Forwarding (IP) Lab:: Server1 Configuration

Forwarding (IP) Lab:
Server1 Configuration
# Static config for eth0
auto eth0
iface eth0 inet static
address 192.168.1.1
netmask 255.255.255.0
gateway 192.168.1.100
up echo nameserver 8.8.8.8> /etc/resolv.conf
Server2 Configuration
auto eth0
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.100
PC1 Configuration
auto eth0
address 192.168.2.1
netmask 255.255.255.0
gateway 192.168.2.100
1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

PC2 Configuration
auto eth0
address 192.168.2.2
netmask 255.255.255.0
gateway 192.168.2.100

Create two VLAN one for Internal other is for External.
Create and assign Self IP to Internal and External VLANs.
Check the status of Interface 1.1 is internal VLAN Interface and 1.2 is External VLAN interface.
Create two Servers nodes with IP address 192.168.1.1 and 192.168.1.2

In Main Tab, go to Local Traffic > Virtual Servers. Select Create. Enter a Name for the virtual
server. For Type, select Forwarding (IP). For Destination Address, enter the IP address in CIDR
format. Enter the IP address for the virtual server. Enter a Netmask if the destination is a
network. Enter a Service Port number or Select a service from the adjacent list. Enter an
asterisk character* to match all ports. Clear the Notify Status to Virtual Address check box.
Select Finished.

Let us test from external PC1 access the backend Server 1 directly.
Lets verify Forwarding IP Virtual Servers Traffic Statistics.

TCPDUMP:
o TCPDUMP function on F5 LTM is used for capturing the packets that are sent/received.
o TCPDUMP function on LTM is used for capturing on particular interface from command.
o In F5 BIG-IP System LTM, TCPDUMP is having the same functionality as Wireshark tool.
o TCPDUMP tool is mainly used on LTM for troubleshooting & security posture of network.
o By default, when run TCPDUMP tool on LTM, it tries to do DNS resolution for IP Addresses.
o Using tcpdump utility we can also capture internal TMM information of F5 BIG-IP System.
o This TMM information is useful when need to open a case with F5 BIG-IP System Support.
o Filters allow to limit packet capture output related to specific IP Address, ports & TCP flags.
o TCPDUMP Filtering in F5 Local Traffic Manager (LTM) works similar to Wireshark utility.
To view the traffic on a specific VLAN:

tcpdump -i Internal-VLAN
To view the traffic on a single specific interface:
tcpdump -i 1.1
To view the traffic on the management interface:
tcpdump -i eth0
To view the traffic on all TMM interfaces:
tcpdump -i 0.0
To view all packets that are traveling to or from a specific IP address:
tcpdump host 192.168.114.100
To view all packets that are traveling from a specific IP address:
tcpdump src host 192.168.114.1
To view all packets that are traveling to a particular IP address:
tcpdump dst host 192.168.1.1
View packets traveling through LTM & are either sourced from or destined to specific port
tcpdump port 80
View all packets that are traveling through LTM and sourced from a specific port:
tcpdump src port 80
View all packets that are traveling through the LTM and destined to a specific port:
tcpdump dst port 80
View all packets that from specific host with specific port number
tcpdump host 192.168.114.100 and port 80
View all packets that from source specific host with destination specific port number
tcpdump src host 192.168.114.100 and dst port 80
View all packets that from source specific host with destination specific host
tcpdump src host 192.168.114.100 and dst host 192.168.1.1

o For capturing packets on a particular interface: tcpdump -ni 1.1 or tcpdump -ni Internal
o To Save the TCPDUMP output in binary format: Example is the tcpdump -w packet1.bin
o To Save the TCPDUMP output in text format: Example is the tcpdump >packet.txt
o To read the data from TCPDUMP file on F5 LTM Example is the tcpdump -r packet.bin
o To capture the packets in BIG-IP System with limited size: tcpdump -s2000 -ni Internal
o For capturing the packets from or to a particular address: tcpdump host 192.168.1.4
o For capturing the packets from a particular address : tcpdump src host 192.168.1.4
o For capturing the packets to a particular address : tcpdump dst host 192.168.1.100
o For capturing the packets either from source or destination port : tcpdump port 80
o For capturing the packets which contain source port 80: tcpdump src port 80
o For capturing the packets which contain destination port 80: tcpdump dst port 80
Combining Filters Using AND Operator:

To capture traffic starting from client 192.168.114.1 going to virtual server 192.168.114.200:
tcpdump src host 192.168.114.1 and dst host 192.168.114.200
To capture traffic starting from client 192.168.114.1 going to virtual server 192.168.114.200
only on destination port 80:
tcpdump src host 192.168.114.1 and dst host 192.168.114.200 and dst port 80

Simple Network Management Protocol (SNMP):
o SNMP is a term which is stands for Simple Network Management Protocol.
o Simple Network Management Protocol is used to monitor & manage devices.
o SNMP has several uses, from monitoring & generating alerts to device configuration.
o Simple Network Management Protocol is the Application Layer (Layer 7) Protocol.
o SNMP is the key protocol used to retrieve information from the network devices.
o SNMP is used to retrieve information from routers, switches, and network servers etc.
o SNMP can be configured as Read-Only mode to retrieve only information from devices.
o SNMP Read-Write mode can be used to retrieve or configure the network devices.
o All the SNMP messages are transported via User Datagram Protocol (UDP).
o Simple Network Management Protocol agent receives requests on UDP port 161.
o Simple Network Management Protocol Traps, info to manager over Port UDP 162.
SNMP Manager:
o A software that runs on the device of the Network administrator System.
o A Computer to monitor network, also called Network Management System.
SNMP Agent:
o A software runs on network devices that we want to monitor router, firewall, etc.
Management Information Base (MIB):

o Management Information Base (MIB) is the collection of managed objects.
o MIB contains a set of questions that the SNMP Manager can ask the Agent.
o MIB contains a set of questions that the Agent can understand them.
o MIB is commonly shared between the Agent and the SNMP Manager.
1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717

SNMP Messages:
o SNMP Messages are used to communicate between the SNMP Manager and Agents.
o SNMPv1 supports five basic SNMP messages Get, Get-Next, Get-Response, Set & Trap.
o SNMPv2c, two new messages were added which is Inform and the Getbulk message.
o Get Messages are sent by the SNMP Manager to retrieve info from SNMP Agents.
o Set Messages are used by the SNMP Manager to assign the value to SNMP Agents.
o Get-Next retrieves the value of the next object in the Management Information Base.
o Get-Response Message is used by SNMP Agents to reply to Get & Get-Next messages.
o Trap Messages are initiated from the SNMP Agents to inform the SNMP Manager on event.
o Inform Message, SNMP Manager acknowledge that the message has been received.
o Getbulk operation efficiently retrieve large blocks of data, such as multiple rows in a table.

