Professional Documents
Culture Documents
LTM Essentials LAB
LTM Essentials LAB
12 / 17 / 2010
BIG-IP LTM Essentials Web-Based Training Lab Guide 2010 F5 Networks, Inc.
P-2
Preface
F5 Networks, Inc. Corporate Office 401 Elliott Avenue West Seattle, Washington 98119 T (888) 88BIG-IP T (206) 272-5555 F (206) 272-5557 Training@f5.com
F5 Networks, Ltd. United Kingdom Chertsey Gate West Chertsey Surrey KT16 8AP United Kingdom T (44) 0 1932 582-000 F (44) 0 1932 582-001 EMEATraining@f5.com
F5 Networks, Inc. Asia Pacific 5 Temasek Boulevard #08-01/02 Suntec Tower 5 Singapore, 038985 T (65) 6533-6103 F (65) 6533-6106 APACTraining@f5.com
F5 Networks, Inc. Japan Akasaka Garden City 19F 4-15-1 Akasaka, Minato-ku Tokyo 107-0052 Japan T (81) 3 5114-3200 F (81) 3 5114-3201 JapanTraining@f5.com
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Preface
P-3
Legal Notices
Copyright
Copyright 2010, F5 Networks, Inc. All rights reserved. F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5 assumes no responsibility for the use of this information, nor any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent, copyright, or other intellectual property right of F5 except as specifically described by applicable user licenses. F5 reserves the right to change specifications at any time without notice.
Trademarks
F5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, Acopia, Acopia Networks, Application Accelerator, Ask F5, Application Security Manager, ASM, ARX, Data Guard, Enterprise Manager, EM, FirePass, FreedomFabric, Global Traffic Manager, GTM, iControl, Intelligent Browser Referencing, Internet Control Architecture, IP Application Switch, iRules, Link Controller, LC, Local Traffic Manager, LTM, Message Security Module, MSM, NetCelera, OneConnect, Packet Velocity, Secure Access Manager, SAM, SSL Accelerator, SYN Check, Traffic Management Operating System, TMOS, TrafficShield, Transparent Data Reduction, uRoam, VIPRION, WANJet, WebAccelerator, and ZoneRunner are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries, and may not be used without F5's express written consent.
Patents
This product protected by U.S. Patent[s] 6,374,300; 6,473,802; 6,970,933; 7,051,126; 7,102,996; 7,146,354; 7,197,661; 7,206,282; 7,287,084. Other patents pending.
RF Interference Warning
This is a Class A product. In a domestic environment this product may cause radio interference, in which case the user may be required to take adequate measures.
FCC Compliance
This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This unit generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case the user, at his own expense, will be required to take whatever measures may be required to correct the interference. Any modifications to this device, unless expressly approved by the manufacturer, can void the user's authority to operate this equipment under part 15 of the FCC rules.
Standards Compliance
This product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable to Information Technology products at the time of manufacture.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Table of Contents
Lab Instructions: .........................................................................................................Lab-1
Connecting to the F5 Training Lab Environment ....................................................... Lab-1 The F5 Training Lab Network .................................................................................... Lab-3 F5 Training Lab limitations ........................................................................................ Lab-4
BIG-IP LTM Essentials Web-Based Training Lab Guide 2010 F5 Networks, Inc.
Toc-2
Table of Contents
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Introduction
Welcome to the BIG-IP LTM Essentials Web-Based Training Course Student Lab Guide. The purpose of the BIG-IP LTM Essentials course is to introduce the basic information you need to set up and operate the BIG-IP Local Traffic Manager (LTM) from F5 Networks. The purpose of this Lab Guide is to provide all the information and exercises you need to work directly with a BIG-IP LTM system and solidify the concepts you have learned in the associated Web-based training modules. The hands-on lab exercises included in this course are critically important to your learning. These exercises are especially helpful if you can do them as soon as possible after completing the associated training module. Therefore, we recommend the following approach when taking this course: Before beginning a module, register for lab time. Work through the training module as close to the start of your lab time as possible. After completing the training module, move into the lab exercises. Be sure to complete the entire exercise, including the review questions at the end.
There are eleven modules in this course, each one taking approximately thirty minutes to complete. To complete the entire course, including modules and labs, will take you about fourteen hours. In addition to the lab exercises, this guide contains other useful information. Appendix A provides some background information on F5 Networks and its products. Appendix B explains the various customer support resources that are available. We highly recommend that you review this listing. You may find some of these resources to be very valuable while working your way through this course. Appendix C contains an informative list of other training courses available from F5 Global Training Services. After completing this introductory course, you may want to enroll in one or more of these classes to gain a deeper understanding of BIG-IP LTM.
BIG-IP LTM Essentials Web-Based Training Lab Guide 2010 F5 Networks, Inc.
Introduction
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Lab-1 1-1
1. After logging in to F5 University, select the link for F5 Training Lab as shown to the right. 2. You should now be at the Lab web page where you downloaded this Lab Guide. 3. Select the link for Lab registration. 4. When prompted, enter your email, first and last names and then Launch Lab. You will be placed into your own F5 Training Lab environment. 5. Your lab environment will take a couple minutes to initialize. Notice the message at top of screen that says Your environment is X% ready.
6. The first time you connect you will need to install the Cloudshare plug-in and may need to enable pop-ups for it to install. This is a first-time only install.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Lab-2 1-2
1. Each lab starts assuming an un-configured BIG-IP and then instructs you to restore a UCS backup file that was captured at the end of the previous lab. 2. If during your lab time you wish to revert back to this un-configured state you may do so by selecting Actions and then Revert Now.
3. Rather than restoring UCS files at the beginning of each new lab you may also work straight through all the labs. From an instructional angle, F5 recommends doing the Module WBT, then the lab for that Module. Then the next Module WBT and its corresponding lab. 4. Also, you can only enter the F5 Training Lab environment from the links within F5 University (ie. the graphic to the right).
