.
 Close the F5 vLab Test Web Site tab.

Task 4 – Add Cookie Persistence to the HTTPS Virtual Server


Attempt to add custom_cookie to https_virtual and verify the results.

 In the Configuration Utility, on the Virtual Server List page click https_virtual.
 From the HTTP Profile list select custom_http_profile, and then click Update.
 Open the Resources page.
 From the Default Persistence Profile list select custom_cookie, and then click Update.
 Use a new tab to access https://10.1.10.20.

Questions:
Did the web page display? _____________

Why or why not? _______________________________________________________

 Close the tab.

Task 5 – Enable SSL Termination with the HTTPS Virtual Server


Enabled SSL termination on https_virtual and verify the results.

 In the Configuration Utility, on the https_virtual page, open the Properties page.
 From the SSL Profile (Client) list select custom_client_ssl, and then click <<.
 From the SSL Profile (Server) list select serverssl, then click <<, and then click Update.
 Use a new tab to access https://10.1.10.20.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 110
Exercise 9.1 – Supporting SSL Traffic
 Use Ctrl+F5 several times to refresh F5 vLab Test Web Site tab.

Questions:
Did the web page display? _____________

Is the connection between the client and BIG-IP LTM secured? _____________

Is the connection between BIG-IP LTM and the pool member secured? _____________

Is cookie persistence working? _____________

 Change the URL to https://10.1.10.20/badpage.php.

Question:
Is BIG-IP LTM processing the custom HTTP profile? _____________

Task 7 – Verify the Certificate


Verify the certificate being used by https_virtual.

 Change the URL to https://10.1.10.20.


 Right-click inside the browser window and select Properties.
 Click Certificates.

Question:
How can you identify that this is a self-signed certificate? _________________________

 Click OK, and then close the F5 vLab Test Web Site tab.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 111
Exercise 10.1 – Using a NAT

Exercise 9.2 – Enabling SSL Offload


In this exercise you will update the HTTPS virtual server to perform SSL offload, sending traffic to the pool
members unencrypted.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 20 minutes

Task 1 – Import an SSL Certificate and Key


Import the vlab.f5demo.com.2017 certificate and key, and then import the entrust_chain certificate chain.

 In the Configuration Utility, open the System > Certificate Management > Traffic Certificate
Management > SSL Certificate List page and click Import.
 From the Import Type list select Certificate.
 In the Certificate Name field, type f5demo_2017, and then click Browse.
 Navigate to the Documents\Exercise_Files folder, select the vlab.f5demo.com.2017.pem file, and then
click Open.
 Click Import.
 Click the Import button again, and then from the Import Type list select Key.
 In the Key Name box, type f5demo_2017, and then click the Browse button.
 Select the vlab.f5demo.com.2017.key file, and then click Open.
 Click Import.
 Click the Import button again, and then from the Import Type list select Certificate.
 In the Certificate Name box, type chain_2017, and then click the Browse button.
 Select the entrust-chain.txt file, and then click Open.
 Click Import.

 Click chain_2017.
Notice there are two certificate subjects contained in this certificate bundle.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 112
Exercise 10.1 – Using a NAT

Task 2 – Create a Client SSL Profile


Create a new client SSL profile using the wildcard.vlab.f5demo.com certificate and key.

 Open the Local Traffic > Profiles > SSL > Client page, and then click Create.
 Name the profile f5demo_client.ssl.
 For Certificate Key Chain select the Custom checkbox, and then click Add.
 Use following information: (NOTE: Copy and paste the pass phrase.)
Certificate f5demo_2017
Key f5demo_2017
Chain chain_2017
Pass Phrase IamFfive2Day

 Click Add.

 Click Finished.

Task 3 – Update Your Local Hosts File


Add an entry for your local hosts file for offload.vlab.f5demo.com.

→NOTE: For Mac users, the hosts file entries have already been created on the Windows 7
image.

 Right-click on Notepad in the Start menu, and then select to Run as Administrator.

 Open the C:\Windows\System32\drivers\etc\hosts file.


 Add an entry for:
10.1.10.30 offload.vlab.f5demo.com

 Save and close the hosts file.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 113
Exercise 10.1 – Using a NAT

Task 4 – Create an Offload Virtual Server


Create a new virtual server that will perform SSL offload.

 In the Configuration Utility, open the Virtual Server List page and click Create.
 Create a virtual server using the following information, and then click Finished.
Name offload_virtual
Destination Address 10.1.10.30
Service Port 443 (HTTPS)
Configuration Advanced
HTTP Profile custom_http_profile
Stream Profile custom_stream
SSL Profile (Client) f5demo_client_ssl
HTTP Compression Profile httpcompression
Default Pool http_pool
Default Persistence Profile custom_cookie

 Document the new virtual server IP address and port in the diagram on the next page.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 114
Exercise 10.1 – Using a NAT

external IP:

Host workstation

external IP:
offload_virtual
IP/port: Windows 7 image
https_virtual
IP/port: 10.1.10.20:443

http_virtual2
IP/port: 10.1.10.21:80

http_virtual VLAN: external


IP/port: 10.1.10.20:80 Self IP: 10.1.10.240

VLAN: internal
Self IP: 10.1.20.240

LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.11 10.1.20.12 10.1.20.13 10.1.20.14 10.1.20.15

LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.16 10.1.20.17 10.1.20.18 10.1.20.19 10.1.20.252

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 115
Exercise 10.1 – Using a NAT
 Use a new tab to access https://offload.vlab.f5demo.com.
 Use Ctrl+F5 several times to refresh the page.

Questions:
What is listed in your browser’s URL box? ________________________________

In the Request Details, what information is listed after Pool member address/port?

_____________________________________

Is the connection between the client and BIG-IP LTM secure? _____________

Is the connection between BIG-IP LTM and the pool member secure? _____________

Is cookie persistence working? ______________

 Scroll down to the HTTP Request and Response section, and click Request and Response Headers.

Question:
Is BIG-IP LTM processing the custom HTTP profile? _____________

 Click the banner at the top of the page, scroll down to the Content Examples on This Host section, and
then click Stream Profile Example.

Question:
Is BIG-IP LTM processing the stream profile? _____________

Task 5 – Verify the Certificate


Verify the certificate being used by offload_virtual.

 Right-click inside the browser window and select Properties.


 Click Certificates.

Question:
Who issued this certificate? _____________________________

When does it expire? _________________________________

 Click OK, and then close the F5 vLab Test Web Site tab.
 In the Configuration Utility, create an archive file named ltmfund_mod09_ssl_traffic_v13.0.0.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 116
Exercise 10.1 – Using a NAT

Module 10 Exercises – NATs and SNATs


Exercise 10.1 – Using a NAT
In this exercise you will configure a NAT to pass traffic between an external client and a specific internal node.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 10 minutes

Task 1 – Configure a NAT


Create a custom NAT to give external uses access to a specific node in the 10.1.20.0 network.

 In the VMware library, start up the BIGIP-13.0_LTMFund and LAMP_v4 images.


 For Mac users, start up the Windows_7 image, and then log in as vLab User.
 Access https://10.1.1.245 and log in to the BIG-IP system.
 Open the Local Traffic > Address Translation > NAT List page and click Create.
 Create a NAT using the following information, and then click Finished.
Name custom_NAT
NAT Address 10.1.10.200
Origin Address 10.1.20.13

 Document the new NAT IP address in the diagram on the next page.
 Draw an arrow from the NAT IP address to the pool member to which it directs requests.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 117
Exercise 10.1 – Using a NAT

external IP:

Host workstation

custom_NAT
IP: external IP:
offload_virtual
IP/port: 10.1.10.30:443 Windows 7 image
https_virtual
IP/port: 10.1.10.20:443

http_virtual2
IP/port: 10.1.10.21:80

http_virtual VLAN: external


IP/port: 10.1.10.20:80 Self IP: 10.1.10.240

VLAN: internal
Self IP: 10.1.20.240

LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.11 10.1.20.12 10.1.20.13 10.1.20.14 10.1.20.15

LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.16 10.1.20.17 10.1.20.18 10.1.20.19 10.1.20.252

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 118
Exercise 10.1 – Using a NAT

Task 2 – Test the Custom NAT


Use custom_NAT by for several application services.

 Use a new tab to access http://10.1.10.200.


All page elements come from node 3 (10.1.20.13:80).
 Change the URL to http://10.1.10.200:8081.
 Change the URL to https://10.1.10.200.
 Use an SSH client to connect to 10.1.10.200.

→NOTE: It’s not necessary to log into the CLI to complete this task.

You can connect to multiple services using the NAT and always connect to 10.1.20.13.
 Close the F5 vLab Test Web Site tab and the SSH session.

Task 3 – Disable the NAT


Disable custom_NAT as you will not use it for the remaining exercises.

 In the Configuration Utility on the NAT List page, click custom_NAT.


 From the State list select Disabled, and then click Update.
 Confirm custom_NAT is no longer enabled by using a new tab to attempt accessing http://10.1.10.200.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 119
Exercise 10.2 – Using SNATs

Exercise 10.2 – Using SNATs


In this exercise you will configure a SNAT that will be used for all user requests from the 10.1.10.20 network.
• Required virtual images: BIGIP-13.0_LTMFund, LAMP_v4
• Estimated completion time: 25 minutes

Task 1 – Test Behavior without SNAT


Open the HTTP virtual server and examine what the back-end web server sees as the client IP address.

 Use a new tab to access http://10.1.10.20.


 View the information in the Request Details section.

Questions:
What is the client IP address? __________________________

Which device is configured with this IP address? ____________________________

Task 2 – Use SNAT Auto Map with the HTTP Virtual Server
Update http_virtual by enabling SNAT Automap.

 In the Configuration Utility, open the Virtual Server List page and click http_virtual.
 In the Configuration section, from the Source Address Translation list select Auto Map. and then click
Update.

 Use Ctrl+F5 to refresh the F5 vLab Test Web Site tab.

Questions:
What is the client IP Address? __________________________

Which device is configured with this IP address? ____________________________

When using SNAT, how can you ensure the pool member can identify the true
client IP address?

_________________________________________________________________________

 In the Configuration Utility, on the http_virtual page, from the HTTP Profile list select
custom_http_profile, and then click Update.
 In the F5 vLab Test Web Site tab, click the Request and Response Headers link.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 120
Exercise 10.2 – Using SNATs
Question:
What is the X-Forwarded-For value? _________________________

 Close the F5 vLab Test Web Site tab.

Task 3 – Create a Separate SNAT Object


Create a SNAT that will be used for all user requests from the 10.1.10.0 network.

 In the Configuration Utility, open the Local Traffic > Address Translation > SNAT List page and
click Create.
 Create a SNAT using the following information, and then click Finished.
Name custom_SNAT
Translation IP Address: 10.1.20.201
Origin Address List
Address /Prefix Length 10.1.10.0/24 (Click Add)

 Document the new SNAT IP address in the diagram on the next page.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 121
Exercise 10.2 – Using SNATs

external IP:

Host workstation

external IP:
offload_virtual
IP/port: 10.1.10.30:443 Windows 7 image
https_virtual
IP/port: 10.1.10.20:443

http_virtual2
IP/port: 10.1.10.21:80

http_virtual VLAN: external


IP/port: 10.1.10.20:80 Self IP: 10.1.10.240

VLAN: internal
Self IP: 10.1.20.240
custom_SNAT
IP:

LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.11 10.1.20.12 10.1.20.13 10.1.20.14 10.1.20.15

LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.16 10.1.20.17 10.1.20.18 10.1.20.19 10.1.20.252
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 122
Exercise 10.2 – Using SNATs
 Use a new tab to access the following URLs. For each URL document the Client IP address:
o http://10.1.10.20 Client IP address:
o http://10.1.10.21 Client IP address:
o https://10.1.10.20 Client IP address:
 Close the F5 vLab Test Web Site tab.

Questions:
Did every connection use the new SNAT? __________________

If no, which ones didn’t, and why? _______________________________________________

____________________________________________________________________________

 In the Configuration Utility, update http_virtual by selecting None for Source Address Translation.
 Use a new tab to access http://10.1.10.20.
 Change the URL to http://10.1.10.21.

Question:
Are these connections using the new SNAT? __________________

 Close the F5 vLab Test Web Site tab.

Task 4 – Create a SNAT Pool


Create a SNAT pool to use with http_virtual2.

 In the Configuration Utility, open the Local Traffic > Address Translation > SNAT Pool List page and
click Create.
 Create a SNAT pool using the following information, and then click Finished.
Name custom_SNAT_pool
Member List 10.1.20.222
10.1.20.223
10.1.20.224
(Click Add between each entry)

 Open the Virtual Server List page and click http_virtual2.


 From the Source Address Translation list select SNAT.
 From the SNAT Pool list select custom_SNAT_pool, and then click Update.
 Use a new tab to access http://10.1.10.21.

