PBC - Workbook - UDF - V15.1a - 2020-06-02 (LTM & GTM)

PBC – 3-day Partner Technical
Boot Camp
Hands-On Exercise Guide – UDF Version
Document version 15.1A

Written for: TMOS® Architecture v15.1.0.0.0.31
F5 Worldwide Field Enablement Last Updated: 6/2/2020

Learn More, Sell More, Sell Faster
UDF Environment Diagram
©2020 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in
certain other countries. Other F5 trademarks are identified at f5.com.
Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or
affiliation, express or implied, claimed by F5.
These training materials and documentation are F5 Confidential Information and are subject to the F5 Networks Reseller Agreement. You
may not share these training materials and documentation with any third party without the express written permission of F5.
Table of Contents
BIG-IP Local Traffic Manager ............................................................................................................................. 1
LTM Lesson 1 – Install a BIG-IP System ......................................................................................................... 1
Exercise – Configure the BIG-IP System ........................................................................................................ 2
LTM Lesson 2 – How BIG-IP LTM Processes Traffic ...................................................................................... 1
Exercise – Create Pools and Virtual Servers ................................................................................................. 2
LTM Lesson 3 – Use Secure Network Address Translation ......................................................................... 9
Exercise – Configure SNAT Auto Map .........................................................................................................10
LTM Lesson 4 – Configure Pool Settings .....................................................................................................12
Exercise – Use Pool Settings ........................................................................................................................13
LTM Lesson 5 – Use Health Monitors .........................................................................................................18
Exercise – Use Health Monitors ..................................................................................................................19
LTM Lesson 6 – Use Profiles ........................................................................................................................25
Exercise – Use HTTP and Stream Profiles ...................................................................................................26
LTM Lesson 7 – Use Persistence Profiles ....................................................................................................30
Exercise – Use Source Address and Cookie Persistence ............................................................................31
LTM Lesson 8 – Use SSL Bridging and SSL Offload .....................................................................................36
Exercise – Use SSL Bridging and SSL Offload ..............................................................................................37
BIG-IP DNS .........................................................................................................................................................43

DNS Lesson 1 – DNS Review and Deployment Options ............................................................................. 43
DNS Lesson 2 – BIG-IP DNS Services ...........................................................................................................44
Exercise – Examine DNS Services ................................................................................................................45
DNS Lesson 3 – GSLB – Data Centers and Server Objects .........................................................................50
Exercise – Create Data Center and Server Objects ....................................................................................51
DNS Lesson 4 – GSLB – DNS Virtual Servers, DNS Pools, and Wide IPs ...................................................54
Exercise – Use DNS Virtual Servers, DNS Pools, and Wide IPs ................................................................. 55
LTM Lesson 1 – Install a BIG-IP System
BIG-IP Local Traffic Manager

NOTES
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
F5 WWFE Lab Guide – Partner Technical Boot Camp -UDF Version v15.1A Page | 1
Exercise – Configure the BIG-IP System

x Estimated completion time: 45 minutes
Task 1 – Access Your Class Application Portal

Use a web browser to access your class application portal.
Open the email from your instructor containing the class application links, and then click the link assigned to you.
This opens your class application portal.
For the Windows Jumpbox image, click RDP, and then log in as external_user / admin.F5demo.com
Task 2 – Complete the Setup Utility

Complete the remaining steps of the Setup Utility.
On the Windows Jumpbox desktop use Chrome to access https://10.1.1.5, and proceed with the untrusted
security certificate.
Log in to the BIG-IP system as admin / admin.F5demo.com
On the Welcome page click the link Run the Setup Utility.
On the General Properties licensing page click Next.

On the Current Resource Allocation page note that the following modules are already configured.
This was completed prior to starting the exercise.
o Local Traffic (LTM)
o Application Security (ASM)
o Global Traffic (DNS)
o Access Policy (APM)
Click Next, and then on the General Properties / Certificate Properties page click Next.
On the General Properties / User Administration page change the Host Name to bigipA.f5demo.com, and then
click Next.
Under Standard Network Configuration click Next.
On the Redundant Device Wizard Options page clear the Display configuration synchronization options
checkbox, and then click Next.
On the Internal Network Configuration page, review the following settings, and then click Next.
Self IP: Address 10.1.20.240
Self IP: Netmask 255.255.255.0
Self IP: Port Lockdown Allow Default
On the External Network Configuration page, review the following settings and update the highlighted setting,
and then click Finished.
Self IP: Address 10.1.10.240
Self IP: Netmask 255.255.255.0
Self IP: Port Lockdown Allow 443
Default Gateway 10.1.10.2
You are presented with the BIG-IP system Configuration Utility.
To find manuals and product information click the User Documentation link to go to support.f5.com.
You can use this site to view knowledge base articles and download product manuals.
Close the Ask F5 tab.
Task 3 – Review Configuration Objects

Use the Configuration Utility to view the TMOS objects created with the Setup Utility.
Use the left navigation menu to open the Network > VLANs > VLANs List page.
The Setup Utility created two VLANs: external and internal.
Open the Network > Self IPs page.
The Setup Utility created two self IP addresses: 10.1.10.240 on the external VLAN, and 10.1.20.240 on
the internal VLAN.
Open the Network > Routes page.
The Setup Utility created a route named external_default_gateway pointing to 10.1.10.2.
Task 4 – Explore Command Line Access (CLI) and TMSH

Use PuTTY to access the BIG-IP system using SSH and view configuration details using CLI and TMSH.
From the desktop open PuTTY and use SSH to connect to the external self IP address 10.1.10.240.
You are unable to access the BIG-IP system.

Close PuTTY, and then in the Configuration Utility open the Network > Self IPs page and click 10.1.10.240.
You were unable to access the self IP address using SSH because the Port Lockdown option is set to allow
access for TCP port 443 only.
In the Custom List section select the Port option, and then enter port 22 and click Add.
Click Update.
Open PuTTY again and connect to 10.1.10.240, and log in as root / default.F5demo.com
Resize the PuTTY window to fill more of the desktop.
At the CLI type:
tmsh list net se (and then press the Tab key)
Question:
No
Did autocorrect display options? _____________________
At the CLI complete the command and press Enter.

tmsh list net self
Question:
Self IP Information
What information is listed? ________________________________
At the CLI type:

tmsh (and then press the Enter key)
At the tmos prompt type:

list net vl (and then type the Tab key)
Questions:
Yes
Did autocorrect display options? _______________________
Vlan
Which options are available? _______________________________________
Why did the tmos prompt replace list net vl with list net vlan?
Yes
_______________________________________________________________________
Press the Enter key.
Question:
Vlan Name, Vlan Interface and Tag ID
What information is listed? ________________________________
At the tmos prompt navigate to another location by typing the following:

ltm
node

?
TMOS displays the commands you can use for nodes in LTM.
Press the Enter key several times to scroll through the options, and then press Q to exit the list of commands.
create ? (there must be a space key before the “?”)
TMOS displays available commands and required objects. The create command requires a name to identify the
node.
create test_node ? (there must be a space key before the “?”)
The create command followed by a name requires a text name or an IP address.
create test_node address ? (there must be a space key before the “?”)
You must include an IP address.
create test_node address 10.20.30.40 (and then press the Enter key)
list
In the Configuration Utility open the Local Traffic > Nodes > Node List page.
You created a node on the BIG-IP system.

In PuTTY, at the tmos prompt type:
delete test (and then press the Tab key)
There is only one possible option, so autocorrect completes the next word.
Press the Enter key to complete the delete command.
In the Configuration Utility reload the Node List page.
You’ve removed the node from the BIG-IP system.
Task 5 – Create an Archive File

Use TMSH to create an archive file.

/ (and then press the Enter key; this brings you back to the root TMOS level)
save sys ucs pbc_lesson1
Once the archive file has saved, at the tmos prompt type:
quit
At the CLI type:

exit
In the Configuration Utility open the System > Archives page.
Question and Answer Key

Task 4 – Explore Command Line Access (CLI) and tmsh
Q: Did autocorrect the display options?
A: No
Q: What information is listed?

A: The self IP addresses on the BIG-IP system.
Q: Did autocorrect the display options?

A: Yes
Q: Which options are available?

A: vlan, vlan-group
Q: Why did the tmos prompt replace list net vl with list net vlan?
A: It assumes we want to type either vlan or vlan-group, so it filled in the characters shared by
both options.
Q: What information is listed?

A: The VLANs on the BIG-IP system.
LTM Lesson 2 – How BIG-IP LTM Processes Traffic

NOTES
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
Exercise – Create Pools and Virtual Servers

Task 1 – Create a Basic Pool

Create a pool with basic settings containing three web servers.
If needed, re-open your RDP session to the Windows Jumpbox desktop.

Open Chrome and click the BIGIP_A bookmark, and then log in as admin / admin.F5demo.com
Open the Local Traffic > Pools > Pool List page and click Create.
Create a pool using the following information, and then click Finished.
Name http_pool
New Members Address Service Port
(Click Add for each entry) 10.1.20.11 80 (Click Add)
10.1.20.12 80 (Click Add)
10.1.20.13 80 (Click Add)
Open the Local Traffic > Nodes > Node List page.
The BIG-IP system automatically creates a node for each pool member, using the node IP address as the
node name.
Task 2 – Create a Virtual Server Using the New Pool

Create a virtual server with basic settings that uses http_pool.
Open the Local Traffic > Virtual Servers > Virtual Server List page and click Create.
Create a virtual server using the following information, and then click Finished.
Name http_virtual
Destination Address/Mask 10.1.10.20
Service Port 80 (HTTP)
Resources > Default Pool http_pool
Task 3 – Verify Virtual Server and Pool Functionality

Use a web browser to access http_virtual and ensure that you’re receiving information from all three
pool members.
Use a new tab to access the virtual server at http://10.1.10.20.