SNMPv1:
o SNMP version 1 security is based on community strings.
o An SNMP community string can be considered as password.
SNMPv2c:
o SNMPv2c is an update SNMPv2 and SNMPv2c.
o SNMPv2c uses the community-based security model of SNMPv1.
o SNMPv2c "c" in SNMPv2c stands for "community".
o SMMPv2c sends the community strings in clear text.
SNMPv3:
o SNMPv3 is the most secure version among other SNMP versions.
o SNMPv3 provides secure access to devices using authentication & encryption.
o Authentication security feature makes sure that the message is from a valid source.
o Integrity security feature makes sure that the message has not been tampered.
o Encryption security feature provides confidentiality by encrypting the contents.
o SNMPv3 will never send the user password in the clear text.
o SNMPv3 uses the SHA1 or MD5 hash-based authentication.
o SNMPv3 encryption is done using the AES, 3DES and DES.
o SNMP offers three security levels: noAuthNoPriv, AuthNoPriv and AuthPriv.
o Auth stands for Authentication and Priv for Privacy.
o NoAuthNoPriv = no authentication and no encryption.
o AuthNoPriv = authentication but no encryption.
o AuthPriv = authentication AND encryption.

SNMP Configuration:
Specify contact information for the SNMP administrator, as well as the physical location of the
BIG-IP system running an SNMP agent.
On the Main tab, click System > SNMP > Agent > Configuration. In the Global Setup area, in the
Contact Information field, type contact information for SNMP administrator for BIG-IP system.
In the Machine Location field, type the location of the system. Click Update.
Configuring SNMP manager access to the SNMP agent on the BIG-IP system
Gather the IP addresses of the SNMP managers that you want to have access to the SNMP
agent on this BIG-IP system. Configure the SNMP agent on the BIG-IP system to allow a client
running the SNMP manager to access the SNMP agent for the purpose of remotely managing
the BIG-IP system.
On the Main tab, click System > SNMP > Agent > Configuration. In the Client Allow List area, for
the Type setting, select either Host or Network, depending on whether the IP address you
specify is a host system or a subnet. In the Address field, type either an IP address or network
address from which the SNMP agent can accept requests. If you selected Network, type the
netmask in the Mask field. Click Add and then click Update.

SNMP Access:
On the Main tab, click System > SNMP > Agent > Access (v1, v2c) . Click Create. From the Type
list, select either IPv4 or IPv6. In the Community field, type the name of the SNMP community
for which you are assigning an access level. From the Source list, select All, or Select and type
the source IP address in the field that displays. In the OID field, type the OID for the top-most
node of the SNMP tree to which the access applies. From the Access list, select an access level,
either Read Only or Read/Write. Click Finished.
Enabling Traps:
You can configure the SNMP agent on the BIG-IP system to send, or refrain from sending,
notifications to the traps destinations.
On the Main tab, click System > SNMP > Traps > Configuration. To send traps when an
administrator starts or stops the SNMP agent, verify that the Enabled check box for the Agent
Start/Stop setting is selected. To send notifications when authentication warnings occur, select
the Enabled check box for the Agent Authentication setting. To send notifications when certain
warnings occur, verify that Enabled check box for the Device setting is selected. Click Update.

Setting V1 and V2c Trap Destinations:
Specify the IP address of the SNMP manager in order for the BIG-IP system to send
notifications.
On the Main tab, click System > SNMP > Traps > Destination. Click Create. For the Version
setting, select either v1 or v2c. In the Community field, type the community name for the SNMP
agent running on the BIG-IP system. In the Destination field, type the IP address of the SNMP
manager. In the Port field, type the port number on the SNMP manager that is assigned to
receive the traps. Click Finished.
Add F5 BIG-IP System, LTM to SNMP Manager to receive traps messages.

Logging in F5 LTM:
o Log messages tells us what's happening inside the BIG IP System Local Traffic Manager.
o BIG-IP log files include important diagnostic info about the events that are occurring.
o Viewing & managing log messages is an important part of managing traffic on network.
o In LTM Log messages inform you on regular basis of the events that occur on the system.
o Maintaining and Verifying the log messages is the important task of the F5 Administrator.
o Log messages can contain info ranging from Linux events, Local Traffic , Global traffic etc.
o Viewing and managing log messages is an important part of managing traffic on a network.
o Log messages inform you on a regular basis of the events that occur on the BIG-IP system.
o In F5 Local Traffic Manager (LTM) Each type of event is stored locally in a separate log file.
o Also, in F5 LTM the information stored in each log file varies depending on the event type.
o In Local Traffic Manager LTM log files for these event types are in the directory /var/log.
o In BIG IP System, you can store the log messages in two locations Local to BIG IP System.
o In BIG IP System, you can store the log messages in two locations Remote Syslog Server.
o Local logging is done on LTM using Linux syslog-ng and log data is stored local to System.
o Remote Logging implemented on the BIG IP system using either Linux Syslog-ng or TMOS.
o Remote Logging on the other hand are the log data is stored on remote syslog servers.
o view log files logged locally on BIG-IP system by using Configuration utility, tmsh, or bash.
o For example, to view ltm log file, log in to tmsh enter the command: show /sys log ltm.
o Using bash change to /var/log directory to view ltm log file, enter the command: cat ltm.
o Go to System > Logs select tab corresponds to type of logging category want to review.
Local Logging:
o By default, BIG-IP system logs events locally & stores messages in the /var/log directory.
o Local logging is done on LTM using Linux syslog-ng and log data is stored local to System.
o Local Syslog logs that the BIG-IP system can generate include several types of information.
Remote Logging:
o Can configure system to use HSL mechanism to log messages to pool of remote log servers.
o You can configure the system to use high-speed logging mechanism (HSL) to store the logs.
o If LTM processes a high volume of traffic or generates an excessive amount of log files.
o F5 recommends that you configure remote logging high-speed logging mechanism (HSL).
o F5 Network recommend that you store logs on a pool of remote logging servers use HSL.
o If Remote Logging is implemented using TMOS then it is called as High-Speed Logging
BIG-IP Log Types:

o In F5 Local Traffic Manager (LTM) each type of event is stored locally in a separate log file.
o Also, the information stored in each log file varies depending on the event type in BIG-IP.
o By default, BIG-IP system logs events locally & stores messages in the /var/log directory.