5. When ready to leave the F5 Training Lab Environment, use the Logout button in the upper right corner of the screen shown below.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Lab-3 1-3
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Lab-4 1-4
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
1-5
LAB CONFIGURATION
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
1-6
Lab Requirements:
Reachable IP address on the management port Valid License for the BIG-IP LTM Systems Administration system with an IP address on the BIG-IP LTMs network
PC Configuration
Your PC is configured with two IP Addresses in order to reach both the Management and client networks once they are configured on your BIG-IP. PC Mgmt IP Address PC Client IP Address 192.168.1.30/24 10.10.1.30/16.
Licensing Steps
1. You should first see the Setup Utilitys Welcome screen. Click Next. 2. Normally, you would need to license your BIG-IP System. For these labs, the systems should already be licensed. Review the features that are licensed and then click Next.
Provisioning Steps
1. The second screen should be Provisioning. Verify that Local Traffic (LTM) is set to Nominal, any other products are set to None (Disabled) and then click Next.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
1-7
Setup Utility
1. Within the General Properties section, specify the following: IP Address: Network Mask: Management Route: Host Name: Host IP Address: High Availability: Unit ID: Time Zone: 192.168.1.245 255.255.255.0 Leave blank bigip1.f5trn.com Use Management Port IP Address Redundant Pair 1 America/Los Angeles
2. Within the User Administration section, specify the following: Root Account Password: Root Account Confirm: Admin Account Password: Admin Account Confirm: SSH Access: SSH IP Allow: default default admin admin Enabled * All Addresses
3. Click Next. NOTE: When you type in the admin password field you will be required to log back into the system whether the password has been changed or not. Once this first step of administrative access has been configured, you can configure self-IP addresses and VLANs. We will choose the Basic Network Configuration option, which will step through creating two VLANs, internal and external, and their IP addresses, and interfaces. Each self IP will be assigned Port Lockdown settings. Port lockdown limits administrative access to the self IP addresses. Because we have configured the system as a redundant pair, Allow Default should be selected for Port Lockdown on self IPs of the internal VLAN to ensure the systems will be able to communicate. Because we have configured as a redundant pair, the administrator will also be prompted for a partner address and a floating IP address for each VLAN. Generally, the partner address should be an address on the internal VLAN to minimize security concerns. Floating addresses are shared between the systems and used by the system that is currently active. These concepts are discussed in the Redundant Pair module.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
1-8
Module 1 Lab Initial Setup 4. Select the Basic Network Configuration option by clicking Next, then specify the following:
5. Click the Next button to configure the External VLAN, then specify the following:
6. Then click Finished. 7. Since we previously completed Licensing and Provisioning, we should reboot the BIG-IP so that our Licensing and Provisioning changes take effect. Select System / Configuration and click the Reboot box under Operations. Once the Basic Network Configuration is complete, the Welcome screen from the Overview section appears. The administrator can choose to change many presentation options, enable SNMP including downloading the MIB, access F5s knowledge database (Ask F5) or re-run the setup utility to change addresses or access methods.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
1-9
Lab Requirements:
External IP address of the BIG-IP LTM system User ID and password of the BIG-IP LTM systems Web Configuration Utility User ID and password of the BIG-IP LTM systems Command Line Interface
PC Configuration
Your PC is configured with two IP Addresses in order to reach both the Management and client networks once they are configured on your BIG-IP. Mgmt IP Address Client IP Address 192.168.1.30/24 10.10.1.30/16.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
1-10 What information is listed here? 7. Enter the command: b vlan show What information is listed here? 8. Enter the command: b interface show What information is listed here?
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
1-11
Lab Requirements:
External IP address of the BIG-IP LTM system
Saving a configuration
1. From the Navigation pane, click the System section. 2. Select Archives, then click Create. 3. Within the General Properties section, specify the following: File Name Encryption Private Keys Version Module1_End Disabled Include BIG-IP Version (read only)
4. When complete, click Finished. 5. When complete, an OK button will appear. Click OK or select Archives again. 6. Select Module1_End.ucs (the name is a link) and notice you can click Download to save a copy to your desktop. The Download option does not work in this F5 Training Lab environment but will in yours. 7. If desired, the files contents can be viewed from the command line of your BIG-IP System. From an SSH session, perform the following: a. b. c. d. Make a new directory for this lab: mkdir /var/tmp/test/ Change to the new directory: cd /var/tmp/test/ Copy the backup to the new directory:
cp /var/local/ucs/Module1_End.ucs Module1_End.ucs .
Decompress the file and extract the file: tar -xvzf Module1_End.ucs. The resulting files show the directory structure and all files stored in the *.ucs file. Individual files can be viewed with cat, tail, more and other tools.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
1-12
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
2-13
Lab Requirements:
IP and port addresses available for use on BIG-IP LTM that can be reached by the client systems Actual servers with appropriate routes to return traffic through each BIG-IP LTM system
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
2-14
3. In the Configuration section, enter the following: Configuration Level Name Health Monitors Basic http_pool Leave Blank
4. In the Resources section, enter the following: Load Balancing Method Priority Group Activation New Members For each, enter Address and Service Port and press Add 5. When complete, click Finished. Round Robin Disabled 172.16.20.1 port 80 172.16.20.2 port 80 172.16.20.3 port 80
3. In the General Properties section, enter the following: Name Destination Service Port State vs_http 10.10.1.100 80 (or HTTP) Enabled
4. In the Configuration section, accept all defaults. 5. In the Resources section, enter the following: iRules HTTP Class Profiles Default Pool Default Persistence Profile Fallback Persistence Profile 6. When complete, click Finished. Leave Blank Leave Blank http_pool None None
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
2-15
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
2-16
3. In the General Properties Section, enter the following: Name Destination Service Port State vs_https 10.10.1.100 443 (or HTTPS) Enabled
4. In the Configuration Section, accept all defaults. 5. Since we forgot to create the pool first, navigate to the Resources Section and click the + character to the right of Default Pool. 6. In the Configuration section of the new pool, enter the following: Configuration Name Health Monitors Basic https_pool Leave Blank
7. In the Resources section, enter the following: Load Balancing Method Priority Group Activation New Members For each, enter Address and Service Port and press Add Round Robin Disabled 172.16.20.1 port 443 172.16.20.2 port 443 172.16.20.3 port 443
NOTE: Since the members IP addresses are the same, you could select Node List and choose the members IP addresses from the drop-down list.