Each image file identifies which node supplied it. You can also see which node identified the index.php page.
There are page elements coming from all three of the pool members.
In the Configuration Utility tab open the Virtual Server > Statistics > Virtual Server page.
Question:
3
How many connections were opened to create the web page? ___________
In the F5 vLab Test Web Site tab use Ctrl+F5 several times to reload the page.
→NOTE: This forces the web browser to refresh the page without using its cache.
In the Configuration Utility, from the Statistics Type list select Pools.
Expand http_pool by clicking the + icon.
Questions:
Yes
Did traffic go to each pool member? _____________
Yes
Did each member manage approximately the same number of connections? __________
Task 4 – Use TMSH to Create Basic Pools and Virtual Servers

Use TMSH to create a pool containing three pool members listening on all ports (use 0 to identify all ports),
and then create a virtual server listening on all ports that references the new pool.
Here is the syntax for creating a pool using TMSH

tmsh action create BIG-IP product ltm object type pool new object name all_ports_pool members (which
enables you to begin specifying pool members) action add open curly brace { first pool member name:port
member1:0 open curly brace { address specify the node IP address 10.1.20.11 closing curly brace (for the
address statement) } closing curly brace (for the add statement) }
Example with only the TMSH syntax with one pool member
tmsh create ltm pool all_ports_pool members add { node1:0 { address 10.1.20.11 } }
Example with two pool members

tmsh create ltm pool all_ports_pool members add { node1:0 { address 10.1.20.11 } node2:0 { address 10.1.20.12 } }
Let’s try it!

Open PuTTY and open the BIGIP_A saved session and log in as root / default.F5demo.com
At the CLI type (or copy and paste) the following TMSH command. (NOTE: Use the PBC copy and paste guide
or the PBC -Workbook on the Windows desktop.)
tmsh create ltm pool all_ports_pool members add { 10.1.20.11:0 { address 10.1.20.11 } 10.1.20.12:0 { address
10.1.20.12 } 10.1.20.13:0 { address 10.1.20.13 } }
In the Configuration Utility tab open the Local Traffic > Pools > Pool List page, and then in the all_ports_pool row
in the Members column click the 3 link.
Question:
0
Which Service Port do the pool members listen on? _______________
Questions:
No
Did BIG-IP LTM create new nodes for this pool? _______________
Already Same Address with Previous Pool

Why or why not? _________________________________________________________
Here is the syntax for creating a virtual server using TMSH

tmsh action create BIG-IP product ltm object type virtual new object name all_ports_virtual destination specify
the virtual server IP address:port 10.1.10.20:0 pool specify the pool all_ports_pool
Let’s try it!

In PuTTY, at the CLI type (or copy and paste) the following TMSH command.
tmsh create ltm virtual all_ports_virtual destination 10.1.10.20:0 pool all_ports_pool
In the Configuration Utility tab open the Local Traffic > Virtual Servers > Virtual Server List page and
examine all_ports_virtual.
Questions:
0 (Any)
Which Service Port does the virtual server listen on? _______________
Performance (Layer4)
What is the virtual server Type? _________________________
Standard
What is the virtual server Type of http_virtual? _________________________
There are now two virtual servers listening on the same IP address, one on port 80 only, the other on all ports.
Open the Virtual Server > Statistics > Virtual Server page.
Select the http_virtual checkbox, and then click Reset.
In the F5 vLab Test Web Site tab use Ctrl + F5 several times, and then close the tab.
On the Virtual Servers statistics tab click Refresh.
Question:
http_virtual
Which virtual server processed these requests? _________________________
Select the checkbox for the virtual server that received requests, and then click Reset.
Open PuTTY and connect to the virtual server at 10.1.10.20 (type Yes when prompted, but do not log in), and then
close PuTTY.
On the Virtual Servers statistics tab click Refresh.
Question:
all_ports_virtual
Which virtual server processed this request? _________________________
Select the checkbox for the virtual server that received requests, and then click Reset.
Open Internet Explorer and access https://10.1.10.20 and click More information, then continue to the webpage,
then use Ctrl + F5 several times, and then close the page.
On the Virtual Servers statistics page click Refresh.
Question:
Both of Two
Which virtual server processed these requests? _________________________
We’re now going to use TMSH to delete both the pool and the virtual sever, however it’s important to note
that you cannot delete a pool when it’s attached to a virtual server. You must first delete the virtual server, and
then you can delete the pool.
Here is the syntax for deleting a virtual server using TMSH

tmsh action delete BIG-IP product ltm object type virtual object name http_virtual
Here is the syntax for deleting a pool using TMSH

tmsh action delete BIG-IP product ltm object type pool object name http_pool
Let’s try it!
In PuTTY, at the CLI copy and paste the following TMSH commands together.
tmsh delete ltm virtual all_ports_virtual
tmsh delete ltm pool all_ports_pool
In the Configuration Utility open both the Virtual Server List and the Pool List pages and verify that the two
objects were deleted.
Task 5 – Disable the Current Virtual Server

To prepare for the next task, disable http_virtual, and then add a route from your workstation to
the 10.1.20.0 network.
Open the Virtual Server List page, then select the http_virtual checkbox, and then click Disable.
→NOTE: You must disable this virtual server to use new virtual server you’ll create in the next task.
Use a new tab to attempt to access a pool member directly at http://10.1.20.13.

The request fails, as your workstation not have direct access to the 10.1.20.0 network.
Open the Start menu and type cmd (but do not press Enter).
Right-click Command Prompt and select Run as administrator, and then click Yes.
At the command prompt type the following commands.

route add 10.1.20.0 mask 255.255.255.0 10.1.10.240
route PRINT
This adds a route to the 10.1.20.0 network through the external self IP address (10.1.10.240) of
the BIG-IP system.
Reload the tab to access a pool member directly at http://10.1.20.13.
The request fails again, as the BIG-IP does not have a listener to forward this request to the internal network.
Task 6 – Create a Forwarding (IP) Virtual Server

Create a forwarding (IP) virtual server for the 10.1.20.0 network.
In the Configuration Utility create a virtual server using the following information, and then click Finished.
Name forwarding_virtual
Type Forwarding (IP)
Destination Address/Mask 10.1.20.0/24
Service Port * All Ports
Protocol * All Protocols
Reload the tab to access a pool member directly at http://10.1.20.13.

The request is successful. Notice in the Request Details section the virtual server address is the same as the
pool member address. The virtual server did not process the packet, but simply forwarded it to the internal
network.
Edit the URL to https://10.1.20.12, and then close the tab.
Open PuTTY and connect to 10.1.20.15, and then close PuTTY.
→NOTE: It’s not necessary to log into the web server to complete this task.
You now have access to all ports and all protocols on the 10.1.20.0 network.
In the command prompt type the following, and then close the command prompt.
route DELETE 10.1.20.0
PREPARE FOR NEXT EXERCISE

tmsh delete ltm virtual forwarding_virtual
tmsh delete ltm virtual http_virtual
tmsh delete ltm pool http_pool
tmsh delete ltm node 10.1.20.11
exit

Task 3 – Verify Virtual Server and Pool Functionality
Q: How many connections were opened to create the web page?
A: 13
Q: Did traffic go to each pool member?

A: Yes
Q: Did each member manage approximately the same number of connections?

A: Yes
Task 4 – Use TMSH to Create an Application Listening on All Ports

Q: Which Service Port do the pool members listen on?
A: 0
Q: Did BIG-IP LTM create new nodes for this pool?

A: No
Q: Why or why not?

A: Because the nodes already existed from the previous pool.
Q: Which Service Port does the virtual server listen on?

A: 0
Q: What is the virtual server Type?

A: Performance (Layer 4)
Q: What is the virtual server Type of http_virtual?

A: Standard
Q: Which virtual server processed these requests?

A: http_virtual
Q: Which virtual server processed this request?

A: all_ports_virtual
Q: Which virtual server processed these requests?

A: all_ports_virtual
LTM Lesson 3 – Use Secure Network Address Translation

NOTES
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
Exercise – Configure SNAT Auto Map

Task 1 – Test Behavior without SNAT

Open the HTTP virtual server and examine what the back-end web server sees as the client IP address.

At the CLI copy and paste the following TMSH commands. (NOTE: Use the PBC copy and paste guide
tmsh create ltm pool http_pool members add { 10.1.20.11:80 { address 10.1.20.11 } 10.1.20.12:80 { address
10.1.20.12 } 10.1.20.13:80 { address 10.1.20.13 } }
tmsh create ltm virtual http_virtual destination 10.1.10.20:80 ip-protocol tcp profiles add { tcp { } } pool
http_pool
tmsh modify net self 10.1.10.240 allow-service add { tcp:22 tcp:443 }
→NOTE: Notice the highlighted additional syntax in the TMSH statement for creating the virtual server.
Assigning a TCP profile will automatically make the virtual server a Standard virtual server.
Open the Local Traffic > Virtual Servers > Virtual Server List page and examine http_virtual.
Question:
Standard
What is the virtual server Type of http_virtual? _________________________
The additional TMSH syntax is what changed the virtual server from a Performance (Layer 4) virtual server to
a Standard virtual server.
Use a new tab to access http://10.1.10.20.
Review the Request Details and examine the Client IP address/port.
Questions:
10.1.10.199
What is the Client IP address? __________________________
windows jumpbox
Which device is configured with this IP address? ____________________________
Task 2 – Use SNAT Auto Map with the Virtual Server

Update http_virtual by enabling SNAT Automap.
In the Configuration Utility tab click http_virtual.