Type Description Log file
audit The audit event messages are messages that the /var/log/audit
BIG-IP system logs as a result of changes to the
BIG-IP system configuration.
boot The boot messages contain information that is /var/log/boot.log
logged when the system boots.
cron When cron daemon starts a cron job, the daemon /var/log/cron
logs the information about the cron job in this file.
daemon The daemon messages are logged by various /var/log/daemon.log
daemons that run on the system.
dmesg The dmesg messages contain kernel ring buffer /var/log/dmesg
information that pertains to the hardware devices
that the kernel detects during the boot process.
GSLB The GSLB messages pertain to global traffic /var/log/gtm
management events.
httpd The httpd messages contain the Apache Web /var/log/httpd/httpd_errors
server error log.
kernel Kernel messages are logged by the Linux kernel. /var/log/kern.log
local The local traffic messages pertain specifically to the /var/log/ltm
traffic BIG-IP local traffic management events.
mail The mail messages contain the log information /var/log/maillog
from the mail server that is running on the system.
sync The sync daemon is used as a common conduit for /var/log/nsyncd.log
configuration synchronization messages and events
over CMI and Chassis.
packet Packet filter messages are those that result from /var/log/pktfilter
filter the use of packet filters and packet-filter rules.
security Secure log messages contain information related to /var/log/secure
authentication and authorization privileges.
system The system event messages are based on global /var/log/messages
Linux events, and are not specific to BIG-IP local
traffic management events.
TMM The TMM log messages are those that pertain to /var/log/tmm
Traffic Management Microkernel events.
user User log messages contain info about all user level. /var/log/user.log
webui Webui log messages display errors and exception /var/log/webui.log
details that pertain to Configuration utility.

Syslog Levels:
o The following levels are available for each facility, as described in the following table.
o Below the facilities are listed in order of the severity of the messages they handle.
o Generally, the higher levels contain all the messages for lower levels in BIG-IP System.
o For example, the alert level will generally also report all messages from the emerg level.
o And the debug level will generally also report all messages for all levels till emergency.
Level Description Verbosity
emerg Emergency system panic messages Minimum
alert Serious errors that require administrator intervention Low
crit Critical errors, including hardware and filesystem failures Low
err Non-critical, but possibly very important, error messages Low
warning Messages that should at least be logged for review Medium
notice Messages that contain useful information, but may be ignored Medium
info Messages that contain useful information, but may be ignored High
debug Messages that are only necessary for troubleshooting Maximum
Logging System Events:

Displays information logged by the operating system and other Linux components that are not
specific to the BIG-IP system and software. The information on this screen correlates to the
information that is stored in the /var/log/messages file.

Logging Packet Filter Events:
Displays information logged by the packet filter module. The information on this screen
correlates to the information that is stored in the /var/log/pktfilter file.
Logging Local Traffic Events:

Displays information logged by the local traffic management software. The information on this
screen correlates to the information that is stored in the /var/log/ltm file. Logs related to LTM,
for example node is down, pool member is disabled, health monitor failed and so on. Local
Traffic will show log messages for status changes and configuration changes on existing objects.

GSLB Events:
Displays information logged by the global traffic management software. The information on this
screen correlates to the information that is stored in the /var/log/gtm file.
Audit Logs:
Audit tab will show us administrative actions, for example, Route added or deleted by admin,
user disabled by admin, user add, delete, create pool, delete, etc. stored in /var/log/audit file.

Legacy Logging:
o Whereas if it is implemented by using Linux Syslog-ng then it is called as Legacy logging.
o In F5 BIG-IP System, Local Traffic Manager (LTM) Logging is done by using the syslog-ng.
o Configure in a such way that log messages can be forwarded to one remote syslog server.
o Configure in a such way that log messages can be forwarded to multiple remote syslog.
o By default, syslog-ng sends log messages on UDP port number 514 of Remote Syslog Server.
In the Main tab, navigate to System > Logs > Configuration > Remote Logging to configure the
Remote Syslog server IP address click Update to apply the setting.

High Speed Logging:
o If Remote Logging is implemented using TMOS then it is called as High-Speed Logging.
o In F5 BIG-IP System, Local Traffic Manager (LTM) Logging is done by using TMSH.
o Components used High Speed Logging Are Log Filters, Log Publishers, Log Destinations.
o Create filters to identify what kind of log messages needs to be sent on Remote Syslog.
o In F5 BIG-IP System Local Traffic Manager the filters can be created based upon criteria.
o The criteria such as which service is sending the log message (gtmd, big3d, tmm etc).
o Also, what is the severity level of the log message (Notice, Informational, Debug etc).
o Publishers are nothing but one or more remote syslog servers such as Splunk etc.
o If Publisher is Normal Syslog server then TMSH sends the log without parsing format.
o If Publisher is Splunk or ArcSight then the TMSH formats the log message according.
o To selected remote syslog server and sends the logs to them once they are formatted.
o Last then you have to create a log pool with one or more remote syslog servers in it.
o HSL is the recommended Log configuration to be used with Local Traffic Manager LTM.

Creating Pool of Remote Logging Servers:
Create a Pool of Remote Syslog servers by navigating on Main Tab to Local Traffic > Pools Click
Create in the Name field, type a unique name for the pool in this case Pool-Syslog. Using the
New Members setting, add the IP address for each remote logging server that you want to
include in the pool. Type an IP address in the Address field. Typical remote logging servers
require port 514. Click Add. Click Finished.