Question:
Which IP address was used for the SNAT address? _____________________________

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 123
Exercise 10.2 – Using SNATs
 Close the F5 vLab Test Web Site tab.

Task 5 – Create a SNAT for Internal Users


Create a SNAT to give internal users access to external resources through BIG-IP LTM.

 In VMware, select the LAMP_v4 image and click Login.


 From the LAMP_v4 image, use Firefox to access https://www.f5.com.
The request fails, as this device does not have direct Internet access.
 In the Configuration Utility, open the Local Traffic > Address Translation > SNAT List page and
click Create.
 Create a SNAT using the following information, and then click Finished.
Name internal_SNAT
Translation IP Address: 10.1.10.100
Origin Address List
Address /Prefix Length 10.1.20.0/24 (Click Add)

 In the LAMP_v4 VMware image, refresh the https://www.f5.com page.


The F5.com page displays. BIG-IP LTM used the 10.1.1.100 IP address to request the public Internet
web page.
 Close the F5.com page.
 In the Configuration Utility, create an archive file named ltmfund_mod10_nat_snat_v13.0.0.

Task 6 – Delete the SNATs


Delete custom_SNAT and internal_SNAT as you will not need them for the remaining exercises.

 Open the Local Traffic > Address Translation > SNAT List page.
 Select the checkbox for both custom_SNAT and internal_SNAT, and then click Delete twice.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 124
Exercise 11.1 – Setting Up iRule Development

Module 11 Exercises – iRules


Exercise 11.1 – Setting Up iRule Development
In this exercise you’ll download and install the iRule Editor from DevCentral. You’ll then use the iRule Editor to
connect to your BIG-IP and write your first iRule. You’ll then download an iRule from DevCentral and use the
iRule as is.
• Estimated completion time: 25 minutes

Task 1 – Download the iRule Editor


Access and log in to DevCentral, and then download the iRule Editor. You do not need to perform this task if you
already have the iRule Editor installed on your workstation.

→NOTE: For Mac users, the iRule Editor is already installed on the Windows 7 image.

 For Mac users, start up the Windows_7 image, and then log in as vLab User.
 Use a web browser to access https://devcentral.f5.com/d/ .
 Login using your DevCentral user account, or create a DevCentral user account.
 Find the iRule Editor Download and then run the iRulerSetup.exe file.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 125
Exercise 11.1 – Setting Up iRule Development

Task 2 – Open the iRule Editor


Open the iRule Editor and explore the application.

 From your Start menu, launch the F5 iRule Editor.


 Install updates if there are any.

 Click the iRules Reference button.


This opens the iRules Wiki Home page on DevCentral. iRules 101 is a helpful DevCentral Web series
that you can use for additional iRules training after viewing the LTM Fundamentals course.
 Close the iRules Wiki Home page.
 In the iRule Editor, click the TCL Reference button.
This opens the TCL command reference page.
 From the Tcl Commands list, click the set link.
This web site is a great resource for TCL commands with descriptions and examples. You’ll learn about
the set command in Lesson 4.
 Close the TCL Commands page.

Task 3 – Use the iRule Editor to Connect to the BIG-IP System


Use the iRule Editor to connect to the external self IP address of the BIG-IP system.

 In the VMware library, start up the BIGIP-13.0_LTMFund and LAMP_v4 images.


 In the iRule Editor, go to File > Connect.

 In the Hostname field type 10.1.10.241.


 In the Username and Password boxes enter the username and password you created in Exercise 1.3, and
then click OK.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 126
Exercise 11.1 – Setting Up iRule Development

Task 4 – Create Your First iRule


Create a basic iRule to log information when a client connection is accepted by BIG-IP LTM.

 In the left navigation pane of the iRules Editor, select Local Traffic.
 Go to File > New.
 Name the new iRule exercise_iRule.
 Click the Custom tab, then click the CLIENT_ACCEPTED event, and then click OK.

 Change the second line of the iRule to:


log local9. "CLIENT connection ACCEPTED"

 Select the View menu, and then select both Whitespace and End of Line.
The iRule Editor can display several annotations to help you write iRules.
 Click the Save button.

The iRule Editor validates the code syntax when you save.
 View the error at the bottom of the iRule Editor.

Question:
What caused this error? __________________________________________________

 Change the second line of the iRule to:


log local0. "CLIENT connection ACCEPTED"

 Save the iRule and verify that you do not receive a syntax error.
 Access https://10.1.1.245 and log in to the BIG-IP system.
 Open the Local Traffic > iRules > iRules List page.
The iRule has been saved on BIG-IP LTM.
 Click exercise_iRule.
 Change the iRule definition by removing the closing double-quotes after the log statement, and then
click Update.
BIG-IP LTM also checks iRules syntax within the Configuration Utility.
 Fix the iRule definition by adding the closing double-quotes, and then click Update.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 127
Exercise 11.1 – Setting Up iRule Development

Task 5 – Add the iRule to the HTTP Virtual Server


Add the new iRule to http_virtual, and then verify the iRule.

 Open the Virtual Server List page and click http_virtual.


 From the HTTP Profile list select http, and then click Update.
 Open the Resources page.
 From the Default Persistence Profile list select None, and then click Update.

→NOTE: We are removing persistence in order to use iRules for all BIG-IP LTM load balancing
decisions.

 In the iRule section, click Manage.


 From the Available list select exercise_iRule, then click <<, and then click Finished.

 Use an SSH client to access 10.1.10.241.

→NOTE: For easier viewing of log entries resize the SSH session, making it bigger both
horizontally and vertically.

 At the CLI prompt, type:


tail -f /var/log/ltm

 Press the Enter key several times to move the existing log entries to the top of the window.
 Use a new tab to access http://10.1.10.20.
 View the SSH session.

Questions:
Was the iRule triggered? _______________

How many client connections were required for this request? _________________

Task 6 – Save the Current iRule to your Offline iRules


Create a new iRule, then copy your current iRule to the new iRule, and then copy the new iRule to your offline
iRules.

 In the iRule Editor, select Local Traffic, and then go to File > New.
 Name the new iRule exercise11.1A_iRule, select the Blank template, and then click OK.
 Copy the code from exercise_iRule and paste into exercise11.1A_iRule.
 Save exercise11.1A_iRule.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 128
Exercise 11.1 – Setting Up iRule Development
 Right-click exercise11.1A_iRule and select Copy Offline.
The new iRules is saved under Offline iRules, which is stored on your local workstation. This will enable
you use this iRule on any BIG-IP system that you connect to.

→NOTE: In the iRules exercises, we will continue to make modifications to the exercise_iRule,
and then save the iRule from each exercise to your Offline iRules. This will enable you
to continue to make updates to the same iRule without needing to update the virtual
server.

Task 7 – Use an iRule from DevCentral


Use an iRule from DevCentral to prevent valid credit card numbers from being returned to users.

 In the F5 vLab Test Web Site, in the Content Examples on This Host section, select
the Mask Sensitive Content Example link.
This page contains confidential information that should not be sent in an HTTP response.
 In the iRule Editor, click the iRules Reference button to access DevCentral, and then log in with your
DevCentral user ID.
 Go to Code > Check out the Repository.
 Search to find an iRule that performs a credit card scrub from HTTP traffic and then click the iRule.

→NOTE: Do not use the iRule that uses a stream profile.

 Under Code, click Copy Code, and then copy the code to your clipboard (NOTE: Use Ctrl + C.), and then
close the source page and the DevCentral page.

 In the iRule Editor, select exercise_iRule.


 Select all the existing code, and then paste the contents of the credit card scrubber.
(NOTE: Use Ctrl + A and then Ctrl + V.)
 Save exercise_iRule.
 Use Ctrl+F5 to refresh the F5 vLab Test Web Site tab.
Most of the credit card numbers are replaced with the “X” character. The credit cards that are not
scrubbed do not match the format used in the iRule.

Task 8 – Change an iRule from DevCentral


Change the credit card scrubber iRule by replacing the character that is used to replace credit card numbers.

 In exercise_iRule, go to line 92.


This line is used to replace the HTTP payload. If the iRule finds a valid credit card, it replaces the length
of the credit card with an “X”.
 Change this line so that the iRule uses an asterisk (*) character for scrubbing.
 Save exercise_iRule.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 129
Exercise 11.1 – Setting Up iRule Development
 Use Ctrl+F5 to refresh the F5 vLab Test Web Site page.

 Close the F5 vLab Test Web Site tab.

Task 9 – Save the Current iRule to your Offline iRules


 In the iRule Editor, select Local Traffic, and then go to File > New.
 Name the new iRule exercise11.1B_iRule, use the Blank template, and then click OK.
 Copy the code from exercise_iRule and paste into exercise11.1B_iRule.
 Save exercise11.1B_iRule.
 Right-click exercise11.1B_iRule and select Copy Offline.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 130
Exercise 11.2 – Using iRule Events

Exercise 11.2 – Using iRule Events


In this exercise you experiment with events that you can use to trigger an iRule.
• Estimated completion time: 20 minutes

Task 1 – Update the iRule with Multiple Events


Update the exercise_iRule by adding several events.

 Launch the iRule Editor, and go to File > Connect to access 10.1.10.241.
 Select exercise11.1A_iRule and copy all the code.
 Select exercise_iRule and then select all the existing code, and then paste the copied text.
 In Exercise 11.1 you used the View menu to enable Whitespace and End of Line annotations in the iRule
Editor. If you prefer, use the View menu to deselect one or both annotations.
 Place the cursor at the beginning of line 1, and then press the Enter key twice.
 Place the cursor at the beginning of line 1, and then start typing the word when.

 When the iRule Editor prompts for the word, press the Enter key.
The iRule Editor auto-completes the word when.
 After when, start typing RULE_ and then press the Enter key to accept the RULE_INIT event.
 After RULE_INIT, type {, press the Enter key twice, and then type }.

This is a best practice for ensuring that you have a closing curly brace for every opening curly brace.
 Move the cursor after the indent in line 2.
 Type the following command and arguments:
log local0. "iRule created or updated"

 Use an SSH client to access 10.1.10.241.

→NOTE: For easier viewing of log entries resize the SSH session, making it bigger both
horizontally and vertically.

 At the CLI prompt, type:


tail -f /var/log/ltm

 Press the Enter key several times to move the existing log entries to the top of the window.
 In the iRule Editor, save the exercise_iRule, and then view the SSH session.

Questions:
Was the RULE_INIT event triggered? ________________

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 131
Exercise 11.2 – Using iRule Events

Was the CLIENT_ACCPETED event triggered? ________________

 Press the Enter key several times to move the existing log entries to the top of the window.
 Use a new tab to access http://10.1.10.20, and then view the SSH session.

Questions:
Was the RULE_INIT event triggered? ________________

Was the CLIENT_ACCPETED event triggered? ________________

 Press the Enter key several times to move the existing log entries to the top of the window.
 In the iRule Editor, add the following after closing curly brace of the CLIENT_ACCEPTED event, and then
save the iRule.
when HTTP_REQUEST {
log local0. "Client made an HTTP request"
}

 Save the iRule.


 In the F5 vLab Test Web Site tab click the Welcome link, and then view the SSH session.

Question:
How many HTTP requests occurred for this web page? ________________

 Press the Enter key several times to move the existing log entries to the top of the window.
 In the iRule Editor, add the following after closing curly brace of the HTTP_REQUEST event, and then
save the iRule.
when LB_SELECTED {
log local0. "Pool member selected"
}

 Use Ctrl+F5 to refresh the F5 vLab Test Web Site tab, and then view the SSH session.

Question:
Was a new LB_SELECTED event triggered for each HTTP request? ________________

 Press the Enter key several times to move the existing log entries to the top of the window.
 In the iRule Editor, add the following after closing curly brace of the LB_SELECTED event, and then save
the iRule.
when SERVER_CONNECTED {
log local0. "Connection made with pool member"
}

 Use Ctrl+F5 to refresh the F5 vLab Test Web Site tab, and then view the SSH session.
 Press the Enter key several times to move the existing log entries to the top of the window.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 132
Exercise 11.2 – Using iRule Events
 In the iRule Editor, add the following after closing curly brace of the SERVER_CONNECTED event, and
then save the iRule.
when HTTP_RESPONSE {
log local0. "Pool member made an HTTP response."
}

 Use Ctrl+F5 to refresh the F5 vLab Test Web Site tab, and then view the SSH session.

Task 2 – Enable Caching and Compression on the HTTP Virtual Server


Enable both caching, compression, and OneConnect on http_virtual, and then examine how the changes affect
the iRule.