8. When the pool is complete, press Finished. 9. In the Virtual Servers Resources section, verify the following settings: iRules HTTP Class Profiles Default Pool Default Persistence Profile Fallback Persistence Profile Leave Blank Leave Blank https_pool None None
10. When complete, make sure to click Finished for the virtual server.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
2-17
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
2-18
Module 2 Lab Processing Traffic Does 10.10.1.100 appear in your workstations ARP table? You may need to clear your ARP table before testing to remove the entry from the vs_http virtual server. Does the Statistics page show traffic received by vs_https? Verify that the address and port are correctly configured. Is traffic getting to the pool members? Check Pool statistics: If no traffic is going TO the pool members: Verify https_pool has been assigned to vs_https Verify the correct members address / port If traffic goes TO pool member but does not return: Verify that self IP address 172.16.1.33 is configured on port 1.2 (this address is the pool members default route).
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
3-19
Lab Requirements:
Access to a BIG-IP LTM with at least a pool with two or more working members
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
3-20
7. Open a new browser session and connect to http://10.10.1.100. 8. Refresh the screen 5-10 times by pressing Ctrl-F5. 9. View the pool statistics. What are the results? 10. Reset the statistics for http_pool.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
3-21
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
3-22
7. Open a new browser session and connect to http://10.10.1.100. 8. Refresh the screen 5-10 times by pressing Ctrl-F5. 9. View the pool statistics. What are the results? 10. Reset the statistics for http_pool. 11. Disable the member 172.16.20.2:80. 12. Open a new browser session and connect to http://10.10.1.100. 13. Refresh the screen 5-10 times by pressing Ctrl-F5. 14. View the pool statistics. What are the results? 15. Re-enable the member 172.16.20.2:80. 16. Reset the statistics for http_pool.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
4-23
Lab Requirements:
Access to a BIG-IP LTM with at least one pool with two working members Some knowledge of the traffic sent by the members
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
4-24
3. In the General Properties Section, enter the following: Name Type my_icmp ICMP
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
4-25
5. When complete, press Update. 6. What us the nodes status? Was the change immediate?
Conclusion
At this point, each node is being tested differently. Node 172.16.20.1 has a specific assignment, my_icmp. Node 172.16.20.2 has no monitor assigned. Node 172.16.20.3 is using the Node Default monitor, which is currently icmp. This is not a recommended configuration; rather it is used to demonstrate the three ways monitors can be associated with nodes.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
4-26
3. When complete, press Update. 4. Recheck the Member states (either follow directions above or select Members from the current location). NOTE: Each time the Members tab is pressed, the screen will refresh. 5. What are the members statuses? Was the change immediate?
3. In the General Properties Section, enter the following: Name Type Import Settings my_http HTTP http
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
4-27
4. In the Configuration Section, enter the following: Configuration Basic Send String GET /index.html\r\n Receive String Server Leave other settings at default
7. When complete, click Update. 8. What are the members statuses? Was there any change?
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
4-28 6. In the Configuration Section, enter the following: Configuration Level Advanced Health Monitors None Leave other settings at default
7. When complete, click Update. 8. What are the members statuses? Was the change immediate?
Conclusion
At this point, each member is being tested differently. Member 172.16.20.1:80 is set to inherit from pool where the pool has http assigned. Member 172.16.20.2:80 has a specific assignment, my_http. Member 172.16.20.3:80 has no assigned monitor. This configuration is not recommended; rather it is used to demonstrate the three ways monitors can be associated with members.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
4-29
3. In the General Properties Section, enter the following: Name Type Import Settings my_https HTTPS https
4. In the Configuration Section, enter the following: Configuration Level Basic Send String GET /index.html\r\n Receive String Server 2 Leave other settings at default
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
4-30
5. When complete, click Update. 6. What are the members statuses? Why? Was the change immediate? 7. What is the status of the Virtual Server?
NOTE: [1-3] is a simple regular expression that matches any single character in the range from 1 to 3.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
5-31
There is no Lab for Module 5 Profiles. There are labs using Profiles in both Modules 6, Persistence, and 7 Labs, SSL Termination.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
5-32
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
6-33
Lab Requirements:
Two or more working members in https_pool A virtual server at https://10.10.1.100 associated with https_pool
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
6-34
3. In the General Properties section, enter the following: Name Persistence Type Parent Profile Pr_Src_Persist Source Address Affinity source_addr
4. In the Configuration Section, leave all fields at the default settings except for the following: Timeout Mask Click on the Custom checkbox for Timeout and then set the Timeout to 15 seconds. Click on the Custom checkbox for Mask and the set the Mask to 255.255.255.0.
Module 6 Lab Persistence 2. Select Virtual Servers. 3. Select the virtual server of interest, vs_https. 4. Select the Resources tab. 5. Under the Load Balancing section, enter the following: Default Pool Default Persistence Profile Fallback Persistence Profile 6. When complete, click Update. https_pool Pr_Src_Persist None
6-35
8. Leave the * in the search field (show all records) and click Search or Refresh. 9. If no persistent sessions currently appear, refresh your screen connecting to https://10.10.1.100 and then refresh the Persistence Records Statistics again. 10. Why might the persistent connection not appear the first time?
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
6-36
Lab Requirements:
Two or more working members in http_pool A virtual server at http://10.10.1.100 associated with http_pool
3. In the General Properties section, enter the following: Name Persistence Type Parent Profile Pr_Cookie_Persist Cookie Cookie
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Module 6 Lab Persistence 1. In the Configuration Section, leave all settings at default except for the following: Expiration Check the Custom checkbox for Expired, then uncheck Session Cookie and set the Expiration to 2 days
6-37
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
6-38
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
6-39
Lab Requirements:
vs_https with resources https_pool and Pr_Src_Persist profile NOTE: You may want to extend the persistence timeout value in the Persist_Source profile before beginning this lab.
