F5 Networks Training Configuring BIG-IP GTM v11 Global Traffic Manager Student Guide CH ALTWONKS CConiguring BIGP GTM, Global Trafic Manager March 2019 11.20Configuring BIG-IP® GTM v11 Global Traffic Manager Student Guide Sixteenth Printing ~ March 2013 “rs manual woe ween or 3G Local rai anager version 11.0. Amnough some a me features dseeed nt cours ware saded wih he v0 version most of te concep pp previous versans of BIGIP* GTM (©2013, FS Networks, nl phe reserved CHV NCTNOAKS Support and Contact Information being Tesi Support Web tech com (ABTS) Prose (2024888 po com feedback com Cconacting eos Ena k@iSeom 8 ifogS.com {01a ee chery Stn oa 118 Chay Sey KTVGEAP $002 Ss wer ated Ro Simp, 3088 Tajomscom ryan Frew. ms7 Fees pne 001 Feeo3.106 Taine EMEATaninggBexm——APACTinng om Contluring BIG-IP GTM, Global Tate Manager Fs Newel. Ie ‘a Garten Cy 196 Ten3siveae SapeniningcomTable of Contents Preface ee — Pa FS Networks PA 5 Product Sie Overview ea Hardware. = = = Ps Viral Edition ~ Po FS Services e e Po. 5 Resources and Tools. Pal Mee staliation a il A835 enn IGP Global Traffic Manager Overview = . Licensing, Provisioning andthe Seti Utility GTM Backsps Inealiation an Sen Lake ‘Lab Changing the Ina P Adress Lab Licensing the System and Provisioning ~ = Lab Seup Uy ee a a [ab Confguation Usity = ~ ab Coniguaton Backup . ‘16-1? Hardware Platforms Switch Cl Cnt! Processor (SCCP) aed Always On Management (AOM) [ab ~SCCP and AOM Confirtion, Mode 2: DNS Overview ‘The Domain Name System (DNS) - 2a The Name Reston Process nn 24 DNS and GTM System Options 28 Resolton Diagnostic Toa 28 Mole 3: Aceeated ONS ReSOhsION nn GTM and DNS Resolutions Pat Hierarchy of Options Flow Chart. 33 GTM Latent ne . Ev ab Configuring Listes ose ‘Lod Balancing DNS Quer. Ss Y ‘ab - Configuring DNS Load Balancing . DNs cache ‘Lab Caching DNS Queries DNS Expres Tab Configuring DNS Express Inteduction 0 Wide-Pe ‘Lab - Configuring Siple Wide AP = Oiter DNS Queries ab Sanda BS Server DNS Inegratin| BIG-IP GTM, Global Trae Managerqoce Table of Contents: Moc niger NS Resolutions a a (GTM lneliget DNS Resolutions e Metis Colleton oven Intligent Ne Resaion Dats Centers ~ : Lab Adding Data Contes : GTM systens coe ab Adding GTM Systems ~ Adding LIM Systems ~ Lab Adding LTA Stems eat GTMLLTM Sytem Commuters ine Lab: ipa ‘Adding Non FS Sees a {ab Ading Non-F3 Servers cms z Lik Wide ib Poos ‘Lb Configuring Pools Wide 1s a Lab Configuring Wide is Changing Objects Stats Lab Objects Stats ae Command Ln wing mh Mole LONS Probes and Metrics. ae 51 Meat Overiw. IEDNS Prot Configuration ‘Lab LDNS Probe Lab. eon Brg. is ao « Lal lang Oven 1 I Sine Lond tang ods. ° Domne nt Bose ls et ua of Seve Lond lng ee { Ponce : et TSh-Byaan esac : ets tab: Sate Posse. : fe l (bo Rat Lnd Scig. er (2b Gab Avy Cid ad oo Manual Reson = Seon acc or Topol Lin anne on ib Topogy Load Bain as {IG-IP GTM, Global Traffic Manager“Table of Contents 00-3 Mode T: Man nnn a aT Monitrs renew, 7 a Monitor Typ “ aoe “Monitor Configuration ~ +s Monitor Asignments a : 73 ‘Monier Sas Repeting m2 ‘Monitor Rens and Best Practices 73 ab Monitor. 78 Mole 8 Logs and Notion, i ‘System Log Configuration og Files RemateSysog Noicatoa ~ ab Remuse System Log Sever a oe ‘The Alot Press ~ ~ ~ LCD Natifeation SNMP Notification ie Lab SNMP Tap E-Mail Noteston : z Maule 9: Advanced TOES oon Sse oe DNSSEC. Tab BASSEC Limite and Tesh GTM iRule. aks Lab T ables Lab2 Synchronization Groups : Lat Synchronization ‘BIGGP Corigaration Files, BIG IP eth. DNS 6t04, ~ ~ ~ Lat ~ Congr ib Cc Load aancing Optical) Mote 10: Confgtton Proje Review Topics. toa Review Quetions oz Configuration ab Project. 0 {IG-IP GTM, Global Trafic ManagerToca “Table of Contents Append A instalation a Pre-nstalasion nfrmaton - aol Pre-lnstallain Hantware Chocst ad Insaling BIOLIP GTM Software AS ‘Optional abs v1 Provisioning “10 (Opto Las v1 Reload Sips All 5 Knowledge Base Reereose ‘12 ‘Append B: Adon Top nnn . 