Creating Remote High-Speed Log Destination:
Configure Log Destination on the Main tab, by navigating to System > Logs > Configuration >
Log Destination. Click Create. In the Name field, type a unique, identifiable name for this
destination in my case Remote-HS-Log, From the Type list, select Remote High-Speed Log.
From the Pool Name list, select the pool of remote log servers to which you want the BIG-IP
system to send log messages. From the Protocol list, select the protocol used by the high-speed
logging pool members in my case UDP. Click Finished.
Configure Log Publisher:

Create a publisher to specify where the BIG-IP system sends log messages for specific
resources. On the Main tab, click System > Logs > Configuration > Log Publishers. The Log
Publishers screen opens. Click Create. In the Name field, type name for publisher. For the
Destinations setting, select a destination from the Available list, and move the destination.

Configure Log Filter:
Create a custom log filter to specify the system log messages that you want to publish to a
particular log. On the Main tab, click System > Logs > Configuration > Log Filters. The Log Filters
screen opens. In the Name field, type a unique, identifiable name for this filter. From the
Severity list, select the level of alerts that you want the system to use for this filter. From the
Source list, select the system processes from which messages will be sent to the log. From the
Log Publisher list, select the publisher that includes the destinations to which you want to send
log messages. Click Finished
On Pool-Syslog Server which is 192.168.1.50 where Syslog Server is install to receiving logs.

3CDaemon application is install for Syslog in Windows XP to receive logs.
Also, can verify from Pool-Syslog statistics as well, which showing hits.

VLAN Tagged Lab:
F5 Interface Configuration
Management NAT Cloud
1.1 Connected to a dedicated LAN
1.2 External
LAN Switch Configuration

LAN(config)#vlan 10
LAN(config-vlan)#name SRV1
LAN(config)#vlan 20
LAN(config)#vlan 30
Assign Interfaces to VLANs
LAN(config)#interface e0/0
LAN(config-if)#switchport access vlan 10
Configure Trunk
LAN(config-if)#switchport trunk encapsulation dot1q
LAN(config-if)#switchport mode trunk

Servers Configuration
Server 1 Toolbox # Static config for eth0
Configuration auto eth0
Belong to VLAN 10 address 192.168.10.1
netmask 255.255.255.0
gateway 192.168.10.100
up echo nameserver 8.8.8.8 > /etc/resolv.conf
netmask 255.255.255.0
gateway 192.168.20.100
netmask 255.255.255.0
gateway 192.168.30.100
Internal VLANs Configuration:

On the Main tab, click Network > VLANs. The VLAN List screen opens. Click Create. The New
VLAN screen opens. In the Name field, type a unique Name for the VLAN. In the Tag field, type a
numeric tag, between 1-4094, for the VLAN, The VLAN tag identifies the traffic from hosts in
the associated VLAN. From the Interface list, select an interface number. From the Tagging list,
select Tagged. Select Tagged when you want traffic for that interface to be tagged with a VLAN
ID. If you specified a numeric value for the Customer Tag setting and from the Tagging list you
selected Tagged, then from the Tag Mode list, select a value. Click Add. Click Finished.

Finally, all three Server VLAN created for same interface 1.1 with different VLAN 10,20 & 30.

External VLAN Configuration:
On the Main tab, click Network > VLANs . The VLAN List screen opens. Click Create. The New
VLAN screen opens. In the Name field, type a unique Name for the VLAN. In the Tag field, leave
the field blank BIG-IP system automatically assign a VLAN tag. From the Interface list, select an
interface number. From the Tagging list, select Untagged. Click Add. Click Finished.

Creating Static Self IP Addresses:
Static Self IP Address for Internal VLANs.
On the Main tab, click Network > Self IPs. Click Create. The New Self IP screen opens. In the
Name field, type a unique name for the self IP address. In the IP Address field, type an IP. This IP
address should represent the address space of the VLAN that you specify with the VLAN setting.
In the Netmask field, type the full network mask for the specified IP address. From the VLAN
list, select the VLAN to associate with this self IP address. From the Port Lockdown list, select
Allow Default. From the Traffic Group list, retain the default value or select a traffic group. Click
Finished. The screen refreshes and displays the new self IP address.
Finally, all three Internal VLAN Self IP List for VLAN10, VLAN20 and VLAN30.

Static Self IP Address for External VLAN.
Finally, three Internal VLANs Self IPs and one External VLAN Self IP list.

Interfaces Status:
After configured VLAN go to the Main tab, click Network > Interfaces > Interface List. The
Interface List screen displays the list of interfaces on the system. In the Name column, click an
interface number. This displays the properties of the interface. For the State setting, verify that
the interface is set to Enabled.
Creating Node:
From the F5 home page, click Local Traffic > Nodes > Node List. Click Create. In the New Node
page, enter the following information: In the Name field, enter a name for the node. In the
Address field, enter the IP address of the node. Optionally, in the Description field, enter a brief
description for the node. In the Configuration area, keep the default configurations. Click
Finished. The new node is created. Finally, all three Nodes SRV-1, SRV-2 and SRV-3 look like
below in screenshot.

Creating Pool:
From the F5 home page, click Local Traffic > Pools > Pool list. From the Pool List page, click
Create. Enter the following information in the New Pool page. From the Configuration drop-
down list, select Basic. In the Name field, enter a name for the pool. Optionally, in the
Description field, enter a brief description for your pool. For Health Monitors, select the
appropriate health monitor from the Available list, and move it to the Active list. You need
health monitors to ping the defined URLs at a defined interval and check whether the node is
alive. In the Resources area, select the appropriate load balancing method from the Load
Balancing Method drop-down list default Round Robin. Click the Members tab. Click Add. Click
Node List. From the Address drop-down list, click to select the node that you want to add to the
pool. Enter the service port number. Keep the default configurations. Click Finished.
Finally, the Pool is look like below in the screenshot.

Create Virtual Server:
From the F5 home page, click Local Traffic > Virtual Servers > Virtual Server List.
Click Create. Click the Properties tab. In the General Properties area, enter the information: In
the Name field, enter a name for the virtual server. In the Destination field, enter the
appropriate IP address that has been allocated for virtual server. Enter service port number.
Click the Resources tab, from the Default Pool drop-down list select the pool you have created.
Click Finished.