 In the Configuration Utility, open the Virtual Servers page and click http_virtual.
 Update the virtual server using the following information, and then click Update.
HTTP Profile custom_http_profile
OneConnect Profile custom_oneconnect
HTTP Compression Profile custom_compression
Web Acceleration Profile custom_caching

 In the SSH session, press the Enter key several times to move the existing log entries to the top of the
window.
 Use Ctrl+F5 to refresh the F5 vLab Test Web Site tab.
 In the SSH session, press the Enter key five times.
 Use Ctrl+F5 to refresh the F5 vLab Test Web Site tab, and then close the tab.
 View the SSH session.

Questions:
Which iRule events are no longer triggered? __________________________________

_______________________________________________________________________

Why weren’t these events triggered?

_______________________________________________________________________

 In the Configuration Utility, on the http_virtual page, update the virtual server using the following
information, and then click Update.
HTTP Profile http
OneConnect Profile None
HTTP Compression Profile None
Web Acceleration Profile None

→NOTE: You are removing these profiles to ensure that BIG-IP LTM makes load balancing
decisions for each request and doesn’t serve up content from its cache.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 133
Exercise 11.2 – Using iRule Events

Task 3 – Save the Current iRule to your Offline iRules


 In the iRule Editor, create a new iRule named exercise11.2_iRule using the Blank template.
 Copy the code from exercise_iRule and paste into exercise11.2_iRule.
 Save exercise11.2_iRule.
 Right-click exercise11.2_iRule and select Copy Offline.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 134
Exercise 11.3 – Using Variables

Exercise 11.3 – Using Variables


In this exercise you will set variables in an iRule, and then reference and manipulate the variables.
• Estimated completion time: 20 minutes

Task 1 – Set Variables in an iRule


Update exercise_iRule by setting several variables.

 Launch the iRule Editor, and go to File > Connect to access 10.1.10.241.
 Select exercise_iRule and then delete all the existing events except for the HTTP_REQUEST event.
 In the line directly after the when HTTP_REQUEST { line, type:

→NOTE: Use your own first and last name.

set name "John"


set last_name "Doe"
set price 9.95
set quantity 5

Task 2 –Reference Variables in an iRule


Update exercise_iRule by referencing the variables you set in the previous task.

 Change the log local0. message to the following, and then save the iRule.
log local0. "$name $last_name made an HTTP request"

 Use an SSH client to access 10.1.10.241.

→NOTE: For easier viewing of log entries resize the SSH session, making it bigger both
horizontally and vertically.

 At the CLI prompt, type:


tail -f /var/log/ltm

 Press the Enter key several times to move the existing log entries to the top of the window.
 Use a web browser to access http://10.1.10.20/httprequest.php, and then view the SSH session.
 Press the Enter key several times to move the existing log entries to the top of the window.
 In the iRule Editor, create a second log entry, and then save the iRule.
log local0. "Order made for $quantity items at $$price each"

→NOTE: Be sure to include two dollar signs before price.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 135
Exercise 11.3 – Using Variables
 Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
Notice that the iRule could identify that $price was referencing a variable, and the dollar sign before
that was interpreted as a regular text string.
 Press the Enter key several times to move the existing log entries to the top of the window.

Task 3 – Manipulate Variables


Update exercise_iRule by using the append, incr, and expr commands.

Use the Append Command


 In the iRule Editor, in the line after setting your last name, type:
append name " " (there should be one space between the quotes)
append name $last_name

 Edit the first log local0. message to the following, and then save the iRule.
"$name made an HTTP request"

 Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
 Press the Enter key several times to move the existing log entries to the top of the window.

Use the Incr Command


 In the iRule Editor, in the line after the final log local0. statement, type the following, and then save the
iRule.
incr quantity 2
log local0. "Due to our special, $name will receive $quantity items"

 Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
 Press the Enter key several times to move the existing log entries to the top of the window.

Use the Expr Command


 In the iRule Editor, in the line after setting the quantity, type the following:
set total [expr { $price * $quantity } ]
set tax [expr { $total * .09 } ]
set grand_total [expr { $total + $tax } ]

 In the line after the final log local0. message, type the following, and then save the iRule.
log local0. "Total: $$total, tax: $$tax, for a grand total of $$grand_total"

 Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
 Close the Simple HTTP Request tab.

Task 4 – Save the Current iRule to your Offline iRules


 In the iRule Editor, create a new iRule named exercise11.3_iRule using the Blank template.
 Copy the code from exercise_iRule and paste into exercise11.3_iRule.
Save exercise11.3_iRule and then copy it to your Offline iRules.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 136
Exercise 11.4 – Using TCL and iRules Commands

Exercise 11.4 – Using TCL and iRules Commands


In this exercise you will use several TCL and iRules commands so that the iRules will use dynamic connection
information.
• Estimated completion time: 30 minutes

Task 1 – Update the iRule using iRules Commands


Update the iRule you created in exercise 11.2 by logging information based on the actual connection.

 Launch the iRule Editor, and go to File > Connect to access 10.1.10.241.
 Select exercise11.2_iRule and copy all the iRule code.
 Select exercise_iRule and then select all the existing code, and then paste the copied text.
 Update the CLIENT_ACCEPTED event using the following information:
set clientip [IP::client_addr]
set clientport [TCP::client_port]
set client $clientip:$clientport
log local0. "Connection accepted from $client"

 Update the LB_SELECTED event using the following information:


set poolname [LB::server pool]
set memberip [LB::server addr]
set memberport [LB::server port]
set member $memberip:$memberport
log local0. "Pool: $poolname, member: $member"

 Update the SERVER_CONNECTED event using the following information:


set serverip [IP::server_addr]
set serverport [TCP::server_port]
set server $serverip:$serverport
log local0. "Connection made with $server"

 Update the HTTP_RESPONSE event using the following information:


set responseheaders [HTTP::header names]
set type [HTTP::header "Content-Type"]
set length [HTTP::header "Content-Length"]
set status [HTTP::status]
log local0. "Response headers: $responseheaders"
log local0. "$status response with $type"
log local0. "Size of content: $length bytes"

 Save the iRule and ensure you don’t receive any syntax errors.
 Use an SSH client to access the BIG-IP system at 10.1.10.241.

→NOTE: For easier viewing of log entries resize the SSH session, making it bigger both
horizontally and vertically.

 At the CLI prompt, type:


tail -f /var/log/ltm

 Press the Enter key several times to move the existing log entries to the top of the window.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 137
Exercise 11.4 – Using TCL and iRules Commands
 Use a new tab to access http://10.1.10.20/httprequest.php, and then view the SSH session.
In the next section we will be discussing using conditional statements. Start thinking about the traffic
management decisions you could make on the BIG-IP system using any of the information you queried
about the client to BIG-IP LTM and the BIG-IP LTM to pool member connections.
 Press the Enter key several times to move the existing log entries to the top of the window.

Task 2 – Save the Current iRule to your Offline iRules


 In the iRule Editor, create a new iRule named exercise11.4A_iRule.
 Copy the code from exercise_iRule and paste into exercise11.4A_iRule.
 Save exercise11.4A_iRule, and then copy it to your Offline iRules.

Task 3 – Update the iRule using HTTP Commands


Experiment with the different HTTP commands that are available in an iRule.

 Select exercise_iRule, and then delete all the existing events except for the HTTP_REQUEST event.
 Update the HTTP_REQUEST event using the following information, and then save the iRule.
set httphost [HTTP::host]
set httppath [HTTP::path]
set httpuri [HTTP::uri]
set useragent [HTTP::header "User-Agent"]
log local0. "Client's browser: $useragent"
log local0. "Client requested the $httppath page on $httphost"
log local0. "Full URI: $httpuri"

 Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
 Change the URL to http://10.1.10.20/httprequest.php?user=bob.

Question:
Which variable changed between the two requests? _________________________________

 Press the Enter key several times to move the existing log entries to the top of the window.

Task 4 – Create a Custom Response Page


Using the iRule, create a custom HTTP response page to be sent for all client requests.

 In the iRules Editor, after the HTTP_REQUEST event, add the following HTTP_RESPONSE event, and then
save the iRule.
when HTTP_RESPONSE {
HTTP::respond 200 content {
<html><title>Application Unavailable</title>
<body>
Sorry, this application is current unavailable.<br><br>
Please try again shortly.
</body></html>
}
}

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 138
Exercise 11.4 – Using TCL and iRules Commands
 Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.

Questions:
Did the HTTP request events trigger? _______________

Did you receive the custom response page? ______________

In the next lesson we’ll cover using conditional statements. Be thinking about what information you
could use to determine whether or not to display this error page for user requests.
 Close the web page.

Task 5 – Save the Current iRule to your Offline iRules


 In the iRule Editor, create a new iRule named exercise11.4B_iRule.
 Copy the code from exercise_iRule and paste into exercise11.4B_iRule.
 Save exercise11.4B_iRule, and then copy it to your Offline iRules.

Task 6 – Use the Stream Command


In Exercise 6.2 you used a Stream profile in the Configuration Utility. You learned that one of the limitations of
the Stream profile is that you can only find one text string to replace with another. You will now use the stream
command in an iRule to find multiple text streams and replace them with different values.

 In the Configuration Utility, open the Virtual Servers page, and then select http_virtual.
 Update the virtual server using the following information, and then click Update.
Stream Profile stream
HTTP Compression Profile custom_compression

→NOTE: Even when you use the stream command in an iRule, you still need to include the
default stream profile, and in addition you need to ensure that the web servers aren’t
compressing content (which is achieved by using an HTTP compression profile).

 In the iRules Editor, select exercise_iRule, and then delete all the lines contained within the
HTTP_RESPONSE event (do not delete the actual event), and then save the iRule.
 Use a new tab to access http://10.1.10.20/lorax.php.
There are references to Lorax Bank, Lorax Finances, and savings accounts.
 In the iRule Editor, update the HTTP_RESPONSE event using the following, and then save the iRule.
when HTTP_RESPONSE {
STREAM::expression {@Lorax Bank@Lorax Investments@}
STREAM::enable
}

 Use Ctrl+F5 to refresh the F5 vLab Test Web Site tab.


The references to Lorax Bank have been replaced with Lorax Investments.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 139
Exercise 11.4 – Using TCL and iRules Commands
 In the iRule Editor, change the STREAM::expression using the following, and then save the iRule.
{@Lorax Bank@Lorax Investments@ @Lorax Finances@Lorax Investments@ @savings
accounts@investment accounts@}

→NOTE: Type all this expression on one line.

 Use Ctrl+F5 to refresh the F5 vLab Test Web Site tab.


All references to the previous entries have been replaced with the updated entries.
 Click on the top graphic to go back to the home page.
 Click the Multiple Stream Example link.

NOTE: The graphics in the second column on this page are broken links.

 Right-click inside the page and select View Source.

Question:
What are the URLs that the broken image links are pointing to?

____________________________________________________________________

 Close the source code page.


 In the iRule Editor, change the STREAM::expression using the following, and then save the iRule.
{@Lorax Bank@Lorax Investments@ @Lorax Finances@Lorax Investments@ @savings
accounts@investment accounts@ @http://server1.hostingsite.com/images@/images@}

 Use Ctrl+F5 to refresh the F5 vLab Test Web Site tab.

Question:
Why did the first two pictures display properly, but the third picture still doesn’t display?

_________________________________________________________________

 Update the STREAM::expression so that all three graphics display on the page.

 Close the F5 vLab Test Web Site tab.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 140
Exercise 11.4 – Using TCL and iRules Commands

Task 7 – Save the Current iRule to your Offline iRules


 In the iRule Editor, create a new iRule named exercise11.4C_iRule.
 Copy the code from exercise_iRule and paste into exercise11.4C_iRule.
 Save exercise11.4C_iRule, and then copy it to your Offline iRules.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 141
Exercise 11.5 – Using Conditional Statements

Exercise 11.5 – Using Conditional Statements


In this exercise you will add conditional statements to your iRules, using both if, elseif, else statements, in
addition to use the stream command access.
• Estimated completion time: 45 minutes

Task 1 – Update the Custom Error Page iRule


Update the iRule you created earlier that displays a custom error page by using a conditional statement to
determine the HTTP response status and displaying the error page only when the user receives a 404 error.

 Launch the iRule Editor, and go to File > Connect to access 10.1.10.241.
 Select exercise11.4B_iRule and copy all the iRule code.
 Select exercise_iRule and then select all the existing code, and then paste the copied text.
 Update the HTTP_RESPONSE event using the following, and then save the iRule.
when HTTP_RESPONSE {
set status [HTTP::status]

if { $status equals "404" } {


HTTP::respond 200 content {
<html><title>Application Unavailable</title>
<body>
Sorry, this application is current unavailable.<br><br>
Please try again shortly.
</body></html>
}
}
}

→NOTE: The indenting within the if command isn’t required; however it makes the iRule easier
to read.

 Use a new tab to access http://10.1.10.20.


