Task 1: Taking a backup of the BIGIP system

Go to SYSTEMARCHIVECREATE

Create a UCS backup of the system and save it on the system itself.

Name it Original.ucs.

What optional data can be excluded from the UCS file----???

Ans:- Private key option is included nd it can be excluded

Task 2: Generate a QKView support file.

Go to SYSTEMSUPPORT

Name it MyQKview.

What optional data can be excluded from this file.:-- Audit Files, Core filters, Bash history, unlimited
snap and upload to ihealth

Can you create and upload a QKview file to iHEALTH.F5.com from here . Yes

Look for the option of specifying the Support Case Number also if you are uploading a file to support
a TAC case.

Task 3: Which TMOS statistic can be added as part of a custom Dashboard.

CPU usage , memory usage, connections, throughput, processes

Go to DASHBOARDACTION CREATE DASHBOARDCPU USAGE to display the options.

Task 4: Create a pool My_pool

Add Gateway_icmp monitor to the pool.

Leave the default LB method and default setting for the Priority Group Activation.

Add the 3 servers(172.31.76.21,172.31.76.22,172.31.76.23) as pool members with service port set to

80.

What is the status of the pool and the members. Green

What is the ratio and the priority group values for each pool member.

Ration 1 Priority 0

Task 5 : Change the LB method to ratio and assign ratio of 1,2,3 to server 1 , 2 and 3 respectively.

LOCAL TRAFFIC  POOLS POOL-LIST My_pool

Click on each pool member to change its ratio value.

Enable Priority Group Activation and set it trigger if number of pool members falls below 2.

Assign priority group values of 30 to Server1 and Server2 .

Assign priority group value of 10 to Server 3.

How will the connections be distributed among the pool members now.
Initialy in between group ie server 1 and 2 at ratio 1:2

Click on the STATISTICS tab of your pool.

Can you reach the same page without going through the LOCAL TRAFFIC tab.

Yes

(Hint: STATISTICSMODULE STATISTICSLOCAL TRAFFIC POOLS)

You reach on the same page now……..

Task 6: Make a note of what information is available under

STATISTICSMODULE STATISTICSLOCAL TRAFFICSTATUS SUMMARY

What statistics type options are available here. ( Click on the Drop down menu in front of the
Statistics type) to capture that information.

STATISTICSMODULE STATISTICSNETWORKINTERFACES

Where will you get information about fragmented packets.

STATISTICSMODULE STATISTICSTRAFFIC SUMMARY IP.

Task 7 : Create an HTTP Monitor and name it My_http.

LOCAL TRAFFICMONITORCREATE

Choose HTTP for the type of monitor being created.

Use following values:

Send String=Default value.

Receive String = Welcome

Add the monitor to each pool member individually and ensure that pool member is shown as UP if
marked as UP by even one monitor.

LOCAL TRAFFIC POOLS Your Pool Click on each pool member ..Change Configuration to
Advanced.

Done

Select Monitor, move MY_http to active monitor and in availability requirement choose at least 1.

Where do you create a default node monitor.

At nodes

LOCAL TRAFFICNODESDEFAULT MONITOR

Task 8: Create a virtual server named VS_HTTP using the IP address mentioned for your username

Listening on port 80.

LOCALTRAFFICVIRTUAL SERVERS:VIRTUAL SERVER LISTCREATE.

Use following settings:

Destination address/mask=Your VS_IP /20

Service port= 80.

Choose Auto Map for Source Address translation.

Choose My_pool in default pool.

From the Client machine, Launch a browser and type http://VS_IP

You should see the content from the Web servers.

Create another VS using the same address and same settings; name it VS_HTTP1

In source address of this VS , mention the Client machine’s IP address.

Now when you access the VS IP address using the Client Machine’s browser, which VS will you be
matched with.
VS_HTTP1

Search for a KB article “ K14800: Order of precedence for Virtual server matching” in google.

Go through the article , especially the use case mentioned in the last.

Now try to answer the previous question.

Task 9 : What is the default protocol profile associated with your VS.

At a bare minimum, which kind of profile is needed by a VS.

Source Address Affinity:

Create a new persistence profile

LOCAL TARFFICPROFILE:PERSISTENCECREATE

Name = SAA_Profile

Persistence type= Source Address Affinity

Leave all other values at default.

Attach the profile to your VS.

LOCAL TARFFICVIRTUAL SERVERS:VIRTUAL SERVERS LISTVS_HTTP:RESOURCES

DEFAULT PERSISTENCE PROFLESAA_Profile.

Refresh the browser window on the client machine. You should be hitting the same pool member.

Login to the BIGIP CLI from the terminal window in the client machine using

SSH student@SELF_IP of External VLAN

Password=N3wp@$$w0rd

Switch to TMSH using the TMSH command.

View the Persistence records created using the following command.

Show LTM persistence persist-records.

What information is being stored in the records.

One entry is there due to which it goes to same server again

COOKIE PERSISTENCE:

Create a new persistence profile.