In the Configuration section, from the Source Address Translation list select Auto Map. and then
click Update.
In the F5 vLab Test Web Site tab use Ctrl + F5 several times.
Questions:
10.1.20.240
What is the Client IP address? __________________________
BIGIPA _ internal self ip

Which device is configured with this IP address? ____________________________
Close the F5 vLab Test Web Site tab.

(NOTE: Use the PBC copy and paste guide or the PBC -Workbook on the Windows desktop.)
exit

Task 1 – Test Behavior without SNAT
Q: What is the virtual server Type of http_virtual?
A: Standard
Q: What is the client IP address?

A: 10.1.10.199
Q: Which device is configured with this IP address?

A: The Windows Jumpbox workstation
Task 2 – Use SNAT Auto Map with the Virtual Server

Q: What is the client IP address?
A: 10.1.20.240
Q: Which device is configured with this IP address?

A: The BIG-IP system (the internal self IP address)
LTM Lesson 4- Configure Pool Settings
LTM Lesson 4 – Configure Pool Settings

NOTES
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
Exercise – Use Pool Settings

Task 1 – Verify Pool Statistics

View the pool statistics, and then reset all statistics.

tmsh create ltm pool http_pool members add { 10.1.20.11:80 { address 10.1.20.11 } 10.1.20.12:80 { address
10.1.20.12 } 10.1.20.13:80 { address 10.1.20.13 } }
http_pool
Open a New incognito window (Chrome).
Click the iMacros button, and in the iMacros pane select web traffic.iim.
In the Max field type 20, and then click Play (Loop).
This macro simulates requests for several URLs within the web application.
Once the macro completes click the BIGIP_A bookmark, and then log in as admin / admin.F5demo.com
Open the Local Traffic > Pools > Statistics page, and then expand http_pool.
Question:
12
Were the connections distributed evenly between the three pool members? ________
Select the http_pool checkbox, and then click Reset to reset the statistics for the pool and all three
pool members.
Task 2 – Configure Ratio Member Load Balancing

Update http_pool by changing the load balancing method to Ratio (member), and then assign ratio values to the
pool members.
Navigate to Local Traffic > Pools and right-click on Pool List and select Open link in new tab, and then in the
new tab click the 3 link in the Members column.
From the Load Balancing Method list select Ratio (member), and then click Update.
In the Current Members section click 10.1.20.11:80.

Set the Ratio value to 5, then click Update, and then return to the Members page.
Click 10.1.20.12:80, then set the Ratio value to 2, then click Update, and then return to the Members page.
Open a New incognito window (Chrome) and click the iMacros button.
In the iMacros pane select web traffic.iim, then n the Max field type 20, and then click Play (Loop). Once the
iMacro has completed close the Chrome window.
In the Configuration Utility, on the Pools > Statistics tab click Refresh, and then expand http_pool.
Questions:
Were the connections distributed evenly? _____________
120,26,26
Were the connections distributed using a 5 – 2 – 1 ratio? _____________
Close the tab, and on the Pool List page from the Load Balancing Method list select Round Robin, and then
click Update.
Task 3 – Enable Priority Group Activation

Update http_pool by enabling priority group activation, and then assign priority values to the different pool
members. Use TMSH to add two additional members to the pool.
From the Priority Group Activation list select Less than.

In the Available Member(s) field enter 2, and then click Update.
In the Current Members section click 10.1.20.11:80.

Set the Priority Group value to 8, then click Update, and then return to the Members page.
Select the remaining two pool member and update each using the following information.
(NOTE: Click Members after each update to return to the Members page.)
Member Priority Group
10.1.20.12: 80 8
10.1.20.13: 80 4
In PuTTY, at the CLI copy and paste the following TMSH command.
tmsh modify ltm pool http_pool members add { 10.1.20.14:80 { address 10.1.20.14 priority-group 4 }
10.1.20.15:80 { address 10.1.20.15 priority-group 3 } }
In the Configuration Utility reload the Members page.
Use a new tab to access http://10.1.10.20, and then use Ctrl+F5 several times.
Question:
10.1.20.11 and 10.1.20.12
Which pool members are supplying content for the request? __________________________
On the Members tab select the 10.1.20.11:80 checkbox, then click Disable and then in the F5 vLab Test Web Site
tab use Ctrl+F5 several times.
Question:
Node 2,3 and 4
With priority group activation set to 2 members, why are there now three pool members
supplying content?
___________________________________________________________________________
On the Members tab disable pool member 10.1.20.13:80, and then in the F5 vLab Test Web Site tab
use Ctrl+F5 several times.
Question:
Node2 and 4
On the Members tab disable pool member 10.1.20.12:80, and then in the F5 vLab Test Web Site tab
use Ctrl+F5 several times.
Content is supplied from pool members 10.1.20.14:80 and 10.1.20.15:80. Using priority group activation
ensures we always have at least two pool members available to fulfill user requests.
On the Members tab select the 10.1.20.11:80 and 10.1.20.13:80 checkboxes, then click Enable, and then in
the F5 vLab Test Web Site tab use Ctrl+F5 several times.
For the first few reloads content is supplied from 10.1.20.15:80 because the connections had yet to close.
Eventually content is supplied from 10.1.20.11:80, 10.1.20.13:80, and 10.1.20.14:80 only.
On the Members tab re-enable pool member 10.1.20.12:80, and then in the F5 vLab Test Web Site tab use Ctrl+F5
several times.
After reloading several times all content is supplied from 10.1.20.11:80 and 10.1.20.12:80 only.
Close the F5 vLab Test Web Site tab.

In PuTTY, at the CLI copy and paste the following TMSH commands.
exit

Task 1 – Verify Current Pool Statistics
Q: Were the connections distributed evenly between the three pool members?
A: Yes
Task 2 – Configure Ratio Member Load Balancing

Q: Were the connections distributed evenly?
A: No
Q: Were the connections distributed using a 5 – 2 – 1 ratio?

A: Yes
Task 3 – Enable Priority Group Activation

Q: Which pool members are supplying content for the request?
A: 10.1.20.11:80 and 10.1.20.12:80
A: 10.1.20.12:80, 10.1.20.13:80, and 10.1.20.14:80
Q: With priority group activation set to 2 members, why are there now three pool members
supplying content?
A: BIG-IP LTM enables all the members of the next highest priority group. There are two pool
members in priority group 4.

A: 10.1.20.12:80, 10.1.20.14:80, and 10.1.20.15:80
LTM Lesson 5 – Use Health Monitors

NOTES
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
Exercise – Use Health Monitors

Task 1 – Assign a Default Monitor for all Nodes

Assign the BIG-IP system default icmp monitor as the default monitor for all nodes.

tmsh create ltm pool http_pool members add { 10.1.20.11:80 { address 10.1.20.11 priority-group 8 ratio 5 }
10.1.20.12:80 { address 10.1.20.12 priority-group 8 ratio 2 } 10.1.20.13:80 { address 10.1.20.13 priority-
group 4 } 10.1.20.14:80 { address 10.1.20.14 priority-group 4 } 10.1.20.15:80 { address 10.1.20.15 priority-
group 3} }
http_pool
exit
Notice the status of all nodes is unknown.
Open the Default Monitor page.
Select icmp from the Available list, then click <<, and then click Update.
Open the Node List page and place your mouse over the Status indicators.
All nodes are currently marked available by the icmp monitor.
Task 2 – Create a Custom HTTP Monitor

Create a custom HTTP monitor that requests a specific web page from the pool member and that verifies a specific
text string is returned in the HTTP response, and then assign it to http_pool.
Open the Pool List page, and then for the http_pool row click the 5 link in the Members column.
Examine the Status of the listed members.
Question:
No
Will BIG-IP LTM distribute traffic to pool members that are Unknown? _____________
Open the Local Traffic > Monitors page and click Create.
Create a monitor using the following information, and then click Finished.
Name custom_http_monitor
Type HTTP
Interval 3
Timeout 10
Send String GET /HealthCheck.html\r\n
Receive String SERVER_UP
Receive Disable String SERVER_DOWN
Open the Pool List page and click http_pool.

For Health Monitors select custom_http_monitor, then click <<, and then click Update.
Open the Members page.
Question:
Available state
What is the state of the pool members now? ____________________
Task 3 – Examine the Network Map

View the status of virtual server, pool, pool members, and nodes using the Network Map.
Open the Local Traffic > Network Map page.