 Change the URL to http://10.1.10.20/index.html.
Because this pool member doesn’t have an index.html file, it responded with a 404 error status.
Instead of simply passing the 404 error to the client, BIG-IP LTM presents the user with more useful
information in the custom web page.
 Close the web browser.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 142
Exercise 11.5 – Using Conditional Statements

Task 2 – Create Four Wildcard Pools


In the next several iRule examples we’ll be making traffic management decisions. Create four pools to use within
these iRules.

 In the Configuration Utility, open the Pool List page and click Create.
 Create a pool using the following information, and then click Repeat.
Name iRules_pool1
Health Monitors gateway_icmp
Members Node Service Port
Use the Node List. 10.1.20.11 * (All Services)

 Create another pool using the following information, and then click Repeat.
Name iRules_pool2
Health Monitors gateway_icmp
Members Node Service Port
Use the Node List. 10.1.20.12 * (All Services)

 Create another pool using the following information, and then click Repeat.
Name iRules_pool3
Health Monitors gateway_icmp
Members Node Service Port
Use the Node List. 10.1.20.13 * (All Services)

 Create another pool using the following information, and then click Finished.
Name iRules_pool4
Health Monitors gateway_icmp
Members Node Service Port
Use the Node List. 10.1.20.14 * (All Services)

Task 3 – Use an iRule for Traffic Management Decisions


Use an iRule to make traffic management decisions based on the requested file type.

 In the iRule Editor, update the HTTP_REQUEST event using the following, and then save the iRule.
when HTTP_REQUEST {
set httppath [HTTP::path]
log local0. "Client requested $httppath"

if { $httppath ends_with "php" } { pool iRules_pool1 }


}
This iRule will identify the file type of the HTTP request. If the file type is php, the request will be
routed to the iRules_pool1 pool. Because we’re now using the iRule for traffic management decisions,
we need to remove the default pool from the virtual server.
 In the Configuration Utility, open the Virtual Server List page, then click http_virtual, and then open the
Resources page.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 143
Exercise 11.5 – Using Conditional Statements
 From the Default Pool list select None, and then click Update.
 Use a new tab to access http://10.1.10.20/welcome.php.

Questions:
Did the page display properly? ___________________

Why or why not? ______________________________________________________

 In the iRule Editor, update the HTTP_REQUEST using the following, and then save the iRule.
when HTTP_REQUEST {
set httppath [HTTP::path]
log local0. "Client requested $httppath"

if { $httppath ends_with "php" } { pool iRules_pool1 }


elseif { $httppath ends_with "jpg" or $httppath ends_with "png" } {
pool iRules_pool2
}
}

 Use Ctrl+F5 to refresh F5 vLab Test Web Site tab.

Questions:
Did the page display properly? ___________________

Which pool supplied the welcome.php page? ______________________________

Which pool supplied the images? _______________________________

 Click on the top graphic to go back to the home page.

Questions:
Did the page display properly? ___________________

Why or why not? ______________________________________________________

 In the iRule Editor, update the HTTP_REQUEST using the following, and then save the iRule
when HTTP_REQUEST {
set httppath [HTTP::path]
log local0. "Client requested $httppath"

if { $httppath ends_with "php" or $httppath ends_with "/" } {


pool iRules_pool1 }
elseif { $httppath ends_with "jpg" or $httppath ends_with "png" } {
pool iRules_pool2
}
else { pool iRules_pool3 }
}
Since we no longer have a default pool associated with the virtual server, it’s a best practice to have an
else statement for requests that don’t match the if or the elseif conditions.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 144
Exercise 11.5 – Using Conditional Statements
 Use Ctrl+F5 to refresh F5 vLab Test Web Site tab.

Questions:
Did the page display properly? ___________________

Which pool supplied the index.php page? ________________________

Which pool supplied the F5 logo at the bottom of the page? _________________________

Why wasn’t the F5 logo supplied by iRules_pool2? _____________________________

Task 4 – Manage Traffic Based on the Service Port


Create a new iRule that will manage traffic based on the application port of the user request.

 In the iRule Editor, create a new iRule using the blank template named open_virtual_iRule.
 Configure the iRule using the following, and then save the iRule.
when CLIENT_ACCEPTED {
set requestport [TCP::local_port]
log local0. "Client accessing port $requestport"

if { $requestport == 80 } { pool iRules_pool1 }


elseif { $requestport == 443 } { pool iRules_pool2 }
else { pool iRules_pool3 }
}

Task 5 – Create an Open Virtual Server


Create a virtual server that listens on all ports.

 In the Configuration Utility, create a virtual server using the following information, and then
click Finished.
Name open_virtual
Destination Address 10.1.10.40
Service Port * ( * All Ports)
iRules open_virtual_iRule
Default Pool None

 Use a new tab to access http://10.1.10.40.

Question:
Which pool supplied the content for this request? ___________________

 Change the URL to https://10.1.10.40.

Question:
Which pool supplied the content for this request? ___________________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 145
Exercise 11.5 – Using Conditional Statements
 Change the URL to http://10.1.10.40:8081.

Question:
Which pool supplied the content for this request? ___________________

How was BIG-IP LTM able to view the iRule and made traffic management decisions when
there’s no HTTP profile configured on the virtual server?

___________________________________________________________________________

 Close the F5 vLab Test Web Site tab.

Task 6 – Update the iRule to Use the Switch Operator


Update wildcard_iRule to use the switch operator in place of the if, elseif, else statements.

 In the iRules Editor, change wildcard_iRule using the following, and then save the iRule.
when CLIENT_ACCEPTED {
set requestport [TCP::local_port]
log local0. "Client accessing port $requestport"

switch -exact $requestport {


80 { pool iRules_pool1 }
443 { pool iRules_pool2 }
8081 { pool iRules_pool3 }
default { pool iRules_pool4 }
}
}
In this statement, the -exact argument is optional. The $requestport variable is the value that we are
comparing to either 80, 443, or 8081. The statements after the 80, 443, and 8081 are the actions to
take if the port value matches. The default statement is for all requests that don’t match
port 80, 443, or 8081.
 Use a new tab access http://10.1.10.40.
 Change the URL to https://10.1.10.40.
 Change the URL to http://10.1.10.40:8081.
 Close the F5 vLab Test Web Site page.
 In the Configuration Utility, access the Statistics > Module Statistics > Local Traffic page, and then view
the Pools statistics.
 Reset the statistics for all pools and all pool members.
 Use an SSH session to access 10.1.10.40.

→NOTE: It’s not necessary to log into the CLI to complete this task.

 In the Configuration Utility, on the pools Statistics page, click Refresh.

Question:
Which pool supplied the content for this request? ___________________

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 146
Exercise 11.5 – Using Conditional Statements
 Close the SSH session.
 Copy the open_virtual_iRule to the Offline iRules.

Task 7 – Use the Switch Operator to Manage Traffic Based on the File Type
Create an iRule to determine the requested file type. If the request is for an unauthorized file type we’ll present
a custom error page for the user. Otherwise route all requests for graphic files to one pool, PHP pages to
another pool, and all other requests to a third pool.

 Use a new tab to access http://10.1.10.20.


 Change the URL to http://10.1.10.20/calc.exe.
 Click the Run button to launch the application.
 Change the URL to http://10.1.10.20/basic.css.
 Close the F5 vLab Test Web Site tab.
Currently this web application enables users to request both .exe and .css file types. You will update
the iRule to block access to both file types.
 In the iRules Editor, select exercise_iRule, and then delete the log local0. command from line 3.
 Delete the lines within the HTTP_REQUEST event containing the if, elseif, and else statements.
 Change the HTTP_REQUEST event using the following, and then save the iRule.
when HTTP_REQUEST {
set httppath [HTTP::path]
switch -glob $httppath {
"*.exe" {
HTTP::respond 200 content {
<html>
This application does not allow access to .exe files.
</html>
}
log local0. "Unauthorized: $httppath"
}
"*.css" {
HTTP::respond 200 content {
<html>Unauthorized access!</html>
}
log local0. "Unauthorized: $httppath"
}
"*.jpg" -
"*.gif" -
"*.png" {
pool iRules_pool1
}
"*.php" {
pool iRules_pool2
log local0. "Request made for $httppath"
}
default { pool iRules_pool3 }
}
}
In this statement, the -glob argument enables the use of wildcard characters. The $httppath variable is
the value that we are comparing. For each of the file types we are using the asterisk wildcard. If the
$httppath variable ends with exe or css, the user will get a custom response page, and in addition we’ll

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 147
Exercise 11.5 – Using Conditional Statements
send an entry to the log file. If the variable ends with jpg, gif, or png, the request is sent to
iRules_pool1. If the variable ends with php the request is sent to iRules_pool2 and we send an entry to
the log file. The default statement is for all requests that don’t match any of the listed file types.
 Use an SSH client to access 10.1.10.241.

→NOTE: For easier viewing of log entries resize the SSH session, making it bigger both
horizontally and vertically.

 At the CLI prompt, type:


tail -f /var/log/ltm

 Press the Enter key several times to move the existing log entries to the top of the window.
 Use a new tab to access http://10.1.10.20.

Questions:
Which pool supplied the index.php page? ____________________

Why didn’t this request go to iRules_pool2? _____________________________________

 Change the URL to http://10.1.10.20/index.php.

Questions:
Which pool supplied the index.php page? ____________________

Why did this change? ________________________________________________________

Which pool supplied the F5 logo? _____________________

 Click the HTTP Compress Example link.


This is an html page.
 Edit the URL to http://10.1.10.20/calc.exe.
 Edit the URL to http://10.1.10.20/basic.css.

Question:
Were you able to open these sensitive files? _______________

 View the SSH session.

Questions:
Did requests for images generate a log entry? ________________

Did requests for css files generate a log entry? ________________

Did requests for php pages generate a log entry? _______________

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 148
Exercise 11.5 – Using Conditional Statements
Did requests for html pages generate a log entry? _______________

 Close the F5 vLab Test Web Site tab.

Task 8 – Save the Current iRule to your Offline iRules


 In the iRule Editor, create a new iRule named exercise11.5_iRule.
 Copy the code from exercise_iRule and paste into exercise11.5_iRule.
 Save exercise11.5_iRule, and then copy it to your Offline iRules.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 149
Exercise 11.6 – Working with Lists

Exercise 11.6 – Working with Lists


In this exercise you work with lists. First you’ll create a static list and experiment with different commands to
manipulate the list. Next you’ll create a dynamic list containing HTTP request headers.
• Estimated completion time: 30 minutes

Task 1 – Update the HTTP Virtual Server and the iRule


Update http_virtual by configuring http_pool as the default pool.

 In the Configuration Utility, open the Virtual Server List page, then click http_virtual, and then open the
Resources page.
 From the Default Pool list select http_pool, and then click Update.
 Launch the iRule Editor, and go to File > Connect to access 10.1.10.241.
 Select exercise_iRule and then delete all the existing code.

Task 2 – Use a Static List


Create a static list box, and then use several list commands to manipulate the list.

 Create a new static list using the following, and then save the iRule.
when HTTP_REQUEST {
set mylist [list "def" "lmo" "xyz" 1 "abc"]
log local0. "List: $mylist"
}

 Use an SSH client to access 10.1.10.241.

→NOTE: For easier viewing of log entries resize the SSH session, making it bigger both
horizontally and vertically.

 At the CLI prompt, type:


tail -f /var/log/ltm

 Press the Enter key several times to move the existing log entries to the top of the window.
 Use a new tab to access http://10.1.10.20/httprequest.php, and then view the SSH session.
 Sort the list by adding the following lines at the end of the HTTP_REQUEST, and then save the iRule.
set mylist [lsort $mylist]
log local0. "Sorted first list: $mylist"

 Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
 Add items to the list by adding the following lines at the end of the HTTP_REQUEST, and then save the
iRule.
lappend mylist "rst" 222
log local0. "Second list: $mylist"

 Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 150
Exercise 11.6 – Working with Lists
Question:
Were the new items added within the sorted order? ___________________

 Add two more lines to the iRule that accomplish the following, and then save the iRule.
o Sort the list after the items have been added.
o Add an entry to the log file with the sorted list.
 Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session. The log entry should
contain the following entries:

 Insert an item to the new list by adding the following lines at the end of the HTTP_REQUEST, and then
save the iRule.
set mylist [linsert $mylist 1 "f5"]
log local0. "Third list: $mylist"

 Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.

Questions:
How are the lappend and linsert commands different? _____________________________

In what position in the list was the new entry added? ________________

 Once again, add two more lines to sort the updated list and add an entry to the log file.

 Identify the number of items in a list by adding the following line at the end of the HTTP_REQUEST, and
then save the iRule.
log local0. "Third list length: [llength $mylist]"

 Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.

Question:
What are a couple of advantages of knowing the number of items in a list?