Verification and Testing:
Try to ping from BIG-IP LTM to any Server in the Local Area Network reachable or not.
Open a new browser session on the external clients and enter the address of the virtual
server at http://192.168.2.200
Refresh the web page it will change the server.

Refresh the web page or try from another client it will change the server.

From the F5 home page, click Statistics > Dashboard> > Module Statistics > Local Traffic. In
Statistics Type in dropdown select Pools to see the traffic in and out.
From the F5 home page, Click Local Traffic> Network Map

F5 LTM Deployment Methods:
F5 BIG-IP systems can be deployed to a network with little to no modification to existing
architecture. However, to optimize the performance of your network and applications, some
environment changes may be required to take full advantage of the multipurpose functionality
of BIG-IP systems.
F5 Load Balancer can be deployed in three different methods which is One Arm Load Balancer
method, Two Arm method and nPath or DSR (Direct Server Return) method. The "Arms" used
to be typically referred to as physical interfaces. In actuality, "Arms" refer to VLANs with an
associated IP. You can have a one armed config with more than one physical interface. You can
also have multiple one-armed config with more than one VLAN on the same BIG-IP. But the
implication would be that the interface which the VLAN is associated to will be used for both
ingress and egress traffic. The number of Arm’s are nothing more but the number of VLAN’s
that are created and active on the BIG-IP.
One Arm Deployment:

In One-Arm deployment, the load balancer is not physically in line of the traffic, which means
that the load balancer’s ingress and egress traffic goes through the same network interface.
Traffic from the client through the load balancer is network address translated (NAT) with the
load balancer as its source address. The nodes send their return traffic to the load balancer
before being passed back to the client. Without this reverse packet flow, return traffic would
try to reach the client directly, causing connections to fail.
One-Armed configuration typically means an application server you are load balancing is not
configured on the network that is facing the VIP. Where the application server is not configured
to use the F5 as their default gateway. When the F5 is not the default gateway, you have to
SNAT client traffic to maintain route symmetry. The disadvantage is that you lose the ability to
view the client IP address on the application server either through logs or troubleshooting. You
would then need to deploy indirect methods to keep track of IP addresses. However, the power
is that it can be inserted in an existing network where you cannot make network changes.
One Arm Mode is the most common kind of deployment seen nowadays. This is very easy to
achieve, this means, creating just one VLAN on the Load Balancer, both the physical servers to
be load balanced and the Clients that are try to reach the servers use the same VLAN. So if the
Load balancer can reach the clients and servers using that VLAN, we are all set. This causes the
minimum impact on the existing LAN / WAN Design. But it is to be noted that for this to work,
we need to enable SNAT (Source NAT) settings on our load balancer.

Two Arm Deployment:
In two arm deployment more than one interface of F5 Load balancer is used. Virtual IP Address
need not to be in the same subnet of physical servers. For physical servers default gateway is F5
load balancer IP address. Asymmetric routing does not occur in this method. Client IP address is
retained. The virtual server is on a different VLAN from the pool members, which requires that
BIG-IP systems route traffic between them. In a multi-arm configuration, the traffic is routed
through the load balancer. The end devices typically have the load balancer as their default
gateway.

N Path/DSR (Direct Server Return):
It is similar to One Aram method of deployment only one interface of F5 Load Balancer is used.
Virtual IP address should be in the same subnet of physical servers. For physical Servers default
gateway is not F5 load balancer IP address, it can be Router or Firewall IP address. In this
method we don’t implement source NAT on F5 Load Balancer, so that traffic directly goes to
client from the Router or Firewall. Asymmetric Routing occurs in this method. Client IP address
is retrained. It is known by its generic name Direct server return DSR, is a deployment topology
in which return traffic from pool members is sent directly to clients without traversing the BIG-
IP LTM. In the nPath or direct server return (DSR) topology, return traffic from pool members is
sent directly to clients without first traversing the BIG-IP LTM. This allows for higher theoretical
throughput because BIG-IP LTM only manages the incoming traffic and does not process the
outgoing traffic.

One-Armed Deployment Lab:
ISP Router Configuration

Router(config)#hostname ISP
ISP(config)#interface f0/0
ISP(config-if)#ip add 192.168.1.254 255.255.255.0
ISP(config-if)#no shutdown
ISP(config-if)#exit
ISP(config)#interface f0/1
ISP(config-if)#ip add 1.1.1.254 255.255.255.0
ISP(config-if)#no shutdown
ISP(config-if)#exit
ISP(config)#no cdp run
ISP# write memory
PC Configuration
IP address: 1.1.1.1
Subnet Mask: 255.255.255.0
Gateway: 1.1.1.254
DNS: 8.8.8.8

Local Servers Configuration
Internal Server-1 IP Address 192.168.1.1
Gateway is ISP Router 192.168.1.254
DNS 8.8.8.8
Docker Eve-gui-server

Navigate to Server-1 Docker desktop click on WWW folder inside open html folder right click on
index.html file open with Pluma copy past below html click Save.
<html>
<head>
<title>This is Server 1</title>
</head>
<body>
<h1 style="color:red;">THIS IS SERVER 1</h1>
</body>
</html>
<html>
<head>
</head>
<body>
<h1 style="color:blue;">THIS IS SERVER 2</h1>
</body>
</html>
<html>
<head>
</head>
<body>
<h1 style="color:green;">THIS IS SERVER 3</h1>
</body>
</html>

Management Access Configuration:
Log in to the CLI using the default user account. Use root as username and default as password.
It will ask to change the password type old password default type new password Abc@Admin1
Issue the config command.
Once you get the prompt as shown below, click OK.

The next prompt will ask you if you want to use the automatic configuration, choose No.
Enter desired IP address for the management interface and click OK.
Enter desired subnet mask for the management interface and click OK.

To access the BIG-IP from any network, configure a default gateway, click Yes. You will be
prompted to enter the IP address of the default gateway and click OK
Confirm the management IP address changes by clicking Yes.