The network map opens in a new page.
The virtual server, pool, and all five pool members display available.
Click on each pool member, and then in the right panel click the node address to view the status of
each node.
All five nodes also display available. This means that they are all sending ICMP responses.
Task 4 – View the Effects of Using Monitors

Make changes to the web site on the LAMP image and view how the changes affect the Network Map.
Open PuTTY and open the LAMP saved session, and then log in as root / default.
Access and view the web server files on 10.1.20.11:80 by typing:
cd /var/www/server/1
ls
This is the directory is used for pool member 10.1.20.11:80. The HealthCheck.html web page currently exists
on this pool member.
To rename the HealthCheck.html page type:

mv HealthCheck.html NewHealthCheck.html
ls
There is no longer a HealthCheck.html web page on pool member 10.1.20.11:80.

On the Network Map tab reload the page.
Hover over each pool member icon.

- The virtual server and pool display available.
- Pool member 10.1.20.11:80 displays offline and was marked down by a monitor. The remaining four pool
members display available.
Click on pool member 10.1.20.11:80, and then in the right panel click the node address to view the node status.
- The node 10.1.20.11 displays available.
In PuTTY, to change contents of the HealthCheck.html web page on 10.1.20.12:80 type:
cd ../2 (NOTE: There is a space after “cd”)
vi HealthCheck.html
This directory is used by pool member 10.1.20.12:80.

Use the ↓ key to move the cursor to the SERVER_UP line.
Use the → key to move the cursor to highlight the U in the word UP.
Type X twice to delete the word UP.
To save and quit visual editor type:
:wq (followed by the Enter key)
The text string SERVER_UP will no longer be found in HealthCheck.html on 10.1.20.12:80.
On the Network Map tab reload the page, and hover over each pool member icon.
- The virtual server and pool still display available.
- Pool member 10.1.20.12:80 now displays offline and was marked down by a monitor. The remaining three
pool members display available.
In PuTTY, to force disable pool member 10.1.20.13:80 by modifying the contents of the HealthCheck.html web
page type:
vi HealthCheck.html

Use the → key to move the cursor to highlight the U in the word UP.
Type X twice to delete the word UP.
Type an “i” to enter insert mode.
Type DOWN, and the press the ESC key.
The text string SERVER_UP has been replaced by SERVER_DOWN in HealthCheck.html on 10.1.20.13:80.

- Pool member 10.1.20.13 now displays available, but disabled due to a monitor. The remaining two pool
members display available.
Use the Pool List tab (the first tab) to open the Node List page, then select the 10.1.20.14 checkbox, and then
click Force Offline.

- Pool member 10.1.20.14:80 now displays offline because the parent is down. Pool member 10.1.20.15:80
displays available.
- Node 10.1.20.14 now displays forced offline.
In PuTTY, to delete the IP address 10.1.20.15 type:
ip addr del 10.1.20.15/24 dev eth1
This removes the IP address from node 5. BIG-IP LTM will no longer receive ICMP responses from this node.
Use a new tab and access http://10.1.10.20.
The web page fails to display.
On the Network Map tab reload the page, and then hover over each pool member icon.
- The virtual server and pool display available but disabled by parent. Child pool members might be disabled.
- Node 10.1.20.15 now displays offline because no successful ICMP responses were received before the
deadline.
On the Node List tab select the 10.1.20.14 checkbox, and then click Enable.
In PuTTY, to replace the text string in the HealthCheck.html web page on 10.1.20.13:80 type:
vi HealthCheck.html
Use the ↓ key to move the cursor to the SERVER_DOWN line.

Use the → key to move the cursor to highlight the D character.
Type X to delete the word DOWN.
Type an “i” to enter insert mode, then type UP, and the press the ESC key.
In the 10.1.10.20 failed page tab use Ctrl+F5 several times.

The page displays, with page elements coming from 10.1.20.13:80 (Node #3) and 10.1.20.14:80 (Node #4).
Because pool members 10.1.20.13:80 and 10.1.20.14:80 are now available, the virtual server and pool once
again display available.
In PuTTY, to replace the text string in the HealthCheck.html web page on 10.1.20.12:80 type:
vi HealthCheck.html

Use the → key to move the cursor to highlight the < character.
Type an “i” to enter insert mode, then type UP, and the press the ESC key.
To replace the HealthCheck.html web page on 10.1.20.11:80 type:

cd ../1
mv NewHealthCheck.html HealthCheck.html
Close PuTTY.
In the F5 vLab Test tab use Ctrl+F5 several times, and then close the tab.
The page displays, with page elements coming from all pool members except for 10.1.20.15:80.
- Pool members 10.1.20.11:80 and 10.1.20.12:80 display available. All pool members are now available except
for 10.1.20.15:80.
Close the Network Map tab.

At the CLI copy and paste the following TMSH commands.
tmsh delete ltm monitor http custom_http_monitor
tmsh modify ltm default-node-monitor rule none
exit

Task 2 – Create a Custom HTTP Monitor
Q: Will BIG-IP LTM distribute requests to pool members that are unknown?
A: Yes
Q: What is the state of the pool members now?

A: Available
LTM Lesson 6 – Use Profiles

NOTES
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
Exercise – Use HTTP and Stream Profiles

Task 1 – Create a Custom HTTP Profile

Create a custom HTTP profile, and then add it to http_virtual.

tmsh modify ltm default-node-monitor rule icmp
tmsh create ltm monitor http custom_http_monitor interval 3 timeout 10 recv "SERVER_UP" recv-disable
"SERVER_DOWN" send "GET /HealthCheck.html\r\n"
group 3} } monitor custom_http_monitor
http_pool
Open the Local Traffic > Profiles > Services page, and then on the HTTP profiles page click Create.
Create an HTTP profile using the following information, and then click Finished. (NOTE: You need to click
the Custom check box on the right-side of the page for each setting you’re going to configure.)
Also note that the current inherited setting for Enforcement > Maximum Header Size is 32768 bytes.
Name custom_http_profile
Fallback Host https://www.f5.com
Fallback on Error Codes 404
Request Header Insert Operating-System:Win7Pro
Response Headers Allowed Content-Type Set-Cookie Location
Insert X-Forwarded-For Enabled
Maximum Requests 50
Task 2 – Update the Default HTTP Profile

Update the BIG-IP system default http profile, and then examine which values were inherited
by custom_http_profile.
On the Profiles: Services: HTTP page click http.

Update the profile using the following information, and then click Update.
Settings > Maximum Requests 30
Enforcement > Maximum Header Size 16384
Return the Profiles: Services: HTTP page and click custom_http_profile.
Questions:
No
Did the custom profile inherit the Maximum Requests setting? _______________
No
Did the custom profile inherit the Maximum Header Size setting? ________________
Task 3 – Add the Custom HTTP Profile to a Virtual Server

Add custom_http_profile to http_virtual.
Use a new tab to access http://10.1.10.20.

In the HTTP Request and Response Information section click Request and Response Headers, and
then leave this tab open for the rest of this task.
In the Configuration Utility tab open the Virtual Server List page and click http_virtual.
In the Configuration section, from the HTTP Profile (Client) list select custom_http_profile, and then click Update.
Use another new tab to access http://10.1.10.20, and then click the Request and Response Headers link.
Using both tabs examine the different Request Headers Received at the Server sections.
Question:
Which header(s) are on the second tab only? ____________________________________
10.1.10.199
On the second tab what is the X-Forwarded-For value? _________________________
Using both tabs examine the different Response Headers delivered to the Client sections.
Because of the custom HTTP profile, BIG-IP LTM removed several sensitive response headers from
the HTTP response.
In the second tab edit the URL to http://10.1.10.20/badpage.php.
Questions:
redirect to www.f5.com
What was the result of this request? ________________
fallback host
Why were you redirected to f5.com? ___________________________________
Close the F5.com and F5 vLab Test Web Site tabs.

Use TMSH to create an HTTP profile
There are several options available when creating an HTTP profile. This is the TMSH syntax for creating the
HTTP profile from task 1.
tmsh create ltm profile http PROFILE_NAME fallback-host FALLBACK_HOST_URL fallback-status-code
{ STATUS_CODE(S) } enforcement { max-requests NUM_MAX_REQUESTS } insert-xforwarded-for enabled/disabled response-
headers-permitted { RESPONSE_HEADER_LIST }
Let’s try it!
Once again, remember that order matters. In this example we must first create the custom HTTP profile first,
and then add the profile to a virtual server.
tmsh create ltm pool port_8081_pool members add { 10.1.20.11:8081 { address 10.1.20.11 } 10.1.20.12:8081 {
address 10.1.20.12 } 10.1.20.13:8081 { address 10.1.20.13 } } monitor custom_http_monitor
tmsh create ltm profile http port_8081_profile fallback-host https://www.speedguide.net/port.php?port=8081
fallback-status-codes add {404 500-505 } enforcement { max-requests 200 } header-erase User-Agent header-
insert Port-8081-Virtual:10.1.10.20 insert-xforwarded-for enabled response-headers-permitted add { Date }
tmsh create ltm virtual port_8081_virtual destination 10.1.10.20:8081 ip-protocol tcp profiles add { tcp { }
port_8081_profile } pool port_8081_pool
In the Configuration Utility open the Local Traffic > Profiles > Services page, then on the HTTP profiles page
click port_8081_profile, and then examine the properties of the new profile.
Open a new tab and access http://10.1.10.20:8081, and click the Request and Response Headers link.
You should notice several things:
* There is no User-Agent request header.
* There is a custom request header named Port-8081-Virtual:10.1.10.20.
* The X-Forwarded-For value is included.
* Other than the connection and content-type headers, only the date response header is sent back to
the client.
Edit the URL to http://10.1.10.20:8081/badpage.php.
Because of the fallback on error codes, we’ve been redirected to a specific port 8081 web site.
Close the tab.
Task 4 – Create and Use a Stream Profile

Create a custom stream profile that will find occurrences of the customer’s previous name and replace it with their
updated company name.
Open Internet Explorer and access http://10.1.10.20, and then in the Content Examples on this Host section
click Stream Profile Example.
This page has several references to the company’s previous name, Lorax Bank (including in the page title that
displays on the tab). You will update the company name using a stream profile on BIG-IP LTM without requiring
making manual updates of web pages across multiple web servers.
In the Configuration Utility open the Local Traffic > Profiles > Other > Stream page and click Create.
Create a stream profile using the following information, and then click Finished. (NOTE: You need to click the
Custom check box on the right-side of the page for each setting.)
Name custom_stream
Source Lorax Bank
Target Lorax Investments
Open the Virtual Server List page and click http_virtual.