81 ‘epdunp 7 BL Content Delivery Newer By DintutedApplcaions - i12 SNMP Monitor. = a Bale ‘Append: Bid and ZoneFunne oe a BIND and ZoneRusner cu CConfguig BIND Files with Zoneunnee ca ZoneRuner and Bied Labs. cia Pomerat iS nnn Se BIG:P GTM, Global Trafic ManagerPreface and Product Over F5 Networks Ensuring the Secure and Optimized Delivery of Applications ‘As the pons in Applicaton Delivery Neoworks, FS continues to ead the industry by diving more ineligene to the network to deliver advanced aplication apy. FS prods care the sour ad ‘optimized delivery of aplication oan wer, wingany device, anywhere inthe world. Through is exible and cohesive arhitetre 5 deters unmstcod vale by improving the way ongamizton serve their employees, castomers and constants wil ramatialy iwerng operations costs 5's pplication delivery network products provide Application Optimization 5s arcitecrre automatically asigns every application te righ mix of availability, curity, aod perfomance a he network lev forther optimizing her performance + Application Security 5 Application Traffic Management architecture suprors integrated cet fetus that rotcel the delivery of applications by enforcing secant police atthe edge ofthe network, before a session allow + Application Delivery 5s architecture delivers the a horsepower, based thy integrated seer, _valably, sealable which work together odever exceptional throughput ard transaction performance. F5 Product Suite Overview ‘Managing the delivery of applications across your entire IT iftastuctr is complex cllnge FS ‘ackes this challenge ti core right where your network, soage, saver, and sacar come together, ‘ping you strategie points of contol throu! you ifasacare Deploying FS products at ky pins inthe infasuucture gives you an adaptable and scalable Foundation to adres your changing buses needs and IT challenges prety and cost ffectvely. “There are four msi produc ins to bel you achieve your FT gol: + iGur Frodvt Fam (Appiation Delivery Conwoter) Botte Manager (PS Deve Management) 4 ARX Series (File Vruaization) 1 Freass (SL VPN)Pa. Preface: Product Overvow BIG-IP Product Family ‘The BIG-P proc amity i assem of integrated pplication delivery seviss hat woek togetheon the same bestin-iss hardware “rom load blaning, SSL oMosd, snd web seceleratin application Security, access conte, and much more the BIGHP system creates an agile inate to nse your spplietion ar always fist, see, apd avalabe ‘Trattic Management Operating System (TMOS) “The modal BIG-P systems bit on F's TMOS platfom, which offers tremendous scalability and ‘customization, You ca art wi one specication o mc your cunt business aods and bude, nd add more capcity and fmetionaity as your epplicason and businoss demands change With TMOS, you gun the adapt to aust network conditions and busines pois using ‘Cont, F's bighly versatile open API, and Rules, the FS custom, event riven scripting language. You tls get uriguc appiation-certc view of your ifasuuctare with powerful iApps atures APPS mables you to deploy and manage network services foreach of your specific applications with ‘mprecoentd peed sd aos In aden, TMOS also ves you unigue Seale funcional, ‘ncling Clatered Multiprocesing (CMP), Viral Clustered Mulproesing (VCMDP) and Deice ‘Service Clustering (DSC) enablig vrvalzaton and sealing up o sealing out on dena is Full Application Proxy HIT trots) | Local Traffle Manager (LTH) IGP LTM is ful proxy besween users and aplication serves creating lye of abstraction to secur, optimize, and load balance application wa This gives you the Nex and contol oadPreface: Product Oveniow pa plications and servers easly, eliminate downtime, improve applisstin performance, a mest our security requirements, Global Traffic Manager (GTM) ‘IG-P GTM resolves DNS queries the best IP addres associated with he A econ request The esl is fase tesponse ines fr users aml optimal usc of multiple daa cones. Link Controller ‘BIGAP Link Controle prevents eoatly dwmnime de to ISP problems or ther ink ilies by ‘utmatialy switching tract allemat ISP connections and