6-40
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
7-41
Lab Requirements:
An existing pool of members at port 80 (http_pool) Access to a web browser
7-42
Generate a certificate
1. From the Navigation pane, expand the Local Traffic section. 2. Either select SSL Certificates and click Create or hover your mouse over SSL Certificates and then click the sign on the flyout menu.
3. In the General Properties section, enter the name TestCertificate. 4. In the Certificate Properties section, enter the following: Issuer Common Name Division Organization Locality State or Province County E-Mail Address Lifetime Self www.test.com Training F5 Networks Seattle Washington US Leave blank 365
5. In the Key Properties, choose the 1024 for the size. 6. Click Finished. 7. If you get an error saying the certificate already exists then change the name and continue.
3. In the General Properties section, enter the name Pr_Client_SSL and accept clientssl as the parent profile. 4. From the Configuration section, check the custom button to the right of Certificate and Key, and choose TestCertificate or your new name from the drop-down list. BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
7-43
4. In the Configuration section, accept all defaults except the SSL Profile (Client) option, and choose the Pr_Client_SSL profile youve just created. 5. In the Resources section, select http_pool as the Default Pool. 6. Click Finished.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
7-44
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
8-45
Lab Requirements:
One or more servers on the internal side of the BIG-IP system An available IP address to use for the NAT
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
8-46
Configure a NAT
1. From the Navigation pane, expand the Local Traffic section. 2. Either select SNATs, the NAT List tab, and Create, or use the flyout menus to expand SNATs NATs and click the sign.
3. In the General Properties section, enter the following: NAT Address Origin Address State 10.10.1.200 172.16.20.2 Enabled
4. In the Configuration section leave everything at defaults: ARP VLAN Traffic 5. Click Finished. Enabled All VLANs
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
8-47
SNAT Labs
Lab Requirements:
Access to a BIG-IP LTM System An available IP address to use for the SNAT
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
8-48
Module 8 Lab NATs and SNATs 2. Either select SNATs and Create, or use the flyout menus to expand SNATs and click the sign. 3. In the General Properties section, the Name SNAT_NW_10X. 4. In the Configuration section, enter the following: Translation Origin IP Address: 172.16.1.201 Address List (next option will appear) Type Network Address 10.0.0.0 Netmask 255.0.0.0 Click Add All VLANs Unchecked
Address List
2. What SNATing is taking place for each Virtual Server? 3. Expected results: you should be successful to both of your virtual servers. Your traffic to https://10.10.1.100 will be SNATed to 172.16.1.33. Your traffic to http://10.10.1.100 will be SNATed to 172.16.1.201. 4. How could you change your SNAT definition to allow traffic from the 192.168.0.0/16 network to be SNATed also?
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
9-49
Lab Requirements:
External IP address of the Virtual Server IP Address(es) of internal node (s)
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
9-50
Module 9 Lab iRules a Source Address Persistence Profile assigned on the Resources tab. Although they wont cause issues with this lab, all NATs and SNATs should have been deleted at the end of Lab 8.
iRules Lab #1
Create and use an iRule that processes requests based on the file extension.
Create a Pool
1. From the Navigation pane, expand the Local Traffic section. 2. Either select Pools and then click Create, or use the flyout menus to expand Pools and click the sign.
3. In the Configuration section, enter the following: Configuration level Name Health Monitors Basic pool1 Leave Blank
4. In the Resources section, enter the following: Load Balancing Method Priority Group Activation New Members Enter and press Add 5. When complete, click Finished. Round Robin Disabled IP: 172.16.20.1 Port: * All Services
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Module 9 Lab iRules 3. In the Properties section, enter the following: Name rule_txt_end when HTTP_REQUEST { if {[HTTP::uri] ends_with "txt"} { pool pool1 } }
9-51
Definition
3. In the General Properties section, enter the following: Name Destination Service Port State vs_rule_txt 10.10.1.101 80 (or HTTP) Enabled
4. In the Configuration section, leave all fields at their default except the following: HTTP Profile http
5. In the Resources section, leave all fields at their default except the following: iRules rule_txt_end
NOTE: Currently, you should get an error message (Cannot display webpage for IE and Connection reset for Firefox) page not found for url http://10.10.1.101 because there is no Default Pool or an else leg for the iRule. Also, files such as file.txt, text.txt and text.one, only exist on Server 1 (172.16.20.1)
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Overview Section / Statistics / Choose from Statistics Type drop-down list. Local Traffic Section / Virtual Servers / Statistics Local Traffic Section / Pools / Statistics
3. Open a new browser, test client connections and explain your results. a. http://10.10.1.101/file.txt b. http://10.10.1.101/text.txt c. http://10.10.1.101
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
9-53
iRules Lab#2
Lab 2 Overview
Create and use an iRule that processes requests based on the TCP port.
Name Definition
rule_tcp_port when CLIENT_ACCEPTED { if {[TCP::local_port] == 80} { pool pool1 } elseif { [TCP::local_port] == 443 } { pool pool2 } }
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
9-54 3. In the General Properties section, enter the following: Name Destination Service Port State vs_tcpport 10.10.1.103 * All Ports Enabled
4. In the Configuration section, accept all defaults. 5. In the Resources section, leave all fields at their default except the following: iRules Default Pool rule_tcp_port pool3