From the Configuration list select Advanced.
From the Stream Profile list select custom_stream.
In the Acceleration section, from the HTTP Compression Profile list select httpcompression, and then
click Update.
In the F5 vLab Test Web Site page type Ctrl+F5.
The stream profile replaced all occurrences of the string Lorax Bank with Lorax Investments, including the page
title that displays on the tab.
Close Internet Explorer.

tmsh delete ltm virtual port_8081_virtual
tmsh delete ltm pool port_8081_pool
tmsh delete ltm profile http port_8081_profile
tmsh delete ltm profile http custom_http_profile
tmsh delete ltm profile stream custom_stream
exit

Task 2 – Update the Default HTTP Profile
Q: Did the custom profile inherit the Maximum Requests setting?
A: No
Q: Did the custom profile inherit the Maximum Header Size setting?
A: Yes
Task 3 – Add the Custom HTTP Profile to a Virtual Server

Q: Which headers are on the second tab only?
A: X-Forwarded-For and Operating-System
Q: On the second tab, what is the X-Forwarded-For value?

A: 10.1.10.199
Q: What was the result of this request?

A: The request was redirected to the F5 Networks web site.
Q: Why were you redirected to f5.com?

A: The page resulted in a 404 error code response, which the custom HTTP profile is configured
to use to redirect to the fallback host, which was configured as https://www.f5.com.
LTM Lesson 7 – Use Persistence Profiles

NOTES
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
Exercise – Use Source Address and Cookie Persistence

Task 1 – Create and Use a Source Address Persistence Profile

Create a custom source address persistence profile and add it to http_virtual.

tmsh modify sys db ui.statistics.modulestatistics.localtraffic.persistencerecords value true
tmsh create ltm profile http custom_http_profile fallback-host https://www.f5.com fallback-status-codes add
{404 } enforcement { max-requests 50 } header-insert Operating-System:Win7Pro insert-xforwarded-for enabled
response-headers-permitted add { Content-Type Set-Cookie Location }
tmsh create ltm profile stream custom_stream source "Lorax Bank" target "Lorax Investments"
tmsh create ltm virtual http_virtual destination 10.1.10.20:80 ip-protocol tcp profiles add { tcp { } }
source-address-translation { type automap } pool http_pool
Open the Local Traffic > Profiles > Persistence page and click Create.
Create a persistence profile using the following information, and then click Finished. (NOTE: You need to click
the Custom check box on the right-side of the page for each setting you’re going to configure.)
Name custom_source_address
Persistence Type Source Address Affinity
Timeout 30 seconds
Prefix Length Specify: IPv4 : 24
Open the Virtual Server List page and click http_virtual.

Open the Resources page.
From the Default Persistence Profile list select custom_source_address, and then click Update.
Use a new tab to access http://10.1.10.20, and then use Ctrl+F5 several times.
Questions:
No
Are responses coming from one or several pool members? ______________________
10.1.20.12
Which pool member is supplying the content for this request? ____________________
Wait over 45 seconds, and then use Ctrl+F5 to reload the page again.
Questions:
No
Was the same pool member used for this request? _______________
30 s Timeout
Why or why not? _________________________________________________________
In the Configuration Utility tab open the Statistics > Module Statistics > Local Traffic page.
From the Statistics Type list select Persistence Records.
There is a persistence record for 10.1.10.0.
Task 2 – Share a Source Address Persistence Record

Modify custom_source_address so that two different workstations will share the same persistence record.
Open your class application portal.

For the LAMP server image click Console, and then leave the Xubuntu user account selected and click Login.
On the LAMP desktop open Firefox and access http://10.1.10.20, and then reload the page several times, and then
close Firefox.
On the Windows workstation reload the http://10.1.10.20 page several times, and then close the tab.
In the Configuration Utility, on the Persistence Records page click Refresh.
There are now two persistence records, one for 10.1.10.0 and one for 10.1.20.0.
Open the Local Traffic > Profiles > Persistence page and then click custom_source_address.
Modify the Timeout value to 200 seconds.
Modify the Prefix Length to 16, and then click Update.
On the LAMP desktop open Firefox and access http://10.1.10.20.
On the Windows workstation open Internet Explorer and access http://10.1.10.20.
Questions:
Did the two different browsers use the same pool member? _______________
Why or why not? _________________________________________________________
In the Configuration Utility open the Statistics > Module Statistics > Local Traffic page, and then from
the Statistics Type list select Persistence Records.
Question:
What is/are the value(s) of the persistence records? ______________________________
Close Internet Explorer, and then close the LAMP server window.
Task 3 – Create and Use a Cookie Persistence Profile

Create a custom cookie persistence profile, and then add it in place of the source address persistence profile.
Open the Local Traffic > Profiles > Persistence page and click Create.
Create a persistence profile using the following information. (NOTE: You need to click the Custom check box on the
right-side of the page.)
Name custom_cookie
Persistence Type Cookie
Cookie Name lorax_cookie
Question:
session cookie
What is the default Expiration value? ____________________
Click Finished.
Open the Virtual Server List page and click http_virtual, and then open the Resources page.
From the Default Persistence Profile list select custom_cookie, and then click Update.
Questions:
No
Was the update successful? _______________
Persistence require HTTP

Why or why not? _________________________________________________________
Open the Properties page, then from the HTTP Profile (Client) list select custom_http_profile, and then
click Update.
Open the Resources page, then from the Default Persistence Profile list select custom_cookie, and
then click Update.
Open a new tab and access http://10.1.10.20, then use Ctrl+F5 several times.
In the HTTP Request and Response Information section click Request and Response Headers, then examine
the Cookie header value.
Question:
What pool member are you persisting to? _______________
Open an InPrivate Browsing window (IE) and access http://10.1.10.20, then use Ctrl+F5 several times.
Questions:
10.1.20.13
Did the two different sessions use the same pool member? _______________
Cookie
Why or why not? _________________________________________________________
Close the Internet Explorer page and the F5 vLab Test Web Site tab.
In the Configuration Utility open the Statistics > Module Statistics > Local Traffic page, then from
the Statistics Type list select Persistence Records.
Questions:
No
Is there a persistence record for this session? _______________
Cookie
Why or why not? _________________________________________________________

tmsh delete ltm persistence source-addr custom_source_address
tmsh delete ltm persistence cookie custom_cookie
exit

Task 1 – Create a Source Address Persistence Profile
Q: Are responses coming from one or several pool members?
A: One
Q: Which pool members are supplying content for this request?

A: Answers will vary.
Q: Was the same pool member used for this request?

A: No
Q: Why or why not?

A: The persistence record timed out after 30 seconds.
Task 2 – Share a Source Address Persistence Record

Q: Did the two different browsers use the same pool member?
A: Yes
Q: Why or why not?

A: They are in the same 16 digit IPv4 prefix.
Q: What is/are the value(s) of the persistence records?

A: 10.1.0.0
Task 3 – Create a Cookie Persistence Profile
Q: What is the default Expiration value?
A: Session Cookie
Q: Was the update successful?

A: No
Q: Why or why not?

A: Cookie persistence requires an HTTP profile.
Q: What pool member are you persisting to?

A: Answers will vary.
Q: Did the two different browsers use the same pool member?
A: No
Q: Why or why not?

A: Each browser used a different session, which required a different session cookie.
Q: Is there a persistence record for this session?

A: No
Q: Why or why not?

