BIG-IP F5 LAB GUIDE

Administration, Configuration & Troubleshooting

BIG-IP LTM

LAB GUIDE

This document will guide you in:

1. Perform the lab exercises

| Remote Labs 1
BIG-IP F5 LAB GUIDE

| Remote Labs 2
 BIG-IP F5 LAB GUIDE

Initial Configuration Lab:-

1. Connect to the BIGIP Console using the Putty tool on your PC desktop
2. Login using the default CLI username and password
3. Run the Config script to configure the Management IP
a. If you are on BIGIP1, management IP should be 192.168.2.11
b. If you are on BIGIP2, management IP should be 192.168.2.12
4. Access the Web GUI using the management IP
5. Login using default GUI username and password
6. Follow the wizard to complete the initial configuration please note the BIGIPs are already
licensed
7. Hostname should be a FQDN. Refer to the table below
BIGIP1.lab.local

8. Under Resource Provisioning, please enable only the LTM module as Nominal
9. Refer to the BIGIP interface to VLAN to SELF-IP mapping on page 2 (under the Accessing
remote lab section point 3)
10. Under the Local Traffic section, create the below new configurations

Pool Name: http-pool

LB Method: default
Pool Members Server1: 172.16.1.54:80
Server2: 172.16.1.55:80
Server3: 172.16.1.56:80
Pool Monitor http
Node Monitor gateway_icmp
Name: http-vs
Destination IP: 192.168.100.10/24
SNAT: Automap
Virtual Server Default Pool: http-pool

11. Open Mozilla browser and connect to the Virtual Server IP on http to test this
configuration. Refresh the page multiple times to see the load balancing happening.
Also, view the statistics of Pool & Virtual Server.

Note the result in the box below:

| Remote Labs 3
 BIG-IP F5 LAB GUIDE

Priority Group Activation Lab:-

1. Reset the statistics for http-pool: Under Local Traffic >> Pools >> Pool List, click on
http-pool, under statistics select all the pool members and click on reset.
2. Go to Members tab
3. In the Load Balancing section, change the Priority Group Activation to Less than ,
the number of Available Member to 2, and click Update.

Member Ratio Priority Group

172.16.1.54:80 1 3
172.16.1.55:80 2 2
172.16.1.56:80 3 1

4. Open a new browser session and connect to the Virtual Server IP

5. Refresh the browser multiple times
6. View the pool statistics. What are the results?
7. Reset the statistics of http-pool.
8. Disable pool member 172.16.1.55:80 in http-pool
9. Back on your browser session to the Virtual Server IP, refresh multiple times.
10. View the pool statistics, what are the results?
11. Enable the pool member 172.16.1.55:80 in http-pool

Note the results in the box below:

| Remote Labs 4
 BIG-IP F5 LAB GUIDE

Network Map Lab:-

View configuration and status from Network Map

1. Select Network Map under the Local Traffic section.

2. Move your mouse over both Virtual Server and Pool objects and notice what
information is displayed.
3. Select a Pool member and disable it. Use the following steps:
a. From the Network Map, click on a member of pool http-pool
b. In the Member Properties section, set State to Disabled
c. Click Update.
4. Notice the status changed to disabled or a black circle. Navigate back to the Network
Map and view the status there as well.
5. Change the search field to 1.54 and then click Update Map. Notice that all members
are still listed, but search matches are highlighted.
6. Enable the disable pool member
7. From the Navigation Pane, expand System and select Preferences
8. Change the Start Screen from Welcome to Network Map and Update.
9. Logout using the Log out button in the upper-right corner of the GUI
10. Log back in and notice that you are placed directly in the Network Map now.

Remarks:

| Remote Labs 5
 BIG-IP F5 LAB GUIDE

Ratio Node Load Balancing Lab:-

1. Reset the statistics of http-pool: Under Local Traffic >> Pools >> Pool List, click on
http-pool, under statistics select all the pool members and click on reset.
2. Go to the Members tab and change the load balancing method to Ratio (Node)
3. Change the ratio of the node 172.16.1.56 to 5
a. Select Nodes from the Local Traffic section
b. From the Nodes List tab, select 172.16.1.56
c. Within the Configuration section, change the Ratio value to 5
d. Click Update.
4. Close all the open browser sessions and open a new session and connect to Virtual
Server IP on http
5. Refresh the browser multiple times
6. View the pool statistics. What are the results?

Note the results in the box below:

| Remote Labs 6
 BIG-IP F5 LAB GUIDE

Member Threshold Lab:-

1. Reset the statistics of http-pool: Under Local Traffic >> Pools >> Pool List, click on
http-pool, under statistics select all the pool members and click on reset.
2. Change the Connection Limit of pool member 172.16.1.56:80 in http-pool to 1
a. Select Pools from the Local Traffic section
b. Select http-pool and then the Members tab
c. Select 172.16.1.56:80
d. With the Configuration section, set the Connection Limit to 1
e. Click Update
3. Close all the open browser sessions, open a new session and connect to Virtual
Server IP on http
4. Refresh the browser multiple times
5. View the pool statistics. What are the results?
6. With the http-pool:
a. Change the load balancing method to Round Robin.
b. Disable the Priority Group Activation
c. Set Connection Limit and Priority Group for 172.16.1.56:80 to 0
d. Set the Priority Group for 172.16.1.54 & 172.16.1.55 to 0

Note the results in the box below:

| Remote Labs 7
 BIG-IP F5 LAB GUIDE

Custom Monitors Lab:-

1. Select Monitors under Local Traffic
2. Click the Create button to create a new custom http monitor
3. Refer to the table below to customize this new monitor