ensring wx ofthe most costffetive aiableconneton ‘Application Security Manager (ASM) [BIG-P ASM isan advanced web apliaion firewall hat protects crt pplication apd thei data by Afending agaist application specific tucks tht bypass conventional eval. ‘Access Policy Manager (APM) [BIG-P APM provides secure, context avare, nd policy-based acces con. Itcenaizs and Simplifies authentication authorization and acouming (AAA) management del onthe BIG-P system, WebAccelerator BIGLP WebAccelertr gives your usern instant improvement ia web aplication perormance and helps you reduce cots By ofleading your network and servers, BIG-IP WebAcosleratr decreases your ‘spending on ational bandwith and new hardware WAN Optimization Manager (WOM) BIG-1P WOM overcomes network and splication issues onthe WAN to ensue that spplicaon performance, data replication and disaster ecovery requirements are met. BIG-IP WOM can (ramatialy reduce data replication tines and enable mor efficent se of your existing bandwidth. Edge Gateway [GLP Edge Gateway provides SSL VPN remote aces security with application sedation and opiizaton services at th ede ofthe newer all none efficient, sealable, and costeffective solution, BIG IP Edge Gateway includes APM, WOM and Websccserator. Enterprise Manager 5 Enterprise Manage significa rede the cost and complexity of managing multiple FS devices ‘You gain single pane view of your ene application delivery infastucure andthe tol you need to tomate common aks, nae optimize application performance, sb mprove budgeting and Forecasting o met changing bsiess neds: Enterprise Manager is availabe in phys and Viral Entous (VE).pa Preface: Product Ovarviow ARX Series 5 ARX file viralianton devices cnabe you to dramatically simplify data mangg>ment and reduce Storage costs By iauolucag inteliget fi virtualization into te file storage infsructre, ARK ‘imines the ruption eszoiated with storage amination and tomate many storage management tasks, The rol isa carat improvemet in cost, agli and busines efficiency. Data Managemont Operating System (DMOS) ARX DMOS fe tthe core of our ntlligent ile vieusiation solutions. This relibe, scalable software ‘can toip you manage nstrctred ile data more efcenly by automating storage management asks nd eliminating the eupins associated with thos tasks, ‘Adaptive Resource Switch (ARX) ARX provide ile vituliantin ayer that aggregates the total apacity and performance of back-end orge The vruaiaaon ayer provides locaton independent, uansparcn mapitg of se requess ono ‘he appropriate storage esurce ARX Cloud Extender (CE) ARX Cloud Extender works with the stomatodslorage rng capabiltis oF FS ARK ile vruaization ‘eves oscamlsaly fend he le storage infrsroctre fom the daa ceter the coud Castomizabie ering plies tome the proces of tenting snd moving appoprie dat the ‘loud, which mininsrs IT overhead apd east of acces. And, ata stored in the led is presented asi it ‘esies locally in the aa cet, users and aplientions can soes information they aways have Data Manager Data Manager offer file sytem discovery, data efi and powerful reporting give you detailed look inside the le daa environment so you can apply belier management polices crestoa more effet, costffective some environmen. FiroPass The FirePass SSL VPN, avilable asa appliance and ina Virus Eton, provides scuity,exibiliy, aca of we. Il grat acoso corporat applications using a technology that everyone understands! & ‘webbrowser Users cn ave secure access fom anywhere ley have a Interet connection, while FrePass ensures that connected computers ar ily patched and protested Hardware products operat in findamenaly diferent way than comping ecologies, and par of hat ‘freee a mala approach o hardware configuration, lowing yu to incorporate the functions of lige produce into a singe physical device. ‘The FS hardware series solitons inl: + VIPRION and RIGPreface: Product Oveniow BS + ARX Enterprise Manager VIPRION and BIG-IP Hardware We offers numberof diferent lator peifco cach