LOCAL TRAFFICPROFILE:PERSISTENCECREATE
Name = MY_cookie

Persistence type  Cookie

Cookie methodHTTP cookie insert

Cookie name = MY_cookie

Leave the rest of the values at default.

What other methods of cookie are supported. passive and rewrite

What fields would you modify to encrypt the cookie.

Cookie Encryption use policy

Map the profile to your VS.

LOCAL TRAFFICVIRTUAL SERVERS:VIRTUAL SERVERS LIST:VS_HTTP:RESOURCES

DEFAULT PERSISTENCE PROFILEMY_cookie.

Refresh the browser on the Client machine.

You should again be persisting to same pool member.

Yes

Check the persistence records created on the BIGIP system from the CLI.

Ok no connection is there

Why don’t you see any records here???

It is in client web browser

Task 10 : Create a new VS using the same IP address but listening on port 443.

Name VS_https

Source Address translationAutoMap

Default Pool  MY_pool

Try accessing the VS using the browser of the Client Machine by typing

https:// IP of VS_https

Why does it not work.

SSL OFFLOADING needed (can be done by attaching http and client ssl)

Create a self-signed certificate on the BIGIP

SYSTEMCERTIFICATE MANAGEMENT: TRAFFIC CERTIFICATE MANAGEMENT:SSL CERTIFICATE
LISTCREATE

Name =MY_ssl

Common Name= SSL_cert

Leave rest of the values at default.

Finished.

Create a new SSL Client profile.

LOCAL TARFFICPROFILE:SSL:CLIENTCREATE.

Name = MY_Profile

Parent Profile= Client SSL

Certificate Key ChainADD

Certificate= MY_ssl

Key= MY_ssl

Chain= MY_ssl

Leave rest of the values at default.

Finished.

Attach the profile to VS_https.

LOCAL TRAFFICVIRTAUL SERVERS:VIRTUAL SERVERS LIST: VS_https.

SSL Profile (client)MY_Profile to selected and update.

Now try to access the same VS from the browser on the Client machine.

Yes Working

You should be seeing the content from the Web Servers now.

ClientBIGIP is HTTPS

BIGIP Pool Member is HTTP.

Task 11: Where do you configure Port Lock down properties for each SELF IP: At Neterk-Self ip
What are the options available…….Allow none Allow default Allow 443

Search in google and list down the protocols allowed by the “ Allow Default “ option.

You need to remember this. ok

Task 12 : To which Traffic Group does the floating Self IP belong by default. Traffic group 1

Where can you change the traffic group of a SELF IP

Network- SelfIP- …….It will be there in internal and external self ip config

Task 13 : Packet Filtering is enabled by default or disabled. Disable

Check under the Network Tab for this.

What is the difference between Packet filter and Port Lock down.

Packet filter used for VS to filter content and port lockdown for self IPS

Task 14 : Where can you configure Traffic groups on the BIG IP .

DEVICE MANAGEMENTTRAFFIC GROUPS

Where do you specify the MAC MASQUERADE Address. In Device Management---> traffic group

Click on the Traffic Group to see the option.

Task 15 : Where do create and add users on the BIG IP system.

SYSTEMUSERS:USERS LISTCREATE.

What are the different types of roles available.

There are 11 diff kind of user (including No access) where admin has all credentials n no access has
no

Search and list down the capabilities that exist in each role. Ok

Task 16 : Where do you specify a DNS , NTP and UP stream Proxy Server on the BIG IP system.

SYSTEMCONFIGUARTIONDEVICENTP

SYSTEMCONFIGUARTIONDEVICEDNS

SYSTEMCONFIGUARTIONDEVICEUPSTREAM PROXY.
Task 17 : Log in to the CLI of the BIG IP

Achieve the following using the CLI and note down the commands that you issued.

a) See the management IP address of the system: tmsh list /sys management-ip

b) See the management route of the system tmsh list /sys management-route

c) Create a management IP tmsh create /sys management-ip [ip address/netmask]

d) List the virtual servers on the system tmsh list ltm virtual

e) Add a virtual server tmsh create ltm virtual VS destination 172.31.96.106:80 pool My_pool
ip-protocol tcp source-address-translation { type automap }

f) Add a node (173.1.1.1) tmsh create ltm node 173.1.1.1

g) Create a pool (test_pool) with 2 members (1.1.1.1:80 and 1.1.1.2:80)

tmsh create ltm pool <pool nam> members add { <ip:port> <ip:port> <etc> } monitor http

h) Change the load balancing method of the above pool tmsh modify ltm pool load-balancing-
mode ratio

i) Show the self IP on the system. tmsh list net self

j) Create a new Self IP, Vlan: I didn’t get it properly. For this I hve to use tagging I guess ?

k) Look at the interface statistics ok

Note the different options : LIST, CREATE, MODIFY and note where to use which option.

Task 18 : From the Network Map in LOCAL TRAFFIC,

a) Can you see a pool that’s not been assigned to a VS yet. NO

b) Can you determine the monitor assigned to a pool member. Yes if it is green if red due to
monitor when curser is on that then u can see it is being due to monitor. it will show
monitor is there or not ….which monitor is there its not mentioned