A: Persistence records are not needed for cookie persistence.
LTM Lesson 8 – Use SSL Bridging and SSL Offload

NOTES
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
Exercise – Use SSL Bridging and SSL Offload

Task 1 – Use TMSH to Create an HTTPS Pool and Virtual Server

Use TMSH to create an HTTPS pool and virtual server, and then view how requests are currently being handled
through the new virtual server.

tmsh modify sys db ui.statistics.modulestatistics.localtraffic.persistencerecords value true
tmsh create ltm profile http custom_http_profile fallback-host https://www.f5.com fallback-status-codes add
{404 } enforcement { max-requests 50 } header-insert Operating-System:Win7Pro insert-xforwarded-for enabled
response-headers-permitted add { Content-Type Set-Cookie Location }
tmsh create ltm profile stream custom_stream source "Lorax Bank" target "Lorax Investments"
tmsh create ltm persistence source-addr custom_source_address timeout 200 mask 255.255.0.0
tmsh create ltm persistence cookie custom_cookie cookie-name lorax_cookie
http_pool
To create an HTTPS pool and virtual server, at the CLI copy and paste) the following TMSH commands.
tmsh create ltm monitor https custom_https_monitor interval 5 timeout 16 recv "FSE vLab Test Web Site" send
"GET /index.php\r\n"
tmsh create ltm pool https_pool members add { 10.1.20.11:443 { address 10.1.20.11 } 10.1.20.12:443 { address
10.1.20.12 } 10.1.20.13:443 { address 10.1.20.13 } } monitor custom_https_monitor
tmsh create ltm virtual https_virtual destination 10.1.10.30:443 ip-protocol tcp profiles add { tcp { } } pool
https_pool
Use Internet Explorer to access https://10.1.10.30 and click More information, and then continue to the webpage.
Questions:
SSL
Which protocol is listed in your browser’s URL field? ________________________________
In the Request Details, what information is listed after Pool member address/port?
443
_____________________________________
No
Is the connection between the client and BIG-IP LTM using SSL? _____________
Yes
Is the connection between BIG-IP LTM and the pool member using SSL? _____________
Click Certificate Error.
Click View certificates.
Questions:
xubuntu
Who was this certificate issued by? ____________________
Yes
Is this a trusted certificate? _____________
Click OK.
Task 2 – Import an SSL Certificate and Key

Import the vlab.f5demo.com.2019 certificate and key, and then import the entrust_chain certificate chain.
In the Configuration Utility open the System > Certificate Management > Traffic Certificate Management >
SSL Certificate List page and click Import.
From the Import Type list select Certificate.
In the Certificate Name field type lorax_cert, and then click Choose File.
Navigate to the Documents\Exercise Files folder, then select the vlab.f5demo.com.2019.com file,
then click Open, and then click Import.
Click Import again, and then from the Import Type list select Key.
In the Key Name field type lorax_cert, and then click Choose File.
Select the vlab.f5demo.com.2019.key file and click Open, and then click Import.
Click Import again, and then from the Import Type list select Certificate.
In the Certificate Name field type lorax_chain, and then click Choose File.
Select the entrust-chain.txt file and click Open, and then click Import.
Task 3 – Create a Client SSL Profile

Create a new client SSL profile using the lorax_cert certificate and key and lorax_chain.
Open the Local Traffic > Profiles > SSL > Client page and click Create.
Name the profile lorax_client_ssl.
For Certificate Key Chain select the Custom checkbox, and then click Add.
Use following information: (NOTE: Copy and paste the pass phrase.)
Certificate lorax_cert
Key lorax_cert
Chain lorax_chain
Pass Phrase vlab demo 2019
Click Add.
Click Finished.
Task 4 – Add Cookie Persistence to the HTTPS Virtual Server

Attempt to add custom_cookie to https_virtual and verify the results.
Open the Virtual Server List page and click https_virtual.

From the HTTP Profile (Client) list select custom_http_profile, and then click Update.
Open the Resources page, then from the Default Persistence Profile list select custom_cookie, and
then click Update.
Reload the F5 vLab Test Web Site page in Internet Explorer.
Questions:
No
Did the web page display? _____________
HTTP_Profile
Why or why not? _______________________________________________________
Task 5 – Enable SSL Bridging with the HTTPS Virtual Server

Enable SSL bridging on https_virtual and verify the results.
In the Configuration Utility, for https_virtual open the Properties page.

From the SSL Profile (Client) list select lorax_client_ssl, and then click <<.
From the SSL Profile (Server) list select serverssl, then click <<, and then click Update.
In Internet Explorer, edit the URL to https://ssl.vlab.f5demo.com, and then use Ctrl + F5 several times.
The Windows workstation hosts file has an entry for 10.1.10.30 for the host name ssl.vlab.f5demo.com.
Questions:
Yes
Did the web page display? _____________
SSL
Which protocol is listed in your browser’s URL field? ____________________
443
_____________________________________
Yes
Yes
Yes
Is cookie persistence working? _____________
Click the lock icon, and then click View certificates.
Question:
vlab.f5demo.com
Who was this certificate issued by? _____________________________
No
Is this a trusted certificate? _____________
Click OK.
Task 6 – Enable SSL Offload with the HTTPS Virtual Server

Enable SSL offload on https_virtual and verify the results.
In the Configuration Utility, on the https_virtual page, from the SSL Profile (Server) list select serverssl,
then click >> and then click Update
Open the Resources page, then from the Default Pool list select http_pool, and then click Update.
In Internet Explorer use Ctrl + F5 several times.
Questions:
Which protocol is listed in your browser’s URL field? ____________________
_____________________________________
Close Internet Explorer.

tmsh delete ltm virtual https_virtual
tmsh delete ltm pool https_pool
tmsh delete ltm monitor https custom_https_monitor
tmsh delete ltm profile client-ssl lorax_client_ssl
tmsh delete ltm persistence source-addr custom_source_address
tmsh delete ltm persistence cookie custom_cookie
exit

Task 1 – Use TMSH to Create an HTTPS Pool and Virtual Server
Q: Which protocol is listed in your browser’s URL field?
A: https
Q: In the Request Details, what information is listed after Pool member address/port?
A: 10.1.20.X:443
Q: Is the connection between the client and BIG-IP LTM using SSL?
A: Yes
Q: Is the connection between BIG-IP LTM and the pool member using SSL?
A: Yes
Q: Who was this certificate issued by?

A: Entrust Certification Authority
Q: Is this a trusted certificate?

A: No
Task 4 – Add Cookie Persistence to the HTTPS Virtual Server

Q: Did the web page display?
A: No
Q: Why or why not?

A: The BIG-IP system didn’t decrypt the request and was unable to perform HTTP-level functions.
Task 5 – Enable SSL Bridging with the HTTPS Virtual Server

Q: Did the web page display?
A: Yes
A: https
A: 10.1.20.X:443
A: Yes
A: Yes
Q: Is cookie persistence working?

A: Yes
Q: Who was this certificate issued by?

A: xubunu (The LAMP server)
Q: Is this a trusted certificate?

A: Yes
Task 6 – Enable SSL Offload with the HTTPS Virtual Server

A: https
A: 10.1.20.X:80
A: Yes
A: No
DNS Lesson 1 – DNS Review and Deployment Options
BIG-IP DNS
DNS Lesson 1 – DNS Review and Deployment Options
NOTES
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
DNS Lesson 2 – BIG-IP DNS Services

NOTES
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
Exercise – Examine DNS Services

Task 1 – Renew the Device Certificate

Renew the system-supplied device certificates on bigipA.f5demo.com.

Open Chrome and click the BIGIP_A bookmark and log in as admin / admin.F5demo.com
Open the System > Resource Provisioning page and note that Global Traffic (DNS) is already provisioned.
Open the System > Certificate Management > Device Certificate Management > Device Certificate page and
click Renew.
Edit the certificate properties using the following information, and then click Finished.
Common Name bigipA.lorax.com
Division IT
Organization Lorax Investments
Country United States
Lifetime 3650
The BIG-IP Configuration Utility is redirected.
Open the Network > Self IPs page and click 10.1.10.240, then add TCP port 4353, and then click Update.
Task 2 – Create a DNS Profile, a DNS Pool, and a DNS Listener

Create a DNS profile, a pool of DNS servers, and a DNS listener.
Open the DNS > Delivery > Profiles > DNS page and click Create.
Name the new profile custom_dns_profile and accept all default settings, and then click Finished.
Open the DNS > Delivery > Load Balancing >Pools > Pool List page and click Create.
Create a pool of DNS servers using the following information, and then click Finished.
Name bind_pool
Health Monitors udp
Members 10.1.20.11:53
10.1.20.12:53
Open the DNS > Delivery > Listeners > Listener List page and click Create.
Create a DNS listener using the following information, and then click Finished.
Name custom_dns_listener
Listener Advanced
Listener: Destination: Host Address: 10.1.10.230
Listener: Address Translation Enabled
Service: DNS Profile custom_dns_profile
Load Balancing: Default Pool bind_pool
Open a command prompt and type:

dig @10.1.10.230 app3.f5demo.com
app3.f5demo.com is resolved to 10.1.20.16.

In the command prompt type:
dig @10.1.10.230 dvwa.f5demo.com
dig @10.1.10.230 server2.f5demo.com
dvwa.f5demo.com is resolved to 10.1.20.17, and server2.f5demo.com is resolved to 10.1.20.12.

In the Configuration Utility open the DNS > Delivery > Load Balancing > Pools > Statistics page, and then click + to
expand bind_pool.
Question:
Yes
Were DNS requests forwarded to the back-end BIND servers? _____________________
Reset the statistics for all pools and pool members.
Task 3 – Create a DNS Express Zone

Configure a DSN Express zone, which will pull a zone transfer from the external DNS server., and then use PuTTY
and the dig command to test that the DNS zone transfer was successful and that the BIG-IP system is now
answering DNS requests
Open the DNS > Delivery > Profiles > DNS page and click custom_dns_profile.
Question:
Enabled
Is DNS Express enabled or disabled by default? _____________________
Open the DNS > Delivery > Nameservers > Nameserver List page and click Create.
Create a name server using the following information, and then click Finished.
Name f5demo.com
Address 10.1.20.252
Open the DNS > Zones > Zones > Zone List page and click Create.
Create a DNS Express zone using the following information, and then click Finished.
Name f5demo.com
DNS Express: Server f5demo.com
Zone Transfer Clients: Nameservers f5demo.com
Open PuTTY and open the BIGIP_A saved session and log in as root / default.F5demo.com, and then resize
the PuTTY window to about twice its default width.
At the CLI, type:
tail –f /var/log/ltm
There is a line at the end of the log file regarding the scheduling of and transferring of zone files for
f5demo.com from 10.1.20.252.
Type Ctrl+C, and then type:

dnsxdump | more
This displays the DNS names that were transferred to the BIG-IP system.
Use the Enter key to scroll through the list, and then type Q.
In the Configuration Utility open the DNS > Zones > Zones > Statistics page.
There are no response statistics.
In the command prompt type:
dig @10.1.10.230 server5.f5demo.com
dig @10.1.10.230 cert.f5demo.com
In the Configuration Utility on the Zones statistics page click Refresh.