of eu products, which you can customize and configure according to your nos. Our rvoluonay hardware design els you scale for ure pplication growth and provides indus leading mangeabliy and lexibity BIGAP VIPRION® YVIPRION i the ist Appicatien Delivery Controle (ADC) that scales on demand. The F5 TMOS™ {schnology is und ta provide te highest evel of troughs performance and rnestions persona lable fr BIG-IP® platform. Instead of ading more devices inthe network and segmenting pplication, each VIPRION platform i single, powerful application delivery cooler with modular ‘performance blades you can ado remove withou disrpting you pliatios. ‘PRION 4400 “The VIPRION 4400 ADC i fr large Service providers, enterprises, an web-based businoses. Ci [NEDS certified spd as been designed with ere rae laity in mind, Add up 0 Four lads to its ‘hati and snl your Appiaton Dstivery Neowrk as demands gra VIPRION 2400 “The VIPRION 2400 ADC is fo misize to large enterprise that ned the Neil of ding formance on demand while managing cos. A Yea pxy-as-yu-grow model, VIPRION 2400 offers on- ‘Semand twoughpu, SSL, compression, and CPU resorts, wih no dstupsion or management thalleges. VIPRION 2400 als has 80 PLUS Gold Carifed power supplies, which lowers cooling and ney FeuirementsTomteanca) TN Sel ..._ .0) eer _ gy noe 2800 i Govern (ae, aon = ey BIGAP 11000 Series ‘The BIGAP 11050 support high throughput levels o met the aplication delivery needs ofsevice providers nd organizations that pu premium on Wansction er scond I's a dal sluin For ‘ranizatone that have configured ter datacenters round IOGE or are carey plnningtoupaade their infeructre BIG4P 6900 Series The BIGP $90, 8950 and 8950S erable organizations to integrate advanced ADN functionality and conzlidt heir IT nfastractres to reduce power, space, and cooling vequiements, andthe associated ‘ats Wi hee patfonns, large enterprises nd sevice providers can suppor excel igh evel of ‘pplication wfc and integrate advanced optimization and secu capabilities, [BIG4P 6900 Series ‘With we d-coe processors as wel at hardware SSL and compression, the BIG-P 6900 ns the eifanuane to prove on toyed pan for application delivery. Te DIG-ID 6900 en proce {0.6 Gbps a thoughput to handle the most mandi applications. IGP 3900 Series With guadcore processor that enables support for multiple Bt application delivery ina 10, cos fective platform IP modules, the BIG-1P 3900 unifiesPreface: Product Overview BIG.AP 2600 Series “The BIG-P 3600 provies a high-peirmance, entry-level platform fo organizations wanting oad BIGAP 1600 Series ‘The BIG-1P 1600 offers al the funtcaly of TMOS in acostfetive,eay-level platform for ‘neligenappliaion delivery. Enterprise Manager Hardware Enterprise Manager gives you operational ficiency and centralized management ofall your FS devices, ‘The Enerprite Managor produc supp allF5 TMOS-enabled devices, allowing ucr 0 ake dvanage of sag trace for hy device administration functions, dein the ime needed 0 ‘manage vious dvies individual. Enterprise Manager 4000 Series “The Enterprise Manager 4000 isthe newest pao in th highly successful Eatepise Manager fly [isan appliance bed device shipped on a dedisted enersse grade pltform, With he EM 4000, oul ave the ality to take avarag ofthe fll caabliiesof Enterprise Manages to manage your IGP deve, Enterprise Manager 3000 Series ‘The Enterprise Manager 300 is an gplince-ased device, shipped on addicted enterprise grade plaorn. Enterprise Manager 500 Series “The Enterprise Manager 500s apliance-bete device, shipped on addicted enterprise grade lorpa Preface: Procuct Overiow: ARX Hardware |ARX devices are high pertormance, entrpriseclasinliget file vruaizaton system that “ramntcally simplify sueage management and lower tl storage management costs. ARX systems ‘tomate dts managemsn tasks and eliminate the disruption associated wih sora: management fopsratons, esting ns dramatic inprovernnt a est, ality, and busines efienc. Powered by DMOS, he ARX Series provides mute