With a browser on your PC, navigate to the IP address of the management interface in HTTPS
(HTTP wont’ work). Ignore the certificate warning, and the F5 LTM login page will appear. Type
username admin/Abc@admin1 the password which is set earlier through configuration.
It will prompt you to change the password type current password in our case Abc@admin1
while New password type the same Abc@admin1 and confirm Abc@admin1
Now login with new password Username Admin Password: Abc@admin1

Internal VLAN Configuration:
On the Main tab, click Network > VLANs. The VLAN List screen opens. Click Create. The New
VLAN screen opens. In the Name field, type a unique Name for the VLAN. In the Tag field, type a
numeric tag, between 1-4094, for the VLAN, or leave the field blank if you want the BIG-IP
system to automatically assign a VLAN tag. The VLAN tag identifies the traffic from hosts in the
associated VLAN. From the Interface list, select an interface number. From the Tagging list,
select Tagged or Untagged. Select Tagged when you want traffic for that interface to be tagged
with a VLAN ID. If you specified a numeric value for the Customer Tag setting and from the
Tagging list you selected Tagged, then from the Tag Mode list, select a value. Click Add. Click
Finished.

Creating Static Self IP Addresses:

Creating Node:
Create 1st Node Server-1:
Finished. The new node is created.
Create 2nd Node Server-2 and 3rd Node Server-3:

Finished. The new node is created.

Creating Pool:
From the F5 home page, click Local Traffic > Pools > Pool list. From the Pool List page, click
Create. Enter the following information in the New Pool page. From the Configuration drop-
down list, select Basic. In the Name field, enter a name for the pool. Optionally, in the
Description field, enter a brief description for your pool. For Health Monitors, select the
appropriate health monitor from the Available list, and move it to the Active list. You need
health monitors to ping the defined URLs at a defined interval and check whether the node is
alive. In the Resources area, select the appropriate load balancing method from the Load
Balancing Method drop-down list default Round Robin. Click the Members Tab. Click Add. Click
Node List. From the Address drop-down list, click to select the node that you want to add to the
pool. Enter the service port number. Keep the default configurations. Click Finished.

Create Virtual Server:
From the F5 home page, click Local Traffic > Virtual Servers > Virtual Server List. Click Create.
Click the Properties tab. In the General Properties area, enter the information: In the Name
field, enter a name for the virtual server. In the Destination field, enter the appropriate IP
address that has been allocated for your virtual server. Enter the service port number.
Click the Resources tab, from the Default Pool drop-down list select the pool you have created.
Click Finished.

Create Default Route:
Navigate to Main>Network > Routes click add.
Enter name, Description, Destination, Netmask and Router Gateway IP.
Finally, Default route is ready which will send all the traffic to our ISP Router 192.168.1.254

Verification and Testing:
Open a new browser session on the external client PC and enter the address of the virtual
server at http://192.168.1.100

Statistics Type in dropdown select Pools to see the traffic in and out.
Statistics Type in dropdown select Nodes to see the traffic in and out.

Redundancy:
o Redundancy, Failover, High Availability, Clustering, RAID and Fault-tolerance.
o A good network design provides the redundancy in devices and network links.
o Redundancy is basically extra hardware or software that can be used as backup.
o If the main hardware or software fails or link fail or unavailable in case of emergency.
o It is method for ensuring network availability in case of network device or path failure.
o It is method for ensuring network availability in case of network device unavailability.
o Network redundancy is process through which additional or alternate instances of network
o Devices, equipment & communication mediums are installed within network infrastructure.
o Redundancy can be achieved via failover, load balancing & high availability in automatically.
o High availability is a feature which provides redundancy and fault tolerance automatically.
o High Availability is a number of connected devices processing and providing a services.
o The goal is to ensure this service is always available even in the event of a failure or down.
o Clustering is similar to redundant servers & provides fault tolerance in case of emergency.
o A group of servers are logically combined into a cluster and seen as one device to work.
o If a device fails within cluster services continue because other devices continue services.
o One link processing traffic & second link would only become active if primary link fails.
o Set up to allow company to connect their device to more than one Internet connection.
o If one connection goes down, all traffic would failover to the other Internet connection.
o This would eliminate single point of failure and would re-assure availability and reliability.
o RAID is a fault tolerance solution for hard drives usually implemented in the servers.
o Redundant Array of Independent Disks providing redundancy and fault tolerance.
o Automatic failover is process of moving active services from primary device to backup.
o Usually backup device continues these services until primary device has come back up.
o When a device fails another device takes over this process which is referred to as a failover.
o Services failover to backup device which will continue from where primary device left off.
o Failover feature allows for hardware firewalls to have some redundancy and backup.
o Have two or more hardware device configured if primary fails, the backup take over.
o It is implemented on the high-end hardware devices for networks require redundancy.
o HSRP is a Cisco proprietary protocol for establishing a fault-tolerant default gateway.
o Redundancy, Fault-tolerance, & High-availability, all refer to some sort of failover of backup.
1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

High Availability Overview:
o HA is usually required in a system where there is high demand for little downtime.
o The High availability (HA) is a deployment in which two Devices are placed in a group.
o Their configuration is synchronized to prevent a single point of failure on your network.
o Setting up two Devices in an HA pair provides redundancy & ensure business continuity.
o Devices in an HA pair use HA links to synchronize data and maintain state information.
o All F5 LTM in cluster must be the same model and have the same firmware installed.
o HA feature in F5 BIG-IP consists of running redundant F5 chassis (load balancers).
o F5 HA has a majority of features which ensure application availability at all anytime.
F5 LTM HA Modes:
Active-Standby:
o In Active-Standby one LTM actively manages traffic while other is synchronized.
o With an Active-Standby based deployment traffic is only processed by a single device.
o This is achieved via single traffic group, which all failover objects reside within.
o In Active-Standby standby is ready to transition to active state, should failure occur.
o One actively manages traffic until a path, link, system, or network failure occurs.
o When active firewall fails, Standby LTM transitions to active state and takes over.
o In F5 Active-Standby has simple design concept and it is easier to troubleshooting.
o Synchronized between devices & connection persistence state data can be mirrored.
o If failure is detected on the active unit, all the traffic will be moved to the standby.
o Standby member is already having all configuration & connections persistence state.
o Active-Standby deployments with BIG-IP System should use only traffic-group-1.