3. To which node is traffic being directed for each client request above and why?
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
10-55
Setup utility
Configuring a pair of BIG-IP systems is very similar to configuring a single BIG-IP system. When you choose Redundant Pair for the High Availability option in the setup utility, there are a few additional parameters than must be set. You must set each systems Unit ID, specify a partner address, and set floating (shared) IP addresses for each VLAN.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
10-56
13. The configuration for BIG-IP #1 should be as if you had just finished all Module9 Labs. Please verify this is the case. Your configuration should be licensed and include five Pools, two iRules, five Virtual Servers, and Monitors assigned to some but not all Pool Members. No Pool Members should be marked Offline (red) or Disabled (black). Finally, the vs_https Virtual Server should have a Source Address Persistence Profile assigned.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
10-57
Step Management Port IP address Management Port Netmask Hostname High Availability Unit ID root password admin password SSH Access VLAN Name on 1.2 Self IP Address Netmask Port Lockdown Floating IP Failover Peer IP Port Association VLAN Name on 1.1 Self IP Address Netmask Port Lockdown Default Gateway Floating IP Port Association
System Y 192.168.1.246 255.255.255.0 bigip2.f5trn.com Redundant Pair 2 default admin * All Addresses Internal 172.16.1.32 255.255.0.0 Allow Default 172.16.1.33 172.16.1.31 1.2 Untagged External 10.10.1.32 255.255.0.0 Allow Default Leave Blank 10.10.1.33 1.1 Untagged
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
10-58
Synchronization Lab
Synchronization should always be from the systems whose configuration is desired. In our case, we wish to Synchronize the BIG-IP #1 configuration to BIG-IP #2 since it has no configuration.
If BIG-IP #2 does not have Virtual Servers from BIG-IP #1, verify the following: Were there errors during Synchronization? (System / Logs / System) Did you Synchronize the wrong way? (from BIG-IP #2 to #1)
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
11-59
12. 13.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
11-60
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
11-61
6. When complete, click Update. 7. When both systems have been set, note that the systems change to active-standby mode. BIG-IP #2 should be the one to fallback to standby state because it is unit 2.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
11-62
8. Normally you would remove the Ethernet cable but for remote labs we will disable Network Failover on unit #2. 9. How quickly did the standby system change to the active role also? 10. If disabling Network Failover on unit #2 does not cause it to go active then you may need to disable Network Failover on unit #1 also. 11. Note that when both systems are in active mode; both are trying to service all virtual servers, NATs and SNATs. 12. Again, normally we would now replace the Ethernet cable but for remote labs we will enable Network Failover again on both units. 13. Unit #2 should now fall back to standby state.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
11-63
Lab Requirements:
A working Active / Standby redundant pair of BIG-IPs.
2. In the Resources section, enter the following: Load Balancing Method Priority Group Activation New Members For each, enter Address and Service Port and press Add 3. When complete, click Finished. Round Robin Disabled 172.16.20.1 port 22 172.16.20.2 port 22 172.16.20.3 port 22
5. In the Configuration section, accept all defaults. 6. In the Resources section, accept all defaults except the following: Default Pool 7. When complete, click Finished. ssh_pool
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
11-64
Perform Failover
1. Force the Active system to standby (System / High Availability / Force to Standby). 2. Notice that the SSH connection has been lost.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
11-65
Lab Requirements:
You must have a virtual server and pool appropriate for persistence other than cookie persistence.
Behavior Prior to Configuring Persistence Mirroring Configure Persistence, Establish an https session
1. From the Navigation Pane, expand the Local Traffic section. 2. Select Virtual Servers and the virtual server vs_https. 3. Select the Resources tab, and ensure that Pr_Src_Persist is still listed as the Default Persistence Profile. 4. Select Local Traffic / Profiles / Persistence and the Pr_Src_Persist profile. Set the Timeout value to 30 seconds and click Update. 5. Synchronize from the same system (System / High Availability / ConfigSync / Synchronize TO Peer). 6. Open a browser session to: https://10.10.1.100. 7. Ensure your session persists by hitting the <Ctrl>-F5 key combination several times.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
11-66
Perform Failover
1. Force the Active system to standby. (System / High Availability / Redundancy / Force to Standby). 2. Refresh the session to https://10.10.1.100. While there is some chance the same node may be chosen, the https session does not persist to the same server. If it does seem to persist to the same node, failover again and test. You may need to refresh by pressing Ctrl-F5 to ensure the browser does not simply display its cache.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Lab Project
LP-67
LP-68
Lab Project
http_pool
my_http
https_pool
BIG-IP LTM Essentials Web based Training Lab Guide 2009 F5 Networks, Inc.
Lab Project
LP-69
BIG-IP LTM Essentials Web based Training Lab Guide 2009 F5 Networks, Inc.
LP-70
Lab Project
Verification
Activity Open a Browser and connect to http://10.10.1.100 Refresh the screen 5-10 times Open a Browser and connect to https://10.10.1.100 Refresh the screen 5-10 times View the node statistics Open a Putty SSH session to: 10.10.1.100:22 After connecting, login User-id: student Password: student View the node statistics Open a Browser and connect (again) to https://10.10.1.100 Refresh the screen 5-10 times View the node statistics Questions Are you load balancing? Why or why not? Working?
Were you able to connect? Which node did you connect to? Do you have an open connection? Are you load balancing? Why or why not? Are you connecting to the same node as you did in test 2, above?
Open a Browser and connect to both https://10.10.1.100 and http://10.10.1.100 Click the link to show source address Open a Browser and connect to https://10.10.1.102
What is your source address for http and https? Why are they different?
Is the session secure? Is the data from BIG-IP LTM to the Server encrypted?
BIG-IP LTM Essentials Web based Training Lab Guide 2009 F5 Networks, Inc.
Lab Project
LP-71
Review Questions
1. Which admin users passwords are changed by the BIG-IP setup utility, and what access do they have?
4. How are monitors created, and what can they be assigned to?
5. If a particular node is in a node disabled condition, will any types of client requests still be directed to that pool member?
6. What is the difference between the client SSL and server SSL Profiles?
BIG-IP LTM Essentials Web based Training Lab Guide 2009 F5 Networks, Inc.
LP-72
Lab Project
Refresh https://10.10.1.100
SSH to: 10.10.1.100:22 Login with user ID and password of student View the node statistics
Did you connect? Which node did you connect to? Do you have an open connection? Are you load balancing? Why or why not? Are you connecting to the same node as 2 steps above? What is source address for http and https? Why are they different? Is the session secure? Is the data encrypted from the Server to the BIG-IP LTM?