4. Select Pools under Local Traffic

5. Associate the new http monitor my_http to the http-pool
6. Click Update
7. What is the status of the http-pool? What are the statuses of the members? Each time
the Members tab is clicked, the screen will refresh. Which monitor(s) are testing the
member?
8. Select Advanced from the drop-down box next to Configuration
9. Notice the Availability Requirement of the pool monitors
10. Change it from All to At least 1 and click Update
11. Did the status of the pool and/or pool members change?
12. Change the Availability Requirement back to All

Enabling and Testing Receive Disabled String

1. Select the my_http monitor under Local Traffic >> Monitors

2. Set the Receive Disabled String to Server 1. Click Update
3. Check the status of the Pool and its members
4. Remove the Receive Disabled String from the my_http monitor. Click Update

Enabling and Testing Manual Resume

1. Select my_http monitor under Local Traffic >> Monitors

2. Under the Advanced configuration, set the Manual Resume to YES. You may wish
to decrease the Interval and Timeout settings as well. Click Update to save changes.
3. Check the status of the http-pool and its members
4. Change the Receive String of my_http monitor to Server [1-3] and save the changes
5. Test the results by verifying the status of the pool and its members, and by sending
traffic to the Virtual Server.
6. Set the Manual Resume back to NO
7. Click Update to save the changes

Note the results in the box below:

| Remote Labs 8
 BIG-IP F5 LAB GUIDE

HTTP Compression Lab:-

Testing without Compression

1. Create a pool containing only the member 172.16.1.54:80 and create a virtual server
using IP 192.168.100.11 (student1) or 192.168.100.21 (student2) and associate the pool
with this virtual server.
2. Access the virtual server http://<virtual_server_IP>/index.html
3. Notice the size of data outbound _____________

Testing with Compression Default Options

1. Create a custom HTTP Compression Profile (Local Traffic >> Profiles >> Service).
Accept all default values
2. Associate this custom profile with the virtual server
3. Clear the statistics on the virtual server
4. Access the virtual server http://<virtual_server_IP>/index.html
5. Notice the size of data outbound ______________

Testing with Compression Custom Options

1. Edit the custom HTTP Compression profile. Set the URI Compression to Not
Configured.
2. Save the change and test.
3. Notice the size of data outbound ______________

Note the results in the box below:

| Remote Labs 9
 BIG-IP F5 LAB GUIDE

Web Acceleration Lab:-

Testing without Caching

1. Use an existing or create a new virtual server with no HTTP profile.

2. Clear the statistics of the virtual server
3. Open a new browser session and access the virtual server. Refresh the browser
multiple times.
4. Check the connection count in the virtual server or pool statistics

Testing with Caching

1. Create a custom Web Acceleration profile. Accept all defaults

2. Associate this new profile to the virtual server
3. Close all existing browser sessions and open a new session. Access the virtual server
4. Refresh the browser multiple times.
5. Check the connection count in the virtual server or pool statistics

Note the results in the box below:

| Remote Labs 10
 BIG-IP F5 LAB GUIDE

Source Address Persistence Lab: -

1. Go to Local Traffic >> Profiles >> Persistence >> Click Create
2. Name: src_persist, Persistence Type: Source Address Affinity
3. Click on the check-boxes next to Timeout & Mask
4. Change the Timeout to 10 seconds
5. Specify the Prefix length as 24 and click on Finished
6. Associate this persistence to the Virtual Server
7. Go to Local Traffic >> Virtual Server >> Select an existing one
8. Click on the Resources tab >> Default Persistence Profile >> Select src_persist
9. Click Update
10. Verify by accessing the Virtual server. You should be persistent with the first hit
server for 10 seconds
11. Run the below command from the CLI to see the persistent table
a. show ltm persistence persist-records

Cookie Persistance Lab: -

1. Go to Local Traffic >> Profiles >> Persistence >> Click Create
2. Name: cookie_persist, Persistence Type: Cookie
3. Click on the check-box next to Cookie Method and change it to HTTP Cookie Insert
4. Click on the check-box next to Cookie Name and enter bigip-insert-cookie
5. Click on Finished
6. Associate this persistence to the Virtual Server
7. Go to Local Traffic >> Virtual Server >> Select an existing one
8. Click on the Resources tab >> Default Persistence Profile >> Select cookie_persist
9. Click Update
10. Verify by accessing the Virtual server. You should be persistent till the time the
browser open, because this is a session cookie

View the cookie on you browser to verify the BIGIP has sent the cookie to the client

| Remote Labs 11
 BIG-IP F5 LAB GUIDE

SSL Offloading Lab:-

1. First step is to create or import the SSL certificate onto the BIGIP.
2. Under the System tab, hover the mouse over File Management, then click on SSL
Certificate List.
3. In this lab, we will create a self signed certificate
4. Click on the Create button to create a new certificate
5. Enter a name for this certificate and the Issuer should be Self
6. In the Common Name, enter the IP address of the virtual server you will be creating
for this https application
7. Click Finished
8. Next step is to create a client SSL profile
9. Under the Local Traffic tab, hover the mouse over Profiles SSL, then click on
Client
10. Click Create to create new client SSL profile
11. Enter a name for this profile, then click on the checkbox next to the Certificate
12. From the Certificate drop-down, select the new certificate and from the Key drop-
down, select the same certificate.
13. Click on Add
14. Click on Finished at the bottom of the screen
15. The final step is to associate this client SSL profile to the virtual server
16. Under Local Traffic, hover the mouse over Virtual Server and create a new Virtual
Server. Configure the IP address and the port (443)
17. Under the SSL Profile (Client), move the newly created profile from the available list
to the selected list.
18. Associate the http-pool to this virtual server
19. Click Finished
20. Open a browser and test the connectivity https://<virtual-server-IP>

| Remote Labs 12