________________________________________________________________________

 Set an item into a list by adding the following lines at the end of the HTTP_REQUEST, and then save
the iRule.
lset mylist 3 "456"
log local0. "Fourth list: $mylist"

 Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 151
Exercise 11.6 – Working with Lists
Questions:
How is the lset command different from the lappend and linsert commands?

__________________________________________________________________________

In what position in the list was the new entry added? ________________

 Identify the value of an item in the list by adding the following lines at the end of the HTTP_REQUEST,
and then save the iRule.
set item [lindex $mylist 3]
log local0. "Item #4: '$item'"

 Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
 Identify the index value of three different items in the list by adding the following lines at the end of the
HTTP_REQUEST, and then save the iRule.
set find1 [lsearch $mylist "rst"]
set find2 [lsearch $mylist 222]
set find3 [lsearch $mylist "deflmo"]
log local0. "List item 'rst' at index # $find1"
log local0. "List item '222' at index # $find2"
log local0. "List item 'deflmo' at index # $find3"

 Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.

Questions:
What index number is “222” at? __________________

Why is the third item displaying at index value -1? _________________________________

Task 3 – Add Iteration to the iRule


Use iteration to loop through the items in the static list.

 In the iRule Editor, add the following lines at the end of the HTTP_REQUEST, and then save the iRule.

→NOTE: Use your own address.

set myaddress "351 Elliott Ave S, Seattle, WA 98119 USA"


set mylist [split $myaddress " "]
log local0. "First item: '[lindex $mylist 0]'"

 Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.

Question:
Without using iteration, how would you create separate log messages for each list entry?

__________________________________________________________________________

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 152
Exercise 11.6 – Working with Lists
 Replace the previous log local0 command using the following, and then save the iRule.
set myaddress "351 Elliott Ave S, Seattle, WA 98119 USA"
set mylist [split $myaddress " "]
foreach item $mylist {
set itemnumber [lsearch $mylist $item]
log local0. "Index #$itemnumber: '$item'"
}

 Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.

FOR EXTRA CREDIT


 Using the incr command, update the iteration command so that the log Index entries begin with “1”,
not with “0”.

Task 4 – Save the Current iRule to your Offline iRules


 In the iRule Editor, create a new iRule named exercise11.6A_iRule.
 Copy the code from exercise_iRule and paste into exercise11.6A_iRule.
 Save exercise11.6A_iRule, and then copy it to your Offline iRules.

Task 5 – Use a Dynamic List in an iRule


Use an iRule to gather information about the client request HTTP headers using the list commands.

 In the iRule Editor, select exercise_iRule and update the HTTP_REQUEST using the following, and then
save the iRule.
when HTTP_REQUEST {
set mylist [split [HTTP::header names] " "]
log local0. "List: $mylist"

set mylist [lsort $mylist]


log local0. "Sorted list: $mylist"

log local0. "List length: [llength $mylist]"

set item [lindex $mylist 3]


log local0. "Item #4: '$item'"

set find1 [lsearch $mylist "Accept-Encoding"]


set find2 [lsearch $mylist "X-Forwarded-For"]
log local0. "List item 'Accept-Encoding' at index # $find1"
log local0. "List item 'X-Forwarded-For' at index # $find2"

foreach item $mylist {


set itemnumber [lsearch $mylist $item]
incr itemnumber
log local0. "Index #$itemnumber: '$item'"
}
}

 Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 153
Exercise 11.6 – Working with Lists
Questions:
How many HTTP headers are in the HTTP request? _________________

Which header is at index position 1? ___________________________

What is the index value for X-Forwarded-For? _________________

 In the Configuration Utility, open the Virtual Server List page and click http_virtual.
 From the HTTP Profile list select custom_http_profile, and then click Update.
 Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.

Question:
What changes occurred using this HTTP profile? _____________________________________

____________________________________________________________________________

 Close the Simple HTTP Request tab.

Task 6 – Save the Current iRule to your Offline iRules


 In the iRule Editor, create a new iRule named exercise11.6B_iRule.
 Copy the code from exercise_iRule and paste into exercise11.6B_iRule.
 Save exercise11.6B_iRule, and then copy it to your Offline iRules.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 154
Exercise 11.7 – Using iRules Best Practices

Exercise 11.7 – Using iRules Best Practices


In this exercise you work add comments and debugging statements for an iRule you created earlier.
• Estimated completion time: 15 minutes

Task 1 – Add Comments to an iRule


Update an iRule by adding several comments to make it easier to understand for other administrators.

 Launch the iRule Editor, and go to File > Connect to access 10.1.10.241.
 Select exercise11.5_iRule and copy all the iRule code
 Select exercise_iRule and then select all the existing code, and then paste the copied text.
 In the line directly after the when HTTP_REQUEST line, add the following comment:
#Identify the requested page and store in a variable

 Continue to add the following comments, and then save the iRule.
when HTTP_REQUEST {
#Identify the requested page and store in a variableset httppath [HTTP::path]
set httppath [HTTP::path]

#Traffic decision based on the requested page's file extension


switch -glob $httppath {
"*.exe" {
#if the user requests an application
HTTP::respond 200 content {
<html>
This application does not allow access to .exe files.
</html>
}
log local0. "Unauthorized: $httppath"
}
"*.css" {
#if the user requests a css file
HTTP::respond 200 content {
<html>Unauthorized access!</html>
}
log local0. "Unauthorized: $httppath"
}
"*.jpg" -
"*.gif" -
"*.png" {
#if the user requests a graphic file
pool iRules_pool1
}
"*.php" {
#if the user requests a PHP page
pool iRules_pool2
log local0. "Request made for $httppath"
}
default {
#for all other file types
pool iRules_pool3 }
}
}

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 155
Exercise 11.7 – Using iRules Best Practices

Task 2 – Add Debugging Statements for Logging


Excessive logging isn’t recommended for BIG-IP systems in production. Modify non-critical log statements to
only run at specified times.

 In the line directly after the when HTTP_REQUEST line, add the following command:
set debug 1

 Change the log statement for *.php to the following:


if { $debug } { log local0. "Request made for $httppath" }

 Add the exact statement above for the default statement, and then save the iRule.
 Use an SSH client to access the BIG-IP system at 10.1.10.241.

→NOTE: For easier viewing of log entries resize the SSH session, making it bigger both
horizontally and vertically.

 At the CLI prompt, type:


tail -f /var/log/ltm

 Press the Enter key several times to move the existing log entries to the top of the window.
 Use a new tab to access http://10.1.10.20.
 Click the Welcome link, and then click the banner at the top of the page to return to the home page.
 Click the Mask Sensitive Content Example link, and then view the SSH session.
For debugging purposes, you can see that requests are made for the root page “/”, php pages, and
html pages.
 Press the Enter key several times to move the existing log entries to the top of the window.
 In the iRule Editor, edit the debug statement using the following, and then save the iRule.
set debug 0

 In the F5 vLab Test Web Site tab, click the banner at the top of the page to return to the home page.
 Click the Welcome link, and then click the banner at the top of the page to return to the home page.
 Click the Mask Sensitive Content Example link.
 Change the URL to http://10.1.10.20/calc.exe.
 Change the URL to http://10.1.10.20/basic.css, and then view the SSH session.
You’ve eliminated unnecessary logging, but continue to log critical messages.
 Close the tab and the SSH session.

Task 3 – Save the Current iRule to your Offline iRules


 In the iRule Editor, create a new iRule named exercise11.7_iRule.
 Copy the code from exercise_iRule and paste into exercise11.7_iRule.
 Save exercise11.7_iRule, and then copy it to your Offline iRules.
 Close the iRule Editor
 In the Configuration Utility, create an archive file named ltmfund_mod11_iRules_v13.0.0.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 156
Exercise 12.1 – Working with iApp Application Services

Module 12 Exercises – iApps


Exercise 12.1 – Working with iApp Application Services
In the exercise you will create an iApp Application Service. You will then examine the effects of enabling and
disabling strictness. You will use reentrancy to update the application, and then examine the various objects
iApp created for the application.
• Estimated completion time: 20 minutes

Task 1 – Create a Web Application Using iApp


Create a new web application using an iApp Application Service.

 In the VMware library, start up the BIGIP-13.0_LTMFund and LAMP_v4 images.


 For Mac users, start up the Windows_7 image, and then log in as vLab User.
 Access https://10.1.1.245 and log in to the BIG-IP system.
 Open the iApps > Application Services > Applications page and click Create.

NOTE: Use defaults for values not specified in table below.

 Create an Application Service using the following information, and then click Finished.
Name app_web
Template f5.http
Network Yes, use the new profiles
Use the latest TCP profiles? (recommended)
Virtual Servers and Pools: 10.1.10.40
IP address for virtual server
Virtual Servers and Pools: iapp.f5demo.com
FQDN
Virtual Servers and Pools: Create a new pool
Create a new pool or use an
existing one?
Virtual Servers and Pools: Node/IP address Port
web servers 10.1.20.11 80 (Click Add)
10.1.20.12 80 (Click Add)
10.1.20.13 80
Application Health: Create new health monitor
Health monitor
Application Health: /index.php
HTTP URL to send
Application Health: Welcome
Expected response

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 157
Exercise 12.1 – Working with iApp Application Services

Task 2 – Update Your Local Hosts File


Update the entry in your local hosts file for lamp.f5demo.com.

→NOTE: For Mac users, the hosts file entries have already been created on the Windows 7
image.

 Right-click on Notepad in the Start menu, and then select to Run as Administrator.
 Open the C:\Windows\System32\drivers\etc\hosts file.
 Add entries for:
10.1.10.40 iapp.f5demo.com
10.1.10.40 iapp.vlab.f5demo.com

 Save the hosts file.

Task 3 – Test Access to the iApp Application


Test access to the iApp application, and verify how traffic is being load balanced to pool members.

 Use a new tab to access http://iapp.f5demo.com.

Questions:
Which pool member(s) supplied content? __________________________________

Why did only one pool member supply content? __________________________________

Is SNAT enabled or disabled? _________________________

 Click the Request and Response Headers link.

Question:
Is the X-Forwarded-For request header present? ________________

 Click the banner at the top of the page to return to the home page.
 In the Configuration Utility, open the Statistics > Module Statistics > Local Traffic page, and then select
the Pools statistics.
 Reset the statistics for all pools and pool members.
 In F5 vLab Test Web Site tab, click the HTTP Compress Example link.
 In the Configuration Utility, on the pools Statistics page, click Refresh, and view the app_web_pool
statistics.

Questions:
How many Bits Out were needed to create this page? ____________________

How many Packets Out did this page generate? ______________________

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 158
Exercise 12.1 – Working with iApp Application Services

How many total requests were needed to generate this web page? __________________

 Reset the statistics for all pools and pool members.


 Use Ctrl+F5 to refresh the F5 vLab Test Web Site tab, and then close the tab.
 In the Configuration Utility, on the pools Statistics page, click Refresh, and view the app_web_pool
statistics.

Questions:
How many Bits Out were needed to create this page? ____________________

How many Packets Out did this page generate? ______________________

How many total requests were needed to generate this web page? __________________

What caused the difference in traffic to the pool member? __________________________

Task 4 – View and Update the Application


Use the virtual server properties page and the iApp Application Service page to modify app_web.

 Open the iApp > Application Services > Applications page and click app_web.
 On the Components page, click app_web_vs.
The app_web_vs virtual server properties page displays.
 Attempt to change the Destination Address to 10.1.10.41, and then click Update.

Question:
Why couldn’t you update the virtual server IP address? __________________________

 Open the iApp > Application Services > Applications page, then click app_web, and then open
the Properties page.
 From the Application Service list select Advanced.
 Clear the Strict Updates checkbox, and then click Update.
 Open the Virtual Servers List page and click app_web_vs.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 159
Exercise 12.1 – Working with iApp Application Services
 Update the virtual server using the following information, and then click Update.
Destination Address 10.1.10.41
Source Address Translation None
OneConnect Profile None
HTTP Compression Profile None
Web Acceleration Profile None

 Open the Resources page, and then update the virtual server using the following information, and then
click Update.
Default Persistence Profile None
Fallback Persistence Profile None

 Use a new tab to access http://10.1.10.41.


 Use Ctrl+F5 several times to refresh the F5 vLab Test Web tab.

Questions:
Is persistence taking place? ____________________

Is SNAT enabled or disabled? _________________________

 Close the F5 vLab Test web site tab.


 In the Configuration Utility, open the Application Services >Applications page and click app_web, and
then open the Reconfigure page.

Question:
What is the virtual server IP address? __________________________

 Without making any changes, click Finished.


 Open the Virtual Servers List page and click app_web_vs.

Questions:
Are the changes you made still configured? ____________________

Why or why not? _____________________________________________________________

 Open the Local Traffic > Profiles > Protocol > TCP page.