There are now two responses.
Open the DNS > Delivery > Load Balancing > Pools > Statistics page, and then click + to expand bind_pool.
Questions:
No
Were DNS requests forwarded to the back-end BIND servers? _____________________
10.1.20.11
How are the DNS requests being resolved? ________________________________________
Task 4 – Add a BIG-IP DNS Wide IP

Add a wide IP and attach an iRule to illustrate the precedence a wide IP has over a listener.
Open the DNS > GSLB > iRules page and click Create.
Create a DNS iRule using the following information, and then click Finished.
(NOTE: Use the PBC copy and paste guide or the PBC -Workbook on the Windows desktop.)
Name specific_dns_host
Definition when DNS_REQUEST {
host 10.2.2.2
}
Open the DNS > GSLB > Wide IPs > Wide IP List page and click Create.
Create a wide IP using the following information, and then click Finished.
Name app3.f5demo.com
Type A
iRule List specific_dns_host
In the command prompt repeat the following command:

app3.f5demo.com is now resolved to 10.2.2.2. The wide IP was processed before the DNS listener.
In the Configuration Utility, on the Wide IP List page select the app3.f5demo.com checkbox, and then
click Delete twice.
app3.f5demo.com is once again resolved to 10.1.20.16.

expand bind_pool.
There is still no DNS request traffic being directed to bind_server_pool.
Open the DNS > Delivery > Profiles > DNS page and click custom_dns_profile.
For DNS Express select the Custom checkbox, then select Disabled, and then click Update.
app3.f5demo.com is still resolved to 10.1.20.16.

Close the command prompt.
expand bind_pool.
DNS request traffic is once again being directed to bind_server_pool.

In PuTTY, at the CLI copy and paste the following TMSH commands together. (NOTE: Use the copy and
paste guide on the Windows desktop.)
tmsh delete ltm virtual custom_dns_listener
tmsh delete ltm pool bind_pool
tmsh delete ltm profile dns custom_dns_profile
tmsh delete ltm dns zone f5demo.com
tmsh delete ltm dns nameserver f5demo.com
exit

Task 3 – Create a DNS Profile, Pool, and Listener
Q: Were DNS requests forwarded to the back-end BIND servers?
A: Yes
Task 4 – Configure a DNS Express Zone

Q: Is DNS Express enabled or disabled by default?
A: Enabled
Task 5 – Test DNS Express

Q: Were DNS requests forwarded to the back-end BIND servers?
A: No
Q: How are the DNS requested being resolved?

A: The BIG-IP system is resolving all DNS requests.
DNS Lesson 3 – GSLB – Data Centers and Server Objects

NOTES
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
Exercise – Create Data Center and Server Objects

Task 1 – Create Two Data Centers

On bigipA.f5demo.com, create two data center objects, one for the primary data center in Seattle, the other for
the backup data center in Dallas.

At the CLI copy and paste the following TMSH commands(NOTE: Use the PBC copy and paste guide
tmsh create ltm pool bind_pool members add { 10.1.20.11:53 { address 10.1.20.11 } 10.1.20.12:53 { address
10.1.20.12 } } monitor udp
tmsh create ltm profile dns custom_dns_profile
tmsh create gtm listener custom_dns_listener address 10.1.10.230 pool bind_pool translate-address enabled
profiles add { custom_dns_profile }
tmsh create ltm dns nameserver f5demo.com address 10.1.20.252
tmsh create ltm dns zone f5demo.com dns-express-server f5demo.com transfer-clients add { f5demo.com }
tmsh modify net self 10.1.10.240 allow-service add { tcp:22 tcp:443 tcp:4353 }
Open Chrome and click the BIGIP_A bookmark and in as admin / admin.F5demo.com
Open the DNS> GSLB > Data Centers > Data Center List page and click Create.
Create a data center using the following information, and then click Repeat.
Name Active_DC
Location Seattle, WA
Contact <enter your name>
Create another data center using the following information, and then click Finished.
Name Backup_DC
Location Dallas, TX
Contact <enter your name>
Task 2 – Create a Server Object for bigipA.f5demo.com

Create your first server object for Active_DC, which will represent bigipA.lorax.com.
Open the DNS> GSLB > Servers > Server List page and click Create.
Create a server using the following information, and then click Finished.
Name bigipA.lorax.com
Data Center Active_DC
Devices Click the Add button
Add BIG-IP System Device Device Name: bigipA
Address: 10.1.10.240
Click Add, and then click OK.
Health Monitor bigip
Reload the web page. Within several seconds the status of the server will change to Available (Enabled).
Task 3 – Prepare to Add BIG-IP Server Objects

Use PuTTY on bigipA.f5demo.com to run bigip_add and big3d_install against bigipB.f5demo.com.
Open the DNS> GSLB > Servers > Trusted Server Certificates page.
Question:
For which subjects does BIG-IP DNS have a trusted certificate?
Localhost
_______________________________________________________________________
In PuTTY type the following commands (enter yes when prompted, and default.F5demo.com as the password):
bigip_add 10.1.10.241
big3d_install 10.1.10.241
In the Configuration Utility reload the Trusted Server Certificates page.

Now, which subjects does BIG-IP DNS have a trusted certificate for?
bigipB.lorax.com
_______________________________________________________________________
Task 4 – Create a Second BIG-IP System Server Object

Add bigipB.lorax.com as a server object within the backup data center.
Open the DNS> GSLB > Servers > Server List page and click Create.
Create a server using the following information, and then click Finished.
Name bigipB.lorax.com
Data Center Backup_DC
Devices Click the Add button
Add BIG-IP System Device Device Name: bigipB
Address: 10.1.10.241
Click Add, and then click OK.
Health Monitor bigip
Within several seconds the status of the new server will change to Available (Enabled). You may need to reload
the web page.

tmsh delete gtm server bigipA.lorax.com
tmsh delete gtm server bigipB.lorax.com
tmsh delete gtm datacenter Active_DC
tmsh delete gtm datacenter Backup_DC
exit

Task 3 – Prepare to Add BIG-IP Server Objects
Q: For which subjects does GTM have a trusted certificate?
A: bigipA.lorax.com, localhost.localdomain.
Q: Now, which subjects does GTM have a trusted certificate for?

A: bigipB.lorax.com, bigipA.lorax.com, localhost.localdomain.
DNS Lesson 4 – DNS Virtual Servers, DNS Pools, and Wide IPs
DNS Lesson 4 – GSLB – DNS Virtual Servers, DNS Pools,

and Wide IPs
NOTES
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
________________________________________________________________________________________
Exercise – Use DNS Virtual Servers, DNS Pools, and

Wide IPs
Task 1 – Discover Virtual Servers for BIG-IP Server Objects

Use the Virtual Server Discovery feature to find the virtual servers on bigipA and bigipB.

tmsh create ltm pool bind_pool members add { 10.1.20.11:53 { address 10.1.20.11 } 10.1.20.12:53 { address
10.1.20.12 } } monitor udp
tmsh create ltm profile dns custom_dns_profile
tmsh create gtm listener custom_dns_listener address 10.1.10.230 pool bind_pool translate-address enabled
profiles add { custom_dns_profile }
tmsh create ltm dns nameserver f5demo.com address 10.1.20.252
tmsh create ltm dns zone f5demo.com dns-express-server f5demo.com transfer-clients add { f5demo.com }
tmsh create gtm datacenter Active_DC location "Seattle, WA" contact "Bob Smith"
tmsh create gtm datacenter Backup_DC location "Dallas, TX" contact "Bob Smith"
tmsh create gtm server bigipA.lorax.com datacenter Active_DC monitor bigip devices add { bigipA { addresses
add { 10.1.10.240 } } }
tmsh create gtm server bigipB.lorax.com datacenter Backup_DC monitor bigip devices add { bigipB { addresses
add { 10.1.10.241 } } }
tmsh create ltm pool bigipA_pool_11 members add { 10.1.20.11:80 { address 10.1.20.11 } }
tmsh create ltm pool bigipA_pool_12 members add { 10.1.20.12:80 { address 10.1.20.12 } }
tmsh create ltm virtual bigipA_virtual_11 destination 10.1.10.11:80 ip-protocol tcp profiles add { tcp { } }
pool bigipA_pool_11
tmsh create ltm virtual bigipA_virtual_12 destination 10.1.10.12:80 ip-protocol tcp profiles add { tcp { } }
pool bigipA_pool_12
tmsh modify net self 10.1.10.240 allow-service add { tcp:22 tcp:443 tcp:4353 }
Open Chrome and click the BIGIP_A bookmark then log in as admin / admin.F5demo.com
Open the DNS> GSLB > Servers > Server List page and click bigipA.lorax.com, and then open
the Virtual Servers page.
From the Virtual Server Discovery list select Enabled, and then click Update.
Return to the Server List page and click bigipB.lorax.com, and then open the Virtual Servers page.
From the Virtual Server Discovery list select Enabled, and then click Update.
Return to the Server List page and continue to refresh the page.
Within several seconds, BIG-IP DNS will discover the BIG-IP LTM virtual servers on both bigipA.lorax.com and
bigipB.lorax.com.
In the Virtual Servers column click the 3 link.
There are three virtual servers discovered from bigipA.lorax.com.
Task 2 – Create BIG-IP DNS Pools and a Wide IP