Active-Active:
o Active-Active deployment, both LTM in the pair are active and processing traffic.
o In Active-Active F5 BIG-IP mode, both the units can be active at the same time.
o In Active-Active F5 BIG-IP mode, we can make full use of the hardware available.
o Here we can create multiple traffic groups in order to distribute the traffic groups.
o Make 1st unit as active for one traffic group & 2nd active for another traffic group.
o This type of setup is majorly seen where we have limited hardware in the F5 units.
o With an Active-Active based deployment traffic is processed by both devices.
HA Pre-Requisite:
o To set up High Availability HA on F5 LTM, need a pair of LTM that meet fallowing.
o The same model—The F5 LTM in the pair must be of the same hardware model.
o The BIG-IP units in a redundant system must run the same software versions.
o F5 don’t support BIG-IP redundant configurations run different software versions.
o In BIG-IP Systems in a redundant configuration must run the same hotfix version.
o F5 does not support BIG-IP redundant configurations run different hotfix versions.
o BIG-IP units in a redundant system must match with respect to product licensing.
o BIG-IP units in a redundant system must match with respect to module provisioning.
o Cluster members must also have the same hardware configuration such as same HDD.

HA Terminologies:
Failover:
o When a failure occurs on one F5 Unit and the peer takes over the task of securing traffic.
o Procedure by which F5 Unit automatically transfers control to peer when it detects a fault.
o The failover operation is the process of switching production to a backup facility or Unit.
o A failover is triggered, for example, when a monitored metric on the F5 Unit in HA pair fails.
Devices:
o Represents either a physical or virtual instance of a BIG-IP system Local Traffic Manager.
Device Groups:
o Device group is collection of BIG-IP Units that have established a device trust & share data.
o Type of data shared depends on what type of data the device group is configured to share.
o Group of devices synchronize based on device group type also failover their configuration.
o There are two 2 types of device groups first one is sync-only and second is sync-failover.
Device Trust:
o Device Trust represents trust relationship between devices also known as trust domain.
o Device Trust in Local Traffic Manager is achieved via certificate-based authentication.
o In BIG-IP System device Trust is a prerequisite for both device groups and traffic groups.
o To provide failover or configuration sync, LTM on network must be in same trust domain.
o In BIG-IP System initial trust of each device is performed over the management interface.
Sync-Failover:
o Both configuration data and the failover objects are synchronized, Utilizes traffic groups.
o Sync-failover device group synchronizes configuration data & traffic group data for failover.
o Use this configuration to fully synchronize two BIG-IP systems Local Traffic Manager LTM.
o If active becomes unavailable, failover occurs & standby is able to instantly pick up traffic.
Sync-Only:
o In Device Groups Type Sys-Only, Only the configuration data is synchronized.
o Sync-only device group synchronizes only configuration data, such as policy data.
o In Device Groups Type Sync-Only, but it does not synchronize failover objects.
Traffic Groups:
o A traffic group is a collection of related configuration objects that run on a BIG-IP system.
o A collection of failover objects that runs on one of the devices within the Device Group.
o Should the device become unavailable failover object is served by other device in Group.
o In general, in F5 LTM traffic group makes sure that when a device becomes unavailable.
o All of failover objects in the traffic group fail over to a standby system in its device group.

Sync:
o Manual DSC synchronization can be performed via either the command line or the WebUI.
o To perform manual synchronization within WebUI go to 'Device Management / Overview'.
o From this screen you will be presented with an overview of the synchronization state.
Sync Device to Group:

o Synchronizes any objects have been recently modified to other devices within device group.
Sync Group to Device:

o Synchronizes any objects that have been recently modified from devices within the group.
Overwrite Configuration:
o When performing action synchronize configuration regardless of when it has been modified.
Connection Mirroring:
o Connections & persistence information on active F5 chassis are duplicated to the peer unit.
o Event of failover, peer can begin processing connections immediately without interruption.
Configuration Synchronization:
o ConfigSync is a high availability process that collects the configuration files and directories.
o From one unit of redundant pair into an archive file, and then transmits and installs on peer.
Network Failover:
o When BIG-IP System redundant systems are configured to use network failover method.
o The BIG-IP System LTM systems communicate over the configured failover addresses only.
Floating IP:
This is the cluster shared IP; this IP will be active on the active device and it will move to the
other device in case of failover. This will be the GW for servers.
Push the selected device configuration to the group:

Select this option when you want to synchronize the configuration of the selected device to the
other device group members.
Pull the most recent configuration to the selected device:

Select this option when you want to synchronize the most recent configurations of one or more
device group members to the selected device.

Automatic:
Automatic synchronization (also known as auto sync) ensures that the BIG-IP system
automatically synchronizes the configuration among device group members whenever you
make a change to any one of those devices.
Manual:
If you do not enable auto sync, you must manually synchronize the BIG-IP configuration among
device group members to ensure that the devices remain in sync. With manual synchronization,
the BIG-IP system notifies you whenever configuration data within the group has changed and
therefore needs to be synchronized.
Full:
When you enable full sync, the BIG-IP system syncs the entire set of BIG-IP configuration data
whenever a config sync operation occurs. You can only do a full sync operation if you have
enabled manual sync; Full sync operations are not available when automatic sync is enabled.
Incremental:
When you enable incremental sync, the BIG-IP system syncs only the changes that are more
recent than those on the target device.

F5 LTM Active/Standby Lab:
VLAN Network Interfaces Self-IP LTM1 Self-IP LTM2 Floating IP

Internal 192.168.1.0/24 1.1 .100 .101 .150
External 192.168.2.0/24 1.2 .100 .101 .150
HA 192.168.3.0/24 1.3 .100 .101 .150
Management 192.168.114.0/24 MGMT .100 .101 .150
Device Details
PC1 Webterm Docker # Static config for eth0
auto eth0
address 192.168.2.1
netmask 255.255.255.0
gateway 192.168.2.100
auto eth0
address 192.168.2.2
netmask 255.255.255.0
gateway 192.168.2.100
auto eth0
address 192.168.2.3
netmask 255.255.255.0
gateway 192.168.2.100

Device Details
Server 1 # Static config for eth0
Toolbox Docker auto eth0
address 192.168.1.1
netmask 255.255.255.0
gateway 192.168.1.100
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.100
address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.100
Create Dedicated VLAN and Self IP for HA:

o Chosen interface 1.3 for HA function and cross network cable is connected back to back.
o Keep Virtual Local Area Network configuration exactly as below, as untagged interface.
o In my case I have chosen an unused subnet 192.168.3.0/24 for HA heartbeat to work.
o You now configure active device as 192.168.3.100 and peer as 192.168.3.101.
o Make sure you configure these Self IPs on Local Traffic Manager as non-floating.
o On the peer device, configure similar HA VLAN and IP address as 192.168.3.101

All three configured VLAN External-VALN, Internal-VLAN and HA-VLAN in BIGIP1.
All three configured Self IP External-IP, Internal-IP and HA-IP in BIGIP1.
All three configured Backend Servers SRV1, SRV2 and SRV3 in BIGIP1.
There is only one HTTP configured Pool in BIGIP1 no need to configure in BIGIP2.