BIG-IP LTM Essentials Web based Training Lab Guide 2009 F5 Networks, Inc.
Lab Project
LP-73
2. What is a node? A pool and pool member? A virtual server? Node is IP Address only of a server where Pool Member typically contains both IP Address and Port A Pool is a group of Pool Members, and the Virtual Server is the client representation of the application. Clients seldom know there are multiple Pool Members behind a Virtual.
3. List the load balancing modes. Round Robin is the default load balancing mode but we can also use Ratio, Least Connections, Fastest, Observed and Predictive. F5 Networks continues to add new features to BIG-IP LTM including new load balancing modes, so you might see more depending on what version you are running.
4. How are monitors created, and what can they be assigned to? Just like other objects, they are created by selecting Monitors and clicking the create button or the sign from the flyout menu.
Monitors also need to be assigned before they will be used. Monitors can be assigned to all Nodes or an individual Node, or at the Pool level or to an individual Pool Member
5. If a particular node is in a node disabled condition, will any types of client requests still be directed to that pool member? Yes, client requests can still be directed to a disabled Node if there is still a persistent session (i.e. within the timeout window) On the other hand, if the Node is administratively Forced Offline rather than Disabled then no more client requests will be sent until the Node is Enabled again.
6. What is the difference between the client SSL and server SSL Profiles? The Client SSL Profile encrypts (https) network traffic between the client and BIG-IP. The Server SSL Profile encrypts (https) network traffic between BIG-IP and the servers.
7. Why would you use SNATs? SNATs are used to fix or assist with routing issues. There are MANY ways a SNAT can be used to resolve the many different types of routing issues, two are listed below. o o RFC1918 (non-routable) client traffic outbound to internet Pool Members default route cannot be pointed at BIG-IP, but remember If BIG-IP changes an IP Address then response packet must return through BIG-IP.
BIG-IP LTM Essentials Web based Training Lab Guide 2009 F5 Networks, Inc.
LP-74
Lab Project
BIG-IP LTM Essentials Web based Training Lab Guide 2009 F5 Networks, Inc.
Appendix A
Appendix A:
F5 Networks the Company and its Products
As the pioneer in Application Delivery Networks, F5 continues to lead the industry by driving more intelligence into the network to deliver advanced application agility. F5 products ensure the secure and optimized delivery of applications to any user, using any device, anywhere in the world. Through its flexible and cohesive architecture, F5 delivers unmatched value by improving the way organizations serve their employees, customers and constituentswhile dramatically lowering operational costs. F5s application delivery network products provide:
Application Optimization
F5's architecture automatically assigns every application the right mix of availability, security, and performance at the network level, further optimizing their performance.
Application Security
F5's Application Traffic Management architecture supports integrated security features that protect the delivery of applications by enforcing security policies at the edge of the network, before a session is allowed.
Application Delivery
F5's architecture delivers the raw horsepower, based on tightly integrated security, availability, scalability - all of which work together to deliver exceptional throughput and transaction performance.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix A
F5 Products include:
BIG-IP Local Traffic Manager (LTM) BIG-IP Global Traffic Manager (GTM) BIG-IP Link Controller (LC) BIG-IP Application Security Manager (ASM) BIG-IP Access Policy Manager (APM) BIG-IP WebAccelerator (WAM) BIG-IP WAN Optimization (WOM) Enterprise Manager (EM) FirePass ARX BIG-IP Edge Gateway
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix A
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix A
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix A
FirePass
SSL VPN Remote Access F5's FirePass Controller provides secure remote access to corporate applications and data via standard Web browser technology. It enables companies to extend secure remote access to anyone connected to the Internet using desktops, laptops, PDAs, kiosks and more - while eliminating the need for complex IPSec VPNs. FirePass is the first SSL VPN solution with complete cross-platform support. Extending its support for any IP application to Macintosh, PocketPC and Linux clients, in addition to Windows, and expanding client and application security for Web, email and file application access, FirePass supports access to Web hosts, terminal servers, client-server applications, legacy hosts, mobile devices and Windows desktops, without pre-installed client software.
ARX
Intelligent File Virtualization Information Lifecycle Management (ILM) holds tremendous promise for the enterprise, yet its adoption has been slowed by factors such as proprietary vendor approaches, complexity and lack of internal coordination. Increasingly enterprises are using intelligent file virtualization to create storage tiers and to use those tiers more efficiently, without many of the drawbacks associated with traditional ILM approaches. Intelligent file virtualization offers a simple, open approach to automated storage tiering that can be deployed rapidly to provide a dramatic positive economic impact to enterprises.
iControl SDK
Software Development Kit The iControl architecture and SDK provide an interface between third party solutions and F5's suite of products. This interface creates the opportunity for application developers, ISV's, hardware manufacturers, service providers, and others to add value to their solutions by allowing direct communication with our suite to create a true application-aware network. For more information, please visit http://devcentral.f5.com.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix A
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix B
B-1
F5 Customer Support
Network Support Center
F5 Technical Support is designed to remotely assist you with specific break-fix issues regarding ongoing maintenance of your F5 products. All F5 products come with a one year manufacturer's hardware warranty and 90 days of software media warranty. Technical support is limited to F5 products with active support contracts. Subscribers who require additional levels of support from our support team may opt to upgrade to Premium Support, which includes 24 x 7 support.
Ask F5
Ask F5 is an online knowledgebase accessible 24x7 through our technical support website. Ask F5 gives you real-time access to in-depth product and technical support information, by providing a simple, English language query-based search. Ask F5 provides unlimited access at no additional charge for all F5 customers covered under an F5 annual service agreement.
DevCentral
DevCentral is a community of experienced F5 users who regularly post answers based on real-life knowledge. To assist DevCentral members, F5 provides technical documentation, tips, access to free sample downloads, and a confidential discussion forum for receiving answers to technical questions. DevCentral is free of charge to our customers for building iRules and iControl applications, and the forum is monitored by F5 engineers and experts who offer assistance on technical questions including design, architecture, troubleshooting, and general assistance with building iRules and iControl applications.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
B-2
Appendix B
F5 Networks Technical Support can help resolve problems more quickly when you provide a full description of the problem and the details of your configuration. To help you gather all the required information, use the following guidelines to prepare for opening a case.