services in singe platform, including soba ‘amespace, data migration, storage ting aa replicaton, and capacity balancing, ‘ARXA000 ‘The ARXA000 is 4U rack-mount device designe fr the largest enterprise data centers. It supports le storage environments with upto 12000 user and canbe contigued with either 12 Gigabit Benet {0 10 Gigs Etheret por for upto 12 Gbps oughpat. ARXA000 also supports edundat ot “swappable power spl. ‘ARK2500 ‘The ARX2500 is 1U rack-mount dovic designed for modium-o-args enterprises, It support le storage environments with up o 6:00 wees and is conigued with 2 10 Gigabit Ethernet por nd ¢ Gigabit tere port for op to & Gbps throughput ARX2S00 also support redundant, ho swappable power suppis ‘ARX2000 ‘The ARX2000 is 12U rack-mount devie designed for medium-oarge entepriss. It support file orge environments with up o 6,00 uses andi confaured with 12 Gigabit therm por orp (04 {Sopa trovnpur, ARX2000 ss spor redundant, ho sappabie power sop ‘ARX1500 ‘The ARXISO0 isa IU rack-mount device designed for smal 4o-medium enterprises orginal office deployment, lt suport file storage envionment with wp 03000 sere ands conigred with 8 ‘Gigabit Etlemet por for up 32 Gops thoughout ARXISO0 also supports redundant, hot-swappable power spiesPreface: Product Overview Po Virtual Editions 5 offers Vial Edons (VE) of many ofits prods enabling you to create a mobile, scalable, and dapabeinfaseucere- The virtual eons ofS products complement and extend physical FS Iarvare aplanses "LIM VE Extend aviaility an opinization services to any application with his uly iuized Applicaton Delivery Conall (ADC). + GIM VE Manage soba ppiction avila and provide seamless disaster resovery nd routing based on quality of serie, geographic leon or busines rein + ASM VE - Ensure comprehensive protection nd sceurity for web aplication. + APM VE--Estblsh a simplified, single point of contol that draws on aces policies to ‘rovide ganar contol of wer” aplication secs, WA VE- Provides acceleration for web applications while deccsing bandwidth usage. + WOM VE - Optimize nd scare WAN connectivity between datacenters and acserate appliation dats oer long-distance network connections. + EM VE- Ess ish simplifies, single pon of conto forall BIGP systems |ARX VE - Provides th sams industry-leading storage optimization capbiltis, ncuding on-srupive data migrations, atomted strap: ering, an dynamic capacity balancing 1 rePass VE- Provides the same industry-leading advanced remote acess capabilities, tbe ‘exibilyto conta access through the est ee Vial Policy Eto, nd te fa igh valbe eployment of vitul etn, F5 Services ‘Te power of FS technology ists ability o adapt to your unique network architecture and mix of sppestions, scase our prods can handle sch a wie variety of environments, we ff may 2. Login as admin with pasword of amin Configuring BIG-1P GTM, Global Trafic ManagerModule = Inalation 45 3. Step dou the License Process 4, Note the risraton key (a environments may need to ener the key if isnt present in the TeontigegKey license il), S. Click the Anamated ike Manual license activation via the Configuration Utility, ‘This metho isused when the BIG-P sytem cant communicate delly withthe Hcense server ot suhon sites wisho retin copies ofthe system dossier’ Stl clint machine rst bo able ommaniate with the cere server This method involves adional sts th dor mast be oped fom the BIG-IP sytem to another device ax» pro therepierationposess. Then the osier must be submited tothe F cease serve, he lcese retrieved, and te the ices coped to the BIG-P yom. Once the BIG-IP ystom adress st: Conse! to htps/ Login ss admin witha pasword of admin Step though the Hens process Enter te eisai key Click be Mantalk Generate he die and apy ito cet machine Conn te lint achne tte nee nd connec tpt Scam Sait dosier the ets seve and then downoad the iene tt creed Comms he tit machine tthe BIG-P System nd instal te cre The ing Toe be ald ascot gi eee, Provisioning Provisioning eps support the installation