There is only one HTTP configured Virtual Server in BIGIP1 no need to configure in BIGIP2.
Configure similar HA VLAN with named HA-VLAN in BIGIP2.

Configure Config Sync:
o Specify IP address that is used to synchronize their configuration objects by other devices.
o Specify IP address used to synchronize their configuration in device group to local device.
Click Device Management > Devices. Click device name to which you are currently logged in.
Under Device Connectivity menu, choose ConfigSync. Choose the self IP address configured
earlier and Update. This address must be a non-floating self IP address and not a management
IP address. On the peer device, choose 192.168.3.101 (HA) for Config Sync.
Same configuration on BIGIP2 choose 192.168.3.101 (HA) for Config Sync.

Configure Failover Network Communication:
Specify local IP addresses that you want other devices in the device group to use for continuous
health-assessment communication with local device. Click Device Management > Devices. Click
name of the device that you are currently logged in. From Device Connectivity menu, choose
Failover Network. Click Add for each IP address on this device that other devices in the device
group can use to exchange failover messages with this device. Type a self IP address associated
preferably VLAN HA its 192.168.3.100 and the Management IP address its 192.168.114.100.
When the device reboots, Management IP becomes active first before Self IPs, hence, to avoid
both devices operate as active and cause unexpected results, we add management IP on the
heart beat list. On the peer device, choose 192.168.3.101 (VLAN HA) and 192.168.114.101
(Management IP Address).
Same in BIGIP2 choose 192.168.3.101 (VLAN HA) & 192.168.114.101 (Management IP Address).

Configure Mirroring:
Log in to F5 LTM on the Main Tab. Navigate to Device Management > Devices. In the Device
List, click the name of the local device indicated with (Self). Hover on the Device Connectivity
tab and click Mirroring. For Primary Local Mirroring Address and Secondary Local Mirroring
Address, click the appropriate addresses. Click Update.
Same configuration but different IP on BIGIP2 Primary HA-VLAN while Secondary Internal-VLAN.

Establish Device Trust:
Now you are going to add the peer device on the trusted device list. Go to Device Management
> Device Trust > Local Domain. Select the Device Trust Members Tab. Select Add. For Device
Type, select either Peer. Type the management IP address, administrator user name, and
administrator password for the remote BIG-IP device, and then select Retrieve Device
Information. Verify that the certificate is correct, and then select Device Certificate Matches.
Verify that the remote device name is correct, and then select Add Device. Repeat these steps
for each BIG-IP system to be added to the local trust domain.

Create Sync-Failover Device Group:
If an active device in a Sync-Failover device group becomes unavailable, the configuration
objects fail over to another member of the device group and traffic processing is unaffected.
You perform this task on any one of the authority devices within the local trust domain. Click
Device Management > Device Groups > Click Create. Type name of the service group. Choose
group type as Sync-Failover. Add all available members that you want to include in sync-failover
device group. For Sync Type, select the appropriate synchronization type. The default is Manual
with Incremental Sync. Confirm the group settings, and then select Finished.
Syn the Devices:

In the Main tab, click Device Management > Overview. In the Device Groups area of the screen,
click the arrow next to the name of the relevant device group. The screen expands to show a
summary and details of the sync status of the selected device group, as well as a list of the
individual devices within the device group. In the Devices area of the screen, choose a device. In
the Sync Options area of the screen, choose an option:
Push the selected device configuration to the group
Select this option when you want to synchronize the configuration of the selected device to the
other device group members.
Pull the most recent configuration to the selected device
Select this option when you want to synchronize the most recent configurations of one or more
device group members to the selected device. Click Sync.

Configuring Connection Mirroring for Virtual Server:
The BIG-IP system can mirror TCP or User Datagram Protocol (UDP) connections for a virtual
server. To configure connection mirroring for a virtual server, perform one of the following
procedures: Log in to F5 LTM. Navigate to Local Traffic > Virtual Servers. Click the virtual server
for which you want to enable connection mirroring. For Configuration, click Advanced. For
Connection Mirroring, select the check box. Click Update.
Testing and Verification:

Go to Device Management > Devices. Select the local device (Self). Select Force Offline.

Forwarding (IP) Lab:: Server1 Configuration

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Forwarding (IP) Lab:: Server1 Configuration

Uploaded by

Copyright:

Available Formats

Forwarding (IP) Lab:

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

2 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

Create and assign Self IP to Internal and External VLANs.

Create two Servers nodes with IP address 192.168.1.1 and 192.168.1.2

3 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

5 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

Lets verify Forwarding IP Virtual Servers Traffic Statistics.

6 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

To view the traffic on a specific VLAN:

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

Combining Filters Using AND Operator:

2 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

Management Information Base (MIB):

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717

2 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717

3 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

2 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

Add F5 BIG-IP System, LTM to SNMP Manager to receive traps messages.

3 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

BIG-IP Log Types:

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

2 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

Logging System Events:

3 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

Logging Local Traffic Events:

4 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

5 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

2 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

Configure Log Publisher:

3 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

4 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

5 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

LAN Switch Configuration

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

Internal VLANs Configuration:

2 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

3 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

4 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

5 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

6 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

7 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

Finally, the Pool is look like below in the screenshot.

8 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

9 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

Refresh the web page it will change the server.

10 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

11 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

From the F5 home page, Click Local Traffic> Network Map

12 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

One Arm Deployment:

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

3 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

4 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

ISP Router Configuration

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

2 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

3 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

Issue the config command.

Once you get the prompt as shown below, click OK.