General Information
Provide the following information when you open a case with F5 Networks Technical Support:
A full description of the problem, including the following:
The symptoms of the problem. The approximate time the problem first occurred. The number of times the problem has recurred. Any error output provided by the system. Steps to reproduce the problem. Any changes you made to the system before the problem first occurred. Any steps you have attempted to solve the problem. Site Down - Your network or application is down or critical business functions have stopped due to the problem. Site at Risk - Your network or application is severely and negatively impacted by the problem. Performance Severely Degraded - The performance of your network or application has been severely reduced due to the problem. Performance Impaired - Your network or application is suffering from reduced performance, but otherwise continues to work as expected. General Assistance Required - The subject of the case does not currently impact your network or application.
A description of the impact the problem is having on your site, using the following definitions:
The hours that you are available to work on the problem and any alternative contacts that can work on the problem if you are not available. Remote access information, if possible.
Remote access to your network environment is important, because it is the most effective method for collecting information and troubleshooting technical issues. If you cannot provide remote access, F5 Networks Technical Support will work directly with you to resolve the issue over the phone; however, this method can often be more time consuming and may require file transfers, replication, and additional testing.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix B
B-3
tech.out file
A tech.out file contains the configuration files that F5 Networks Technical Support most frequently needs when troubleshooting a problem. A tech.out file is produced by the qkview utility and the terms tech.out and qkview may be used interchangeably. For more information about qkview, refer to SOL1858: Overview of the qkview utility.
Log files
The tech.out file contains the log files for the last day. If the problem has existed for more than a day, provide all the log files on the system, by performing the following steps: 1. Log in to the command line. 2. Change directories to the /var/log directory, by typing the following command: cd /var/log 3. Place all of the log files in a tar archive, by typing the following command: tar -czpf /var/tmp/logfiles.tar.gz * 4. This command will create a tar archive named logfiles.tar.gz in the /var/tmp directory.
Packet traces
If the problem involves the network, perform a packet trace while the problem is occurring and provide the packet trace when you open the case. For more information about performing packet traces with tcpdump, refer to SOL2246: Performing a packet trace and providing the results to F5 Networks Support.
UCS archive
If you cannot give F5 Support remote access to your system, you must provide a UCS archive of the current configuration. For more information, refer to SOL2250: Overview of UCS archives.
Core files
Core files contain the contents of the system memory at the time a crash occurred. If the system has been configured to save core files, they will be located in the /var/savecore directory. Provide any existing core files when you open the case. If the system is crashing and has not yet been configured to save core files, configure it so that a core file will be saved the next time the crash occurs. For more information, refer to the following Solutions:
For switch appliances: SOL2226: Saving core files on BIG-IP or 3-DNS Controllers that have limited disk space For server appliances and blade controllers: SOL266: Configuring the BIG-IP or 3-DNS Controller to save a core dump
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
B-4
Appendix B
tcpdump
tcpdump is one of the main troubleshooting tools used by the F5 Networks Support group to determine what is happening on a BIG-IP LTM System.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix B
B-5
F5 Professional Services
F5 Professional Services executes on the company's paradigm of innovation by delivering a full-range of consulting services, including planning, design, deployments, upgrades, migrations, optimization and application verification to ensure a highly available, scalable and secure infrastructure.
Installation Services
An F5 professional Consultant will work to ensure your F5 product is installed and running as efficiently as possible. Network topology, load balancing design review, application tuning and product orientation are included in this service. Network performance tuning and comprehensive product training are not included.
Optimization Services
F5 Consultants can help you leverage the true power of advanced product features such as compression, caching, and traffic shaping. Network performance tuning and application tuning are also offered to optimize your F5 deployment.
B-6
Appendix B
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix B
B-7
Pre-Installation Information
Objective:
Now having a better understanding of the BIG-IP LTM Software and how it works, this section conveys additional information to consider during a BIG-IP LTM System installation. You will learn the types of hardware and networking questions that need to be answered before an installation takes place.
Servers
1. What type of hardware are your servers? 2. What OS are your servers?
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
B-8
Appendix B
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix B
Pre-Installation Checklist Follow the steps below to ensure proper installation of your BIG-IP LTM System. 1. 2. 3. 4. 5. 6. 7. 8. 9. Provide 3 real internet addresses for a redundant BIG-IP LTM System configuration. Provide a real internet address for each virtual IP address (VIP) or NAT. Provide 3 internal IP addresses (e.g. 10.x.x.x, RFC 1918 etc.) [redundant BIG-IP LTM System configuration]. Provide one internal IP address per node on the internal network. Provide appropriate connectivity to physical segments. Provide the IP addresses of the DNS servers (optional depending on implementation). Provide access to the existing production content server(s), or an alternate content server. Provide a monitor, keyboard and the appropriate power outlet for the monitor. Provide one 110/220 power outlet for each BIG-IP LTM System unit.
B-9
10. Provide monitor A/B switch (optional). 11. Identify and provide access to any management workstations (For example workstation running CA Unicenter or other monitoring tool). 12. Identify and provide access to a monitoring workstation (non-dedicated) for the SSH client software (optional). 13. Designate an individual as the primary contact and BIG-IP LTM System administrator (tier 2 or 3). 14. Verify that each BIG-IP LTM external IP address can be accessed through incoming tcp port 22 (optional - to verify remote administration capability). 15. Verify that each BIG-IP LTM System can use outgoing tcp port 22 from tcp port 1023-1019 (optional). 16. Verify your ability to change DNS A records (for conversion from DNS round robin). 17. Create a DNS entry for each BIG-IP LTM administrative IP address (optional).