Question:
How many TCP profiles were created for the app_web application? ___________

 Open the Application Services >Applications page, then click app_web, and then open the
Properties page.
 Select the Strict Updates checkbox, and then click Update.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 160
Exercise 12.1 – Working with iApp Application Services
 Open the Reconfigure page.
 In the Network section, specify the following, and then click Finished.
Network: Local area network (LAN)
What type of network connects
clients to the BIG-IP system?

 Open the Local Traffic > Profiles > Protocol > TCP page.

Question:
Why is there now only one TCP profile? _________________________________________

Task 5 –Delete an iApp Application Service


Create a new iApp Application Service using objects from another Application Service, and then attempt to
delete both applications.

 Open the Application Services >Applications page and click Create.


 Create an Application Service using the following information, and then click Finished.
Profile Name app_web_backup
Template f5.http
Template Options: No
Inline help?
Template Options: Basic – Use F5’s recommended settings
Configuration mode
Network Yes, use the new profiles
Use the latest TCP profiles? (recommended)
Virtual Servers and Pools: 10.1.10.41
IP address for virtual server
Virtual Servers and Pools: (click the X to delete this option)
FQDN
Virtual Servers and Pools: app_web_pool
Create a new pool or use an
existing one?

 Open the Application Services >Applications page.


 Select the checkbox for app_web, and then click Delete twice.

Question:
Were you able to delete this application? ____________________

Why or why not? _____________________________________________________________

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 161
Exercise 12.1 – Working with iApp Application Services
 On the Application Services >Applications page, click app_web_backup, and then review the
Components page.
iApp created several objects for this application: a virtual server, persistence profiles, an http profile,
and several optimization profiles.
 Open the Properties page.
 Click Delete, and then click OK.
 View the following Configuration Utility pages and verify that the app_web_backup application objects
are deleted:
o Virtual Server List
o HTTP Profile
o HTTP Compression Profile
o Web Acceleration Profile
o Persistence Profile
o TCP Profile

Task 5 – Update the Wildcard Pools


Update the three wildcards pools you created in the iRules exercises.

 Open the Pool List page.


 Update the following pools:
▪ iRules_pool1: disable member 10.1.20.11:0, add member 10.1.20.11.80
▪ iRules_pool2: disable member 10.1.20.12:0, add member 10.1.20.12:80
▪ iRules_pool3: disable member 10.1.20.13:0, add member 10.1.20.13:80

Task 6 – Reconfigure the Application Service


Reconfigure app_web using advanced settings.

 Open the Application Services >Applications page and click app_web.

Questions:
Which profiles did iApp create for app_web? _________________________________

___________________________________________________________________________

What type of persistence does app_web use? ________________________________

 Open the Reconfigure page.


 In the Template Options section, select to use Advanced options.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 162
Exercise 12.1 – Working with iApp Application Services
 In the Network section, specify the following:
What type of network connects Wide area network (WAN)
clients to the BIG-IP system?
How have you configured routing Servers have a route to clients through the BIG-IP
on your web servers? system

 In the Virtual Server and Pools section, specify the following:


Should the BIG-IP system insert Do not insert X-Forwarded-For HTTP header
the X-Forwarded-For header?
Which persistence profile do you Do not use persistence
want to use?
Which load balancing method do Weighted Least Connections (member)
you want to use?
Do you want to give priority to Use Priority Group Activation
specific groups of servers?
What is the minimum number of 3
active members in a group?
Which web servers should be Update the following:
included in this pool? 10.1.20.11:80, Connection limit: 1000, Priority: 12
10.1.20.12:80, Connection limit: 800, Priority: 10
10.1.20.13:80, Connection limit: 800, Priority: 10

Add the following:


10.1.20.14, Connection limit: 1200, Priority: 12
10.1.20.15, Connection limit: 1200, Priority 12

 In the Delivery Optimization section, specify the following:


Which Web Acceleration profile Do not use caching
do you want to use for caching?
Which compression profile do Do not compress HTTP responses
you want to use?

 In the Server Offload section, specify the following:


Which OneConnect profile do Do not use OneConnect
you want to use?
How many seconds should Slow 200
Ramp time last?

 In the Application Health section, specify the following, and then click Finished.
How many seconds should pass 10
between health checks?

 Use a new tab to access http://iapp.f5demo.com.


 Use Ctrl+F5 several times to refresh the F5 vLab Test Web tab.

Questions:
Which pool member(s) supplied content? __________________________________

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 163
Exercise 12.1 – Working with iApp Application Services

Is SNAT enabled or disabled? _________________________

 Select the Request and Response Headers link.

Question:
Is the X-Forwarded-For request header present? ________________

 In the Configuration Utility, for the app_web application, open the Reconfigure page.
 In the iRules section, specify the following, and then click Finished.
Do you want to add any custom exercise11.7_iRule
iRules to this configuration?

 Use Ctrl+F5 to refresh F5 vLab Test Web Site tab.


 Change the URL to http://iapp.f5demo.com/calc.exe.
 Change the URL to http://iapp.f5demo.com/index.html.

Question:
Did app_web process the iRule? _________________

 Close the tab.


 In the Configuration Utility, for the app_web application, open the Reconfigure page.
 In the SSL Encryption section, specify the following:
How should the BIG-IP system Terminate SSL from clients, plaintext to servers
handle SSL traffic? (SSL Offload)
Which Client SSL profile do you f5demo_client_cert
want to use?
Notice that the virtual server port changed from 80 to 443 after you selected to use SSL offload.
In addition, the application is configured to redirect inbound HTTP traffic to use HTTPS.
 In the Virtual Servers and Pools section, add the following, and then click Finished.
FQDN? iapp.vlab.f5demo.com

 Use a new tab to access http://iapp.vlab.f5demo.com.

Question:
Is the connection using HTTP or HTTPS? _________________

 Close the F5 vLab Test Web Site tab.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 164
Exercise 12.2 – Working with iApp Templates

Exercise 12.2 – Working with iApp Templates


In this exercise you will view the list of system-supplied iApp Templates, and then view the properties of a
Template. You’ll then find and download iApp Templates from the F5 downloads page and from DevCentral.
• Estimated completion time: 20 minutes

Task 1 – View iApp Templates


View the list of BIG-IP system default iApp Templates.

 In the Configuration Utility, open the iApps > Templates > Templates page.

Questions:
How many templates are currently being used for applications? ________________

How can you tell that these are BIG-IP system default templates? ______________________

Task 2 – View the Properties of an iApp Template


View the properties of the f5.http BIG-IP system default Template.

 On the Template List page, click f5.http.

Questions:
What are the required BIG-IP modules? _______________________

What is the minimum BIG-IP version? ________________________

What is the maximum BIG-IP version? ________________________

 View the contents of the Implementation, Presentation, and HTML Help sections.
 Change the first line of the HTML Help section to the following, and then save the change.
<p><strong>web server iApp Template</strong></p>

Questions:
Can you save this change? ________________

Why or why not? ________________________________________

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 165
Exercise 12.2 – Working with iApp Templates

Task 3 – Download Updated iApp Templates from F5 Downloads


Access and log in to the F5 Downloads page, then download the updated iApp Templates to your workstation.

 Open the F5 product version download page at https://downloads.f5.com/esd/productlines.jsp.


 In the BIG-IP section, click iApp Templates.
 Click iApp-Templates, and then accept the license agreement.
 Select iapps-1.0.0.476.0.zip.

 Select the best download for your location.


 Save and then unzip the file on your local workstation.

Task 4 – Download a Community-Contributed iApp Template from


DevCentral
Access and log in to DevCentral, then find and download a community-contributed iApp Template to your
workstation.

 Use a web browser to access http://devcentral.f5.com.


 Login using your DevCentral user account, or create a DevCentral user account.
 Click Code, and then click Check out the Repository.
 Use the search box to find MySQL Proxy iApp, and then select it in the search results.
 Click the mysql_proxy.2011-12-02.zip attachment.
 Save and then unzip the file on your local workstation.
 Close the DevCentral web page.

Task 5 – Import iApp Templates into BIG-IP LTM


Import iApp Templates into the BIG-IP system.

 In the Configuration Utility, log out of the BIG=IP system and then log back in as admin / admin.
 Open the iApp > Templates > Templates page and click Import.
 Click Browse.
 Navigate to the location that you unzipped the downloaded template files.
 Open the Microsoft directory, then open the Exchange_2010_2013 directory.
 Select f5.microsoft_exchange_2010_2013_cas.v1.6.2.tmpl, and then click Open.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 166
Exercise 12.2 – Working with iApp Templates
 Leave the Overwrite Existing Templates checkbox cleared and click Upload.

The new iApp Template is available to use for new application services.
 Repeat the steps above to import mysql_proxy.2011-12-02.tmpl.

→NOTE: This template will display on page 2 on the Template List page.

 Open the Application Services > Applications page and click Create.
 From the Template list select f5.microsoft_exchange_2010-2013_cas.v1.6.2.
You could now use this iApp Template for an application deployment.
 Create an archive file named ltmfund_mod12_iApps_v13.0.0.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 167
Exercise 13 – Reconfigure the BIG-IP System

Final Project
Exercise 13 – Reconfigure the BIG-IP System
Reset the BIG-IP system for the Technical Boot Camp hands-on exercises.
• Estimated completion time: 40 minutes

Task 1 – Restore from Archive File


 In the VMware library, start up the BIGIP-13.0_LTMFund and LAMP_v4 images.
 For Mac users, start up the Windows_7 image, and then access the Windows 7 desktop.
 Access https://10.1.1.245 and log in to the BIG-IP system.
 Restore the BIG-IP system using ltmfund_mod01_initial_setup_v13.0.0.ucs.

Task 2 – Create Monitors


 Create the following monitors:
Name Type Settings
lorax_icmp_monitor ICMP Interval: 15
Timeout: 46
lorax_tcp_monitor TCP Interval: 10
Timeout: 31
lorax_inband_monitor Inband Response Time: 15
Retry Time: 0
lorax_http_monitor HTTP Up Interval: 90
Send String: GET /index.php\r\n
Receive String: SERVER_UP

 Set the default monitor for all nodes to lorax_icmp_monitor.

Task 3 – Create Pools


 Create the following pools:
Name p80_pool
Monitors lorax_http_monitor, lorax_inband_monitor
lorax_tcp_monitor
Availability Requirement: At Least 1
Load Balancing Ratio (member)
Members 10.1.20.11:80, Ratio: 5
10.1.20.12 80, Ratio: 10
10.1.20.13:80, Ratio: 20
10.1.20.14:80, Ratio: 25
10.1.20.15:80, Ratio: 40

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 169
Exercise 13 – Reconfigure the BIG-IP System
Name p443_pool
Monitors https
Load Balancing Least Connections (member)
PGA Less than 2
Members 10.1.20.11:443, Priority: 8
10.1.20.12 443, Priority: 8
10.1.20.13: 443, Priority: 4
10.1.20.14: 443, Priority: 2
10.1.20.15: 443, Priority: 2

Task 4 – Create and Import SSL Certificates


 Create the following self-signed SSL certificate:
Name lorax_ssl_cert
Issuer Self
Common Name www.lorax.com
Division IT
Organization Lorax Investments
Locality Seattle
State or Province Washington
Country United States
Lifetime 3650

 Import the vlab.f5demo.com.2017.pem certificate and the vlab.f5demo.com.2017.key key and name
them both f5demo.
 Import the entrust-chain.txt certificate and name it chain.

Task 5 – Create Profiles


 Create the following profiles:
Type Persistence
Name lorax_source_addr
Persistence Type Source Address Affinity
Configuration Timeout: 30 seconds
Mask: 255.255.255.0

Type SSL > Client


Name lorx_client_ssl
Configuration Certificate: lorax_ssl_cert
Key: lorax_ssl_cert

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 170
Exercise 13 – Reconfigure the BIG-IP System
Type SSL > Client
Name f5demo_client_ssl
Configuration Certificate: f5demo
Key: f5demo
Chain: chain
Passphrase: IamFfive2Day

Task 6 – Create a SNAT Pool


 Create the following SNAT pool:
Name lorax_snat_pool
Members 10.1.20.180
10.1.20.185
10.1.20.190

Task 6 – Create Virtual Servers


 Create the following virtual servers:
Name p80_to_p80_virtual
Destination 10.1.10.20:80
Configuration HTTP Profile: http
Source Address Translation: Auto Map
Resources Pool: p80_pool

Name p443_to_p443_virtual
Destination 10.1.10.20:443
Configuration SSL Profile (Client): lorax_client_ssl
SSL Profile (Server): serverssl
Resources Pool: p443_pool

Name p443_to_p80_virtual
Destination 10.1.10.30:443
Configuration HTTP Profile: http
SSL Profile (Client): f5demo_client_ssl
Source Address Translation: lorax_snat_pool
Resources Pool: p80_pool
Persistence: lorax_source_addr

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 171
Exercise 13 – Reconfigure the BIG-IP System

Task 7 – Verification

Test One
 Use a new tab to access http://10.1.10.20 and examine the Client IP address.
Because this virtual server uses SNAT Auto Map, the Client IP address should be 10.1.20.240, which is
the internal floating self IP address on the BIG-IP system.
 Use Ctrl+F5 to refresh the tab 10 times, and then close the tab.
 In the Configuration Utility, view the Pools statistics.
All five pool members should be receiving requests, however they should be receiving requests
using a 1 > 2 > 4 > 5 > 8 ratio.
 Reset the statistics for all pools and pool members.