Create two BIG-IP DNS pools, then create a wide IP for app3.f5demo.com, then test the wide IP using
the dig command, and then test using monitors.
On bigipA.f5demo.com
Open the DNS> GSLB > Pools > Pool List page and click Create.
→NOTE: Be sure you’re displaying the DNS > GSLB pool list page, not the LTM pool list page.
Create a BIG-IP DNS pool using the following information, and then click Finished.
Name bigipA_dns_pool
Type A
Member List /Common/bigipA_virtual_11 (/Common/bigipA.f5demo.com) – 10.1.10.11:80
/Common/bipipA_virtual_12 (/Common/bigipA.f5demo.com) – 10.1.10.12:80
(Click Add for each member)
Create another BIG-IP DNS pool using the following information, and then click Finished.
Name bigipB_dns_pool
Type A
Member List /Common/bigipB_virtual_15 (/Common/bigipB.f5demo.com) – 10.1.10.15:80
(Click Add)
Open the DNS> GSLB > Wide IPs > Wide IP List page and click Create.
Create a wide IP using the following information, and then click Finished.
Name app3.f5demo.com
Type A
Pool List bigipA_dns_pool(A)
bigipB_dns_pool(A)
(Click Add for each member)
Open a command prompt and type and then repeat the following command several times:
The BIG-IP system alternates between 10.1.10.11 and 10.1.10.12 (both from bigipA_dnspool) and 10.1.10.15
(from bigipB_dnspool).
tmsh create ltm monitor http server_up interval 2 timeout 7 recv "SERVER_UP"
tmsh modify ltm pool bigipA_pool_11 monitor server_up
In the command prompt repeat the following command several times:
After at least 10 seconds, BIG-IP DNS returns only 10.1.10.15 (from bigipB_dnspool).
tmsh modify ltm pool bigipA_pool_11 monitor http

After at least 10 seconds, the BIG-IP system alternates between 10.1.10.11 (from bigipA_dnspool)
and 10.1.10.15 (from bigipB_dnspool).
On bigipB.f5demo.com
Open a new tab and click the BIGIP_B bookmark, and then log in as admin / admin.F5demo.com
Open the Local Traffic > Pools > Pool List page and click bigipB_pool_15.
Add the server_up monitor to the pool, and then click Update.
After at least 10 seconds, the BIG-IP system returns only 10.1.10.11 (from bigipA_dnspool).

After at least 10 seconds, the BIG-IP system returns the IP address 10.1.20.16.
Question:
Where is the 10.1.20.16 IP address answer coming from?
_______________________________________________________________________
→HINT: On bigipA.f5demo.com, look through the custom_dns_listener configuration.
Close the command prompt window and the bigipB.f5demo.com tab.

tmsh delete gtm server bigipA.lorax.com
tmsh delete gtm server bigipB.lorax.com
tmsh delete gtm datacenter Active_DC
tmsh delete gtm datacenter Backup_DC
tmsh delete gtm wideip a app3.f5demo.com
tmsh delete gtm pool a bigipA_dns_pool
tmsh delete gtm pool a bigipB_dns_pool
tmsh delete ltm virtual bigipA_virtual_11
tmsh delete ltm virtual bigipA_virtual_12
tmsh delete ltm pool bigipA_pool_11
tmsh delete ltm pool bigipA_pool_12
tmsh delete ltm monitor http server_up
tmsh modify sys provision gtm level none
exit

Task 2 – Create BIG-IP DNS Pools and a Wide IP
Q: Where is the 10.1.20.16 IP address answer coming from?
A: From the BIND pool attached to custom_dns_listener.

PBC - Workbook - UDF - V15.1a - 2020-06-02 (LTM & GTM)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PBC - Workbook - UDF - V15.1a - 2020-06-02 (LTM & GTM)

Uploaded by

Copyright:

Available Formats

PBC – 3-day Partner Technical

Document version 15.1A

F5 Worldwide Field Enablement Last Updated: 6/2/2020

BIG-IP DNS .........................................................................................................................................................43

BIG-IP Local Traffic Manager

Exercise – Configure the BIG-IP System

Task 1 – Access Your Class Application Portal

Task 2 – Complete the Setup Utility

 On the General Properties licensing page click Next.

Task 3 – Review Configuration Objects

Task 4 – Explore Command Line Access (CLI) and TMSH

You are unable to access the BIG-IP system.

 At the CLI complete the command and press Enter.

 At the CLI type:

 At the tmos prompt type:

 Press the Enter key.

 At the tmos prompt navigate to another location by typing the following:

 At the tmos prompt type:

You created a node on the BIG-IP system.

Task 5 – Create an Archive File

 At the tmos prompt type:

 At the CLI type:

 In the Configuration Utility open the System > Archives page.

Question and Answer Key

Q: What information is listed?

Q: Did autocorrect the display options?

Q: Which options are available?

Q: What information is listed?

LTM Lesson 2 – How BIG-IP LTM Processes Traffic

Exercise – Create Pools and Virtual Servers

Task 1 – Create a Basic Pool

 If needed, re-open your RDP session to the Windows Jumpbox desktop.

Task 2 – Create a Virtual Server Using the New Pool

Task 3 – Verify Virtual Server and Pool Functionality

 Use a new tab to access the virtual server at http://10.1.10.20.

Task 4 – Use TMSH to Create Basic Pools and Virtual Servers

Here is the syntax for creating a pool using TMSH

Example with two pool members

Let’s try it!

Already Same Address with Previous Pool

Here is the syntax for creating a virtual server using TMSH

Let’s try it!

Here is the syntax for deleting a virtual server using TMSH

Here is the syntax for deleting a pool using TMSH

Task 5 – Disable the Current Virtual Server

 Use a new tab to attempt to access a pool member directly at http://10.1.20.13.

 At the command prompt type the following commands.

Task 6 – Create a Forwarding (IP) Virtual Server

 Reload the tab to access a pool member directly at http://10.1.20.13.

PREPARE FOR NEXT EXERCISE

Question and Answer Key

Q: Did traffic go to each pool member?

Q: Did each member manage approximately the same number of connections?

Task 4 – Use TMSH to Create an Application Listening on All Ports

Q: Did BIG-IP LTM create new nodes for this pool?

Q: Why or why not?

Q: Which Service Port does the virtual server listen on?

Q: What is the virtual server Type?

Q: What is the virtual server Type of http_virtual?

Q: Which virtual server processed these requests?

Q: Which virtual server processed this request?

Q: Which virtual server processed these requests?

LTM Lesson 3 – Use Secure Network Address Translation

On the General Properties licensing page click Next.

At the CLI complete the command and press Enter.

At the CLI type:

At the tmos prompt type:

Press the Enter key.

At the tmos prompt navigate to another location by typing the following:

At the tmos prompt type:

At the tmos prompt type:

At the CLI type:

In the Configuration Utility open the System > Archives page.

If needed, re-open your RDP session to the Windows Jumpbox desktop.

Use a new tab to access the virtual server at http://10.1.10.20.

Use a new tab to attempt to access a pool member directly at http://10.1.20.13.

At the command prompt type the following commands.

Reload the tab to access a pool member directly at http://10.1.20.13.

If needed, re-open your RDP session to the Windows Jumpbox desktop.

In the Configuration Utility tab click http_virtual.

Close the F5 vLab Test Web Site tab.

If needed, re-open your RDP session to the Windows Jumpbox desktop.

Open a New incognito window (Chrome).

In the Current Members section click 10.1.20.11:80.

From the Priority Group Activation list select Less than.

In the Current Members section click 10.1.20.11:80.

In the Configuration Utility reload the Members page.

If needed, re-open your RDP session to the Windows Jumpbox desktop.

Open the Pool List page and click http_pool.

Open the Members page.

Open the Local Traffic > Network Map page.

To rename the HealthCheck.html page type:

Hover over each pool member icon.

Use the ↓ key to move the cursor to the SERVER_UP line.

Use the ↓ key to move the cursor to the SERVER_DOWN line.

In the 10.1.10.20 failed page tab use Ctrl+F5 several times.

Use the ↓ key to move the cursor to the SERVER_UP line.

To replace the HealthCheck.html web page on 10.1.20.11:80 type:

If needed, re-open your RDP session to the Windows Jumpbox desktop.

On the Profiles: Services: HTTP page click http.

Return the Profiles: Services: HTTP page and click custom_http_profile.

Use a new tab to access http://10.1.10.20.

Close the F5.com and F5 vLab Test Web Site tabs.

Open the Virtual Server List page and click http_virtual.

Close Internet Explorer.