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
B-10
Appendix B
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix B
B-11
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
B-12
Appendix B
To activate the license for the system, you must have a base registration key. The base registration key is a 27-character string that lets the license server know which F5 products you are entitled to license. The base registration key is preinstalled on your system. If the system is not yet licensed, the Configuration utility prompts you to enter the base registration key. You enter keys for additional modules using settings in the Add-On Registration Key List area of the License screen.
4. Install version 10 on the slot that is not currently active. See following steps.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix B
B-13
--setdefault --reboot
--setdefault --reboot
Assuming the system is currently booted to the image on slot HD1.1, the following command, run from the /shared/images directory, would install a clean image of version 10 on slot 1.2, change the default boot location to the new image, and reboot the system after installation. image2disk --instslot=HD1.2 --nosaveconfig --setdefault -reboot BIGIP-10.0.0.5401.0.iso Assuming the system is currently booted to the image on slot HD1.1, the following command, run from the /shared/images directory, would install a hotfix on the image in slot HD1.2, but leave the current slot active. image2disk --instslot=HD1.2 --hotfix Hotfix-BIGIP-10.0.05460.HF1.iso After any upgrade, you can confirm the installed versions by issuing the switchboot command. Switchboot displays the version that is installed on each slot, shows which is the current default boot slot, and allows you to change the default boot slot. The output shown below is of a system with version 9.4.5 on slot 1.1 and version 10 with hotfix 1 on slot 1.2. Slot 1.1 is currently set as the default boot slot.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
B-14
Appendix B
The screen above shows the version of the current installations, the default boot image, and the available images to install. The Import button would allow you to copy additional images from your PC to the BIG-IP system. The Hotfix List tab shows the list of Hotfixes on the system. The Boot Locations tab shows the current default boot image but also allows you to change it. The Volume Management tab shows the list of partitions or volumes (version 10 only). Once the system is converted to volumes, additional volumes can be created.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix B
B-15
Reboot and make other partition the active partition 1. Type switchboot and set the original partition as the default boot partition. Verify Installation 1. After the system reboots, verify the version and note the hotfix. b version or tmsh> show /sys version and show /sys license
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
B-16
Appendix B
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix C
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix C
ARCHITECTING BIG-IP IN AN APPLICATION DELIVERY NETWORK (Prereq: LTM Adv Topics) This two-day course gives networking professionals an understanding of how to architect and design BIG-IP devices into an application delivery network. The course builds on the foundation of the BIG-IP Local Traffic Manager (LTM) Essentials and Advanced Topics courses, demonstrating the next steps for implementing BIG-IP in a way that effectively delivers your client applications. The labs for the course involve design exercises and group discussions. Based on the knowledge gained in other BIG-IP LTM courses, you will work with other students to build network designs that incorporate BIG-IP LTM to accomplish customer goals. The course will cover many network design options, as well as best practices for given customer scenarios. The course will also explore other design options available using BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Application Security Manager, BIG-IP Message Security Module, and BIG-IP WebAccelerator. BIG-IP ACCESS POLICY MANAGER (APM) (Prerequisite: None) This two and -day course provides security and network professionals with a functional understanding of the BIG-IP Access Policy Manager (APM). The course includes installation, configuration, management and troubleshooting on a BIG-IP APM. Students will build many different Access Policies representing different customer scenarios using the Visual Policy Editor. This hands-on course includes lectures, labs, and discussions. BIG-IP WEBACCELERATOR (WAM) (Prerequisite: None) This one day course is designed to help network professionals improve web site customer experience using the WebAccelerator product. The course focuses on typical HTTP processes and how the WebAccelerator Module can take advantage of those processes to decrease response time while ensuring data accuracy and integrity. Using lectures and hands-on exercises, participants gain real-time experience configuring WebAccelerator settings including editing standard policies to affect how the traffic is manipulated as it is processed by the system. BIG-IP WAN OPTIMIZATION (WOM) (Prerequisite: None) This half day course is designed to help network professionals improve the performance of WAN connections between Data Centers or Central and Remote Offices using the WAN Optimization product. Using lectures and hands-on exercises, participants gain real-time experience configuring WAN Optimization Module settings. In addition, students will edit the Quick Start template and optimization policies to effect how the traffic is optimized as it is processed by the system. BIG-IP LINK CONTROLLER (LC) (Prerequisite: None) BIG-IP Link Controller is a two-day course that provides network professionals an understanding of how to define, monitor, and load balance bi-directional traffic flow between multiple links to meet business performance and cost priorities. Participants will gain knowledge of essential BIGIP LC features such as virtual servers, pools, monitors and SNATs along with BIG-IP GTM features such as DNS, WideIPs, and Listeners and how these integrate into the Link Controller System. This hands-on course includes lectures, labs and discussions.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix C
CONFIGURING & ADMINISTERING ARX (Prerequisite: None) This three-day course is designed to help students learn about the architecture, configuration, administration and basic troubleshooting of the ARX product family. Students will learn to prequalify storage to be virtualized, design namespaces for CIFS, NFS or multiprotocol environments, configure file, age, and load balancing, etc. This hands-on course includes lectures, labs, and discussions. TROUBLESHOOTING & MONITORING ARX (Prerequisite: Configuring and Administering ARX) This two-day course provides students with a solid understanding of monitoring and troubleshooting techniques for the ARX product family using the CLI and ARX Manager (GUI). Students will learn to upgrade, monitor and troubleshoot namespaces, policies and authentication in CIFS, NFS or multiprotocol environments with an emphasis on both problem determination and avoidance. Students will also learn how to collect diagnostic information and packet captures that will be useful when escalating issues to the F5 Support team. This hands-on course includes lectures, labs, and discussions. FIREPASS V6.X (Prerequisite: None) This three-day course provides security and network professionals with a functional understanding of the FirePass Controller. The course includes installation, configuration, management and troubleshooting on a FirePass system. Lectures, demonstrations, hands-on labs and discussions will be incorporated.
For more details about course offerings, pricing, schedules, and registration, see the following web site: http://www.f5.com/training-support/global-training/
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix C
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.