Test Two
 Use a new tab to access https://10.1.10.20, and examine the Client IP address.
Because this virtual server does not use SNAT, the Client IP address should be 10.1.10.1 (or the IP
address of your Windows 7 image), which is the IP address assigned to your workstation.
 Examine the URL and the Pool member address/port value.
The client requests to the BIG-IP system are using https (port 443), and the BIG-IP system requests to
the pool members are also using port 443.
 Use Ctrl+F5 to refresh the page 5 times.
 In the Configuration Utility, refresh the Pools statistics.
Because the pool is configured with priority group activation set to two members, only two pool
members (10.1.20.11:443 and 10.1.20.12:443) receive requests. These two pool members have a
priority of 8. The requests are distributed evenly between the two members.
 Reset the statistics for all pools and pool members.
 Disable node 10.1.20.12, and then use Ctrl+F5 to refresh the F5 vLab Test Web Site tab 5 times.
 In the Configuration Utility, view the Pools statistics.
The BIG-IP system should immediately begin using pool member 10.1.20.13:443 (along with
10.1.20.11:443).
 Reset the statistics for all pools and pool members.
 Disable node 10.1.20.11, and then use Ctrl+F5 to refresh the F5 vLab Test Web Site tab 5 times.
 In the Configuration Utility, view the Pools statistics.
The BIG-IP system should immediately begin using both pool members 10.1.20.14:443 and
10.1.20.15:443 (along with 10.1.20.13:443). BIG-IP LTM uses both pool members because they are
both configured with a priority of 2.
 Reset the statistics for all pools and pool members.
 In the F5 vLab Test Web Site tab, right-click inside the window and select Properties, and then click
Certificates.
This certificate is currently not trusted by your web browser. It was issued by the same entity that it
was issued to, identifying it as a self-signed certificate.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 172
Exercise 13 – Reconfigure the BIG-IP System
 Close the tab.

Test Three
 Use a new tab to access https://offload.vlab.f5demo.com, and examine the Client IP address.
Because this virtual server is configured with a SNAT pool, the Client IP address should be either
10.1.20.180 , 10.1.20.185, or 10.1.20.190 (the three members of the SNAT pool).
 Examine the URL and the Pool member address/port value.
The client requests to the BIG-IP system are using https (port 443). Because BIG-IP LTM is performing
SSL offload, the BIG-IP system requests to the pool members are using port 80.
 Use Ctrl+F5 to refresh the tab 5 times. Leave this tab open until the end of this test.
 In the Configuration Utility, view the Pools statistics.
Because this virtual server is configured with a source address persistence profile, only one pool
member should be receiving all requests from this client.
 Reset the statistics for all pools and pool members.
 In the F5 vLab Test Web Site tab, right-click inside the window and select Properties, and then click
Certificates.
This is a trusted certificate that ensures the identity of the remote computer. It was issued by Entrust
Certification Authority and is valid through 2019.
 Refresh the F5 vLab Test Web Site tab.
Due to the source address persistence timeout value, all page elements should come from a new pool
member.

Test Four
 View the properties of node 10.1.20.11.
This node uses the lorax_icmp_monitor health monitor, which is currently identifying the node
available. However, the node has been disabled by an administrator.
 View the properties of node 10.1.20.13.
This node also uses the lorax_icmp_monitor health monitor, and is currently available and enabled.
 View the properties of pool member 10.1.20.11:80.
This pool member uses three health monitors: lorax_http_monitor (currently identifying the member
offline), and lorax_inband_monitor and lorax_tcp_monitor (both identifying the member available).
Because its parent node is disabled, the pool member is currently disabled.
 View the properties of pool member 10.1.20.14:80.
This pool member uses three health monitors: lorax_http_monitor (currently identifying the member
offline), and lorax_inband_monitor and lorax_tcp_monitor (both identifying the member available).
Because its parent node is available and at least one monitor is identifying it as available, this pool
member is currently available.
 View the properties of pool member 10.1.20.15:443.
This pool member uses the system-supplied https health monitor, which is currently identifying the
member available.
 Create an archive file named ltmfund_mod13_v13.0.0.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 173
Appendix A – Exercise Question and Answer Key

Appendices
Appendix A – Exercise Question and Answer Key

Exercise 1.2 – Initial BIG-IP Configuration


Task 6 – Review Configuration Objects
Q: Did autocorrect display options?
A: No

Q: What information is listed?


A: Self IP addresses on the BIG-IP system

Q: Did autocorrect display options?


A: Yes

Q: Which options are available?


A: vlan, vlan-group

Q: Why did the tmos prompt replace “list net vl” with list net vlan”?
A: It assumes we want to type either “vlan” or “vlan-group”, so it filled in the characters that
both options share.

Q: What information is listed?


A: VLANs on the BIG-IP system

Exercise 1.3– User Access and System Preferences


Task 2 – Create a New BIG-IP System User Account
Q: Are you at the CLI prompt or the tmos prompt?
A: tmos prompt

Q: Why are the Create and Delete buttons greyed out?


A: The user doesn’t have privileges to perform these two actions.

Q: Can you modify the role assigned to your user account?


A: No

Q: Were you successful?


A: Yes

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 175
Appendix A – Exercise Question and Answer Key
Exercise 2.1– Create an HTTP Pool and Virtual Server
Task 4 – Verify the Virtual Server and Pool Functionality
Q: How many connections were opened to create the web page?
A: 12

Q: Did traffic go to each pool member?


A: Yes

Q: Did each member manage approximately the same number of connections?


A: Yes

Task 5 – Modify the Virtual Server SNAT Setting


Q: What is the client IP address?
A: 10.1.10.1

Q: Which device is configured with this IP address?


A: The client workstation

Q: What is the client IP address?


A: 10.1.20.240

Q: Which device is configured with this IP address?


A: The BIG-IP system (the internal self IP address)

Exercise 3.1– Virtual Server Priority


Task 1 – Create a Wildcard Pool
Q: Did BIG-IP LTM create new nodes for this pool?
A: No

Q: Why or why not?


A: The nodes already existed.

Task 3 – Verify the Virtual Server and Pool Functionality


Q: Which virtual server processed this request?
A: http_virtual

Q: Which virtual server processed this request?


A: open_virtual

Q: Which virtual server processed this request?


A: open_virtual

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 176
Appendix A – Exercise Question and Answer Key
Exercise 4.2– Create a Web Load Test
Task 3 – Verify Virtual Server and Pool Statistics
Q: Were the connections distributed evenly between the three pool members?
A: Yes

Exercise 4.3– Load Balancing Methods


Task 1 – Configure Ratio Member Load Balancing
Q: Were the connections distributed evenly?
A: No

Q: Were the connections distributed using a 5 – 2 – 1 ratio?


A: Yes

Task 2 – Configure Weighted Least Connections Load Balancing


Q: Were the pool members utilized properly based on the configured connection limits?
A: Yes

Exercise 4.4– Priority Group Activation


Task 1 – Enable Priority Group Activation
Q: Which members are supplying content for the request?
A: 10.1.20.11:80 and 10.1.20.12:80

Q: Which members are supplying content for the request?


A: 10.1.20.12:80, 10.1.20.13:80, and 10.1.20.14:80

Q: With priority group activation set to 2 members, why are there now three members
supplying content?
A: BIG-IP LTM enables all of the members of the next highest priority group. There are two
members in priority group 4.

Q: Which members are supplying content for the request?


A: 10.1.20.12:80, 10.1.20.14:80, and 10.1.20.15:80

Exercise 5.2– Using Monitors with Pools


Task 1 – Check Current Pool Member Status
Q: Will BIG-IP LTM distribute traffic to pool members that are unknown?
A: Yes

Task 4 – View the Network Map


Q: Why is the status of node 10.1.20.13 different from the other nodes?
A: This node doesn’t have a node-level monitor assigned.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 177
Appendix A – Exercise Question and Answer Key
Exercise 6.1– Using an HTTP Profile
Task 1 – Modify the Default HTTP Profile
Q: Did the custom profile inherit the Maximum Header Size setting?
A: Yes

Q: Did the custom profile inherit the Maximum Requests setting?


A: No

Task 3 – Add the Custom HTTP Profile to a Virtual Server


Q: Why are there less response headers in the second version of this web page?
A: The custom HTTP profile only allows three response headers.

Q: Which response headers that were exposed in the first version of this web page could be
exploited by a hacker?
A: Server, X-Powered-By, X-Injected, X-Sensitive-Data

Q: On the second version, what is the X-Forwarded-For value?


A: 10.1.10.1 (the client’s IP address)

Q: What was the result of this request?


A: The browser was redirected to www.f5.com.

Q: Why were you redirected to www.f5.com?


A: The request resulted in a 404 error code, which triggered a redirect to the fallback host.

Task 4 – Update the Custom HTTP Profile


Q: Is the new Bigip-Httpvs request header displaying?
A: Yes

Q: Are you still seeing the User-Agent header?


A: No

Exercise 6.2– Using a Stream Profile


Task 3 – Add the Custom Stream Profile to a Virtual Server
Q: Why did you need to add the http compression profile also?
A: Because the data is compressed all the way to server by default.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 178
Appendix A – Exercise Question and Answer Key
Exercise 7.1– Using Compression and Acceleration
Task 7 – Record BIG-IP LTM Performance with Optimization
Q: What are the Bits In and Bits Out values for http_virtual?
A: Answers will vary

Q: What are the Bits In and Bits Out values for http_virtual2?
A: Answers will vary

Q: Did compression significantly reduce the amount of data sent to the user?
A: Yes

Q: How many total connections were opened for http_virtual?


A: Answers will vary

Q: How many total connections were opened for http_virtual2?


A: Answers will vary

Q: What are the Bits In and Bits Out values for http_pool?
A: Answers will vary

Q: What are the Bits In and Bits Out values for http_poo2?
A: Answers will vary

Q: Did caching lower the data between BIG-IP LTM and pool members?
A: Yes

Q: Did OneConnect lower the number of connections required for http_pool2?


A: Yes

Q: What is the pre and post compress values for HTML content?
A: Answers will vary

Q: What is the pre and post compress values for Plain content?
A: Answers will vary

Q: What is the approximate difference in total savings from compression?


A: Answers will vary

Q: How many total items were cached?


A: Answers will vary

Q: How many bytes of data were served from the BIG-IP system cache?
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 179
Appendix A – Exercise Question and Answer Key
A: Answers will vary

Exercise 8.1– Using Source Address Persistence


Task 2 – Create a Source Address Persistence Profile
Q: Are responses coming from one or several pool members?
A: One

Q: Which pool member is supplying the content for this request?


A: Answers will vary

Q: Was the same pool member used for this request?


A: No

Q: Why or why not?


A: The source address persistence record timed out/expired.

Task 3 – Sharing a Source Address Persistence Record


Q: Did the two different browsers use the same pool member?
A: No

Q: Why or why not?


A: They aren’t sharing the same persistence record.

Q: What is the Node_Addr value(s) in the persistence records?


A: 10.1.10.0 and 10.1.20.0.

Q: Did the two different browsers use the same pool member?
A: Yes

Q: Why or why not?


A: They’re now sharing the same persistence record.

Q: How many persistence records are there?


A: One

Q: What is the Node_Addr value(s) in the persistence records?


A: 10.1.0.0.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 180
Appendix A – Exercise Question and Answer Key
Exercise 8.2– Using Cookie Persistence
Task 1 – Create a Cookie Persistence Profile
Q: Was the update successful?
A: No

Q: Why or why not?


A: The virtual server requires an HTTP profile to use cookie persistence.

Q: Is there a persistence record for this session?


A: No

Q: Why or why not?


A: Cookie persistence does not use persistence records.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 181
Appendix A – Exercise Question and Answer Key
Exercise 8.3– View Persistence with Disabled and Offline Pool Members
Task 2 – View the Effects of Disabled and Offline Pool Members
Q: To which pool member are you persisting?
A: Answers will vary

Q: Did you persist to the same pool member?


A: Yes

Q: Can a disabled pool member service client requests?


A: Yes

Q: Did you persist to the same pool member?


A: No

Q: Can an offline pool member service client requests?


A: No

Q: Did the persistence session go back to the original pool member?