and configuration of the many modules avaiable with BIGLP, Provisoning gives you some contol over the resourcc, both CPU and RAM, which re located teach ceased module. You may wan, for example, io minimize th resources avalable {GTM on aston iersd for LTM and GTM. Sine all modes have some reas on both management (Linux) and he Trafic Management ‘Operating System (TMOS).they wll always be provisioned. Oer modules must be manually [provisioned Whea you provision the modules, you choose between ve evel f resources, edited, Nominal, Minimum and None are aval forall mle and Lis it evel efor tas, ‘+ Dedicsted is designed fer sinatons where oly ne module is untionlon the system, such sont + Nominal gives the module its minim fapsonlrsouress and dite atonal esoures othe modal if they are valble. Its designed to pve mxhle a god smount ofthe system resources, ‘Minimo gives the module ts minima faetonl resources and dsbutsadionl resouves to ther modules. I designed tallow the maximum amount of module 0 co txt ona system + None is designed for stations where another module nods delicate cess to resoures. + Liteisavalbl or selected modules granting limited eae for als Contiguring BIGP GTM, Giobal Trae ManagerResuneProvning Secen Setup Utility Functionality “The Seup sty helps you quickly define management stings, such ea oot password and the IP arses forthe interfaces tat connec the BIGHP Syste othe network. Some ofthe items that Ws beenard during te Setup lity include the following ‘SelE1P Address and Nes for VLANS “Assign interfaces to VLAN IP adress ofthe defers Password ofthe “oot user access tothe Command Line Interbee (CLI) ofthe BIGAP system ‘+ Password of th amin” wer for accesso the Web Configuration Utity (GLI ofthe BIO P System. address (oe range of Padres) allowed for SSH “he Sep lity ores these stings n many BIG-IP system configuton files including + Adinisteasv IP acca les for SSH. Fetchostsallow + Imterace and Configuration files ‘contgbixip.cont ‘config/igip_base.cont ‘onfig/BigDB.dst Configuring BIGP GTM, Gobal Tac ManagerModule Instaliaton aa ‘Accessing the Setup Utiity ‘The Setup ult can te accesed once the sytem cent It canbe rn via he management ‘poms deft adress or ith an aleate adres st wit the config tool othe LCD. Once the Setup lity i compl, the BIG-IP System can also be acessed though the adress specified inthe Setup iy ‘The Web Configuration Utility (GUI) ‘The Web Configuration wt is browser-based interface that uses SL and access coo ists 0 provide secur alte configuration. This scur interac is provid bythe BIGHP Sytem funing the Apache OnenSL web server. You sould ue this ily to change the BIG-P System's enfiguation forthe lowing reasons: + Theleaming cre is salle beau it is esiro use and mote aut 1 ttminimizes he chances of cotiguaon ens. Input is checked and enor are epoted immediately Changes ae ettive immediatly (no restarting of processes or reading of configuration Files) andthe hanges re elected inmeditly nthe conigration files. |S ese to ecass more people have browsers installed on theists than SSH int ‘Accessing the Web Configuration Utility ‘The BIGLIP Web Conguaion ity can be wed to congue datacenters, servers, vital Serves, pool, wide IP's and ae bjet ed fer nlligent DNS. The BIG-P Wes Conguaion lity {so less you monitor servers, statistical data concerning the resolution pattern, nd the operating ‘stem el Italo provides convenient aces fo les sch athe SNMP Management Information Base (MIB). Stops to Access the Web Configuration Utity: 1a the hep addess heps/) in a web browser. This aes could be the management adress oa SlP-LP aes that has por 443 unlocked 2. When yu conse tothe Web Configuration Utility forthe frst ime uring any browser session the bowser wil alee you thatthe SSL connection wll usa secutycetfcate hat ‘was at autoied bya ceicate author. This is poral beaver, snce the IGP System cress self signed corteae a pro astallaon, Accept he cetiicat 3. Nexen th sermme and password you configured dung the