A: No

Exercise 8.4– Using Match Across Virtual Servers


Task 1 – Clear Statistics and View Access to Two Virtual Servers
Q: Are requests for http_pool persisting to one pool member?
A: Yes

Q: Are requests for http_pool2 persisting to one pool member?


A: No

Task 2 – Enable Persistence for http_virtual2


Q: Are requests for http_pool persisting to one pool member?
A: Yes

Q: Are requests for http_pool2 persisting to one pool member?


A: Yes

Q: Are requests for each different pool persisting to the same pool member?
A: No

Task 3 – Enable Match Across Virtual Servers


Q: Are requests for each different pool persisting to the same pool member?
A: Yes

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 182
Appendix A – Exercise Question and Answer Key
Exercise 9.1– Supporting SSL Traffic
Task 4 – Create an HTTPS Pool and Virtual Server
Q: What is listed in your browser’s URL box?
A: https://10.1.10.20

Q: In the Request Details, what information is listed after Pool member address/port?
A: Pool member answer will vary, but the port is 443.

Q: Is the connection between the client and BIG-IP LTM secure?


A: Yes

Q: Is the connection between BIG-IP LTM and the pool member secure?
A: Yes

Task 5 – Add Cookie Persistence to the HTTPS Virtual Server


Q: Did the web page display?
A: No

Q: Why or why not?


A: BIG-IP LTM cannot read the HTTP cookie because the request is encrypted.

Task 6 – Enable SSL Termination with the HTTPS Virtual Server


Q: Did the web page display?
A: Yes

Q: Is the connection between the client and BIG-IP LTM secured?


A: Yes

Q: Is the connection between BIG-IP LTM and the pool member secured?
A: Yes

Q: Is cookie persistence working?


A: Yes

Q: Is BIG-IP LTM processing the HTTP profile?


A: Yes

Task 7 – Verify the Certificate


Q: How can you identify that this is a self-signed certificate?
A: The Issued To and Issued By information is the same.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 183
Appendix A – Exercise Question and Answer Key
Exercise 9.2– Enabling SSL Offload
Task 4 – Create an Offload Virtual Server
Q: What is listed in your browser’s URL box?
A: https://10.1.10.20

Q: In the Request Details, what information is listed after Pool member address/port?
A: Pool member answer will vary, but the port is 80.

Q: Is the connection between the client and BIG-IP LTM secure?


A: Yes

Q: Is the connection between BIG-IP LTM and the pool member secure?
A: No

Q: Is cookie persistence working?


A: Yes

Q: Is BIG-IP LTM processing the HTTP profile?


A: Yes

Task 5 – Verify the Certificate


Q: Who issued this certificate?
A: Entrust Certification Authority

Q: When does it expire?


A: 4/1/2017

Exercise 10.2– Using SNATs


Task 1 – Test Behavior without SNAT
Q: What is the client IP address?
A: 10.1.10.1

Q: Which device is configured with this IP address?


A: The client workstation

Task 2 – Use SNAT Auto Map with the HTTP Virtual Server
Q: What is the client IP address?
A: 10.1.20.240

Q: Which device is configured with this IP address?


A: The BIG-IP system (the internal self IP address)

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 184
Appendix A – Exercise Question and Answer Key
Q: When using SNAT, how can you ensure the pool member can identify the true
client IP address?
A: Use the X-Forwarded-For HTTP request header

Q: What is the X-Forwarded-For value?


A: 10.1.10.1

Task 3 – Create a SNAT


Q: Did every connection use the new SNAT?
A: No

Q: If no, which ones didn’t?


A: http://10.1.10.20 and http://10.1.10.21

Q: Are these connections using the new SNAT?


A: Yes

Task 4 – Create a SNAT Pool


Q: Which IP address was used for the SNAT address?
A: 10.1.20.222

Exercise 11.1– Writing Your First iRule


Task 4 – Create Your First iRule
Q: What caused this error?
A: Invalid syslog location

Task 5 – Add the iRule to the HTTP Virtual Server


Q: Was the iRule triggered?
A: Yes

Q: How many client connections were required for this request?


A: 12

Exercise 11.2– Using iRule Events


Task 1 – Update the iRule with Multiple Events
Q: Was the RULE_INIT event triggered?
A: Yes

Q: Was the CLIENT_ACCEPTED event triggered?


A: No

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 185
Appendix A – Exercise Question and Answer Key
Q: Was the RULE_INIT event triggered?
A: No

Q: Was the CLIENT_ACCEPTED event triggered?


A: Yes

Q: How many HTTP requests occurred for this web page?


A: 3

Q: Was a new LB_SELECTED event triggered for each HTTP request?


A: Yes

Task 2 – Enable Caching and Compression on the HTTP Virtual Server


Q: Which iRule events are no longer triggered?
A: LB_SELECTED, SERVER_CONNECTED, HTTP_RESPONSE

Q: Why weren’t these events triggered?


A: BIG-IP LTM used its cache to fulfill the HTTP requests.

Exercise 11.4– Using TCL and iRules Commands


Task 3 – Update the iRule using HTTP Commands
Q: Which variable changed between the two requests?
A: httpuri (HTTP::uri)

Task 4 – Create a Custom Response Page


Q: Did the HTTP request events trigger?
A: Yes

Q: Did you receive the custom response page?


A: Yes

Task 6 – Using the Stream Command


Q: What are the URLs that the broken image links are pointing to?
A: http://server1.hostingsite.com/images, http://server2.hostingsite.com/images

Q: Why did the first two pictures display properly, but the third picture still doesn’t display?
A: The stream command wasn’t updated for http://server2.hostingsite.com/images.

Exercise 11.5– Using Conditional Statements


Task 3 – Use an iRule for Traffic Management Decisions
Q: Did the page display properly?
A: No
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 186
Appendix A – Exercise Question and Answer Key
Q: Why or why not?
A: The images didn’t display, as the iRule doesn’t identify how to process requests for image
files.

Q: Did the page display properly?


A: Yes

Q: Which pool supplied the welcome.php page?


A: iRules_pool1

Q: Which pool supplied the images?


A: iRules_pool2

Q: Did the page display properly?


A: No

Q: Why or why not?


A: The HTTP request doesn’t contain an extension and therefore doesn’t match a condition in
the iRule.

Q: Did the page display properly?


A: Yes

Q: Which pool supplied the index.php page?


A: iRules_pool3

Q: Which pool supplied the F5 logo at the bottom of the page?


A: iRules_pool3

Q: Why wasn’t the F5 logo supplied by iRules_pool2?


A: It’s a .gif file. This file type wasn’t included in the conditional statement, therefore it
matches the else statement.

Task 5 – Create a Wildcard Virtual Server


Q: Which pool supplied this request?
A: iRules_pool1

Q: Which pool supplied this request?


A: iRules_pool2

Q: Which pool supplied this request?


A: iRules_pool3

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 187
Appendix A – Exercise Question and Answer Key
Q: How was BIG-IP LTM able to view the iRule and made traffic management decisions when
there’s no HTTP profile configured on the virtual server?
A: An HTTP profile is only necessary to process HTTP request and response events. An HTTP
profile isn’t necessary to process the CLIENT::ACCEPTED event.

Task 6 – Update the iRule to Use the Switch Operator


Q: Which pool supplied this request?
A: iRules_pool4

Task 7 – Use the Switch Operator to Manage Traffic Based on the File Type
Q: Which pool supplied the index.php page?
A: iRules_pool3

Q: Why didn’t this request go to iRules_pool2?


A: The URL didn’t include “.php”.

Q: Which pool supplied the index.php page?


A: iRules_pool2

Q: Why did this change?


A: The URL now ends in “.php”.

Q: Which pool supplied the F5 logo?


A: iRules_pool1

Q: Were you able to open these sensitive files?


A: No

Q: Did requests for images generate a log entry?


A: No

Q: Did requests for css files generate a log entry?


A: Yes

Q: Did requests for php pages generate a log entry?


A: Yes

Q: Did requests for html pages generate a log entry?


A: No

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 188
Appendix A – Exercise Question and Answer Key
Exercise 11.6– Working with Lists
Task 2 – Use a Static List
Q: Were the new items added into the sorted order?
A: No

Q: How are the lappend and linsert commands different?


A: lappend adds items to the end of a list box, while linsert adds items to a list at a specific
index value.

Q: In what position in the list was the new entry added?


A: It was added as the second item in the list (index value 1).

Q: What are a couple of advantages of knowing the number of items in a list?


A: Answers will vary

Q: How is the lset command different from the lappend and linsert commands?
A: lset replaces an existing item in a list with a new item.

Q: In what position in the list was the new entry added?


A: It was added as the fourth item in the list (index value 3).

Q: What index number is “222” at?


A: Index 1

Q: Why is the third item displaying at index value -1?


A: The text string wasn’t found in the list.

Task 3 – Add Iteration to the iRule


Q: Without using iteration, how would you create separate log messages for each list entry?
A: Using multiple log local0 commands.

Task 5 – Using a Dynamic List in an iRule


Q: How many HTTP headers are in the HTTP request?
A: Answers will vary

Q: Which header is at index position 1?


A: Answers will vary

Q: What is the index value for X-Forwarded-For?


A: -1

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 189
Appendix A – Exercise Question and Answer Key
Q: What changes occurred using this HTTP profile?
A: The Bigip-Httvs and X-Forwarded-For headers are now present, while the User-Agent
header is no longer present.

Exercise 12.1– Working with iApp Application Services


Task 3 – Test Access to the iApp Application
Q: Which pool member(s) supplied content?
A: Answers will vary, but it should only be one pool member.

Q: Why did only one pool member supply content?


A: Persistence is enabled with the application service.

Q: Is SNAT enabled or disabled?


A: Enabled

Q: Is the X-Forwarded-For request header present?


A: Yes

Q: How many Bits Out were needed to create this page?


A: Answers will vary

Q: How many Packets Out did this page generate?


A: Answers will vary

Q: How many total requests were needed to generate this web page?
A: 12

Q: How many Bits Out were needed to create this page?


A: None

Q: How many Packets Out did this page generate?


A: None

Q: How many total requests were needed to generate this web page?
A: None

Q: What caused the difference in traffic to the pool member?


A: The application service is using BIG-IP LTM caching.

Task 4 – View and Update the Application


Q: Why couldn’t you update the virtual server IP address?
A: Strictness
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 190
Appendix A – Exercise Question and Answer Key
Q: Is persistence taking place?
A: No

Q: Is SNAT enabled or disabled?


A: Disabled

Q: What is the virtual server IP address?


A: 10.1.10.40

Q: Are the changes you made still configured?


A: No

Q: Why or why not?


A: When we used reentrancy to update the application service, it overrides the manually
made changes.

Q: How many TCP profiles were created for the app_web application?
A: 2

Q: Why is there now only one TCP profile?


A: iApp determined that the client-side TCP profile was no longer needed and therefore
deleted it.

Task 5 – Delete an iApp Application Service


Q: Were you able to delete this application?
A: No

Q: Why or why not?


A: The app_web_pool is used in another application service.

Task 6 – Reconfigure the Application Service


Q: Which profiles did iApp create for app_web?
A: app_web_http
app_web_tcp-lan-optimized
app_web_tcp-wan-optimized
app_web_oneconnect
app_web_optimized_caching
app_web_source-addr-persistence
app_web_cookie-persistence
app_web_tcp-wan-optimized-compression

Q: What type of persistence does app_web use?


A: Cookie and source address

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 191
Appendix A – Exercise Question and Answer Key
Q: Which pool member(s) supplied content?
A: 10.1.20.14:80 and 10.1.20.15:80

Q: Is SNAT enabled or disabled?


A: Disabled

Q: Is the X-Forwarded-For request header present?


A: No

Q: Did app_web process the iRule?


A: Yes

Q: Is the connection using HTTP or HTTPS?


A: HTTPS

Exercise 12.2– Working with iApp Templates


Task 1 – View iApp Templates
Q: How many Templates are currently being used for applications?
A: 1

Q: How can you tell that these are BIG-IP system default Templates?
A: View the System-supplied column

Task 2 – View the Properties of an iApp Template


Q: What are the required BIG-IP modules?
A: N/A

Q: What is the minimum BIG-IP version?


A: 11.5.0

Q: What is the maximum BIG-IP version?


A: N/A

Q: Can you save this change?


A: No

Q: Why or why not?


A: You can’t override a BIG-IP system default iApp Template.

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 192
Appendix B – Virtual Environment Diagram

Appendix B – Virtual Environment Diagram


Mgmt IP: 10.1.1.1
external IP: 10.1.10.1

Host workstation

external IP: 10.1.10.1

Windows 7 image

Management IP: 10.1.1.245


VLAN: external
Self IP: 10.1.10.241
Self IP: 10.1.10.240

BIG-IP

VLAN: internal
Self IP: 10.1.20.241
Self IP: 10.1.20.240

LAMP Servers

WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 193

You might also like