Setp Uy. This will ‘open the BIGIP Web Configuration Ulty's home page. The Weleome page ofthe BIG-P Configuration uty comains a variety of wel infomation. You ean ene the BIG-IP CCntiguation uty to configure and monitor your BIGAP System You ean socest Mito! stp options, dovloed the BIG-IP GTM MIBs, oink o FS Network's online ‘information dbase, ASK FS 4. While be modules wil vary depending on your license, The following sreen should apps: Configuring BIG4P GTM, Global Trac Manager‘Welsme rg of he ICP GTM Confguron sty Command Line Access through Serial Console Al BIGAAP GTM platforms have serial console ocess. Te deflecting NS 19,200 bps ‘Por othe Setup uty, only the ret user has aces; arte Setup uty the rot us: wil have sce and admin can bo added by cubling tbe console acces. Command Line Access through SSH The BIG-1P GTM System software ship with an SSH server hat provides users with secure CLI and Sle want. The server wes eryplographicauherication, alomatic session encryption and ilegrty ‘protection forall triste da [Asa partf the Setup tity, the administrator could choose whether to enable SSH sees nd Whether to limit SSH acess to specified IP addresses. As with console access, ret has access by etal admin doesnot, bt admin can be graned access. Configure Network Time Protocol (NTP) [Netwook Time Protocol (NTP) i an Internet protocol used to synchronize the clcks of computes Known acuta ne reference. GTM uses NTP foro sybehonze mule systems na sy OUP ‘ed for etc colletionaros those systems, 1. Inthe Configuration Us, navigate to System » Configuration : Device: NTP 2 Onthe Properties seco, ype the IP adres ofthe NTP server inthe Address cd ond lik Ad eet Sp 210 al esiedNP eves 4 Ck pane svete cotton AN Sp me Cae te dedi Conteng B1G4P GTM, Gal Tet Manager eh a be SeinModule = Installation 2 GTM Backups Lesson Objective Upon completion ofthis len, paiipans wile abla define the prone and mea of bcking upacw System Backing Up the GTM Configuration 'IG- GTM Syste can be backed po "ies. The extension nary for “Use Configuration Sr This ile eomposd of group of configuration Fes cone in sine compress ie thn estrone GTM sym or coped anatie ysem. UCS fier an Be etd and psrvord pes We {he ils ome ardve se eta usd overwite e cre fis and then onde athe ‘rng congue, For GTM, te rina congo Mes /config/sta/bigie_ ote. cont Configuration Archiving and Retrieval Both GTM System and LTM Systems are designed to store the entre contigo, icing the sone that sq t that system, na single le, The process canbe perfome trough citer the ‘configuration Utltyor the command ine. ‘Trafic Mangement Shel (mst) commands are used trough the command lie and the Sytem / Archives page ofthe sytem met fused though he Configuration ily, co o [By avrraooe on ser630047 POT 2069 281 Configuring BIG-1P GTM, Global Trafic Manager40 Module nstaation Installation and Setup Labs ‘Tae nxt series of abs wil take you step by te hough eting up, Heensing, and cofguring 2 BIGAIP GTM system. Specifically the labs wil focus on: (Changing the inal IP Adds ofthe IGP GTM sytem, License and Provision the BGP stem Using the Configuration Uilty Assessing the Alvays On Managemest Systm + Usingthe Set “The estimate ime to complet these bt approximately 40 minutes. The allowing diagram shows the snp configuain and IP adresses that wil rer om competing hi sve bs ml mom 1s2.168%.31 | external 10.10.%.33 72.1633 a7a6201 17216203 Lab Contiguration Girne ane eacne ewe) Objective ‘+ Setthe management por IP adres fo ial natwork acoss ‘Estimated ime for completion: $ minutes Lab Requirements “+ Systm dfn usr ID and password (oot dealt) Serial console accesso plyscal acess fusing the LCD Your sation number Note: For al abs, when an ‘address 192.168. would bee entered 8 rot is lsteg, ener your stalon number. For station 1, the IP red a5 192,168.1.31 anda password of roo¥X would be Configuring BIG-P GTM, Global Traffic Managerjon ait General, the Padres ofthe management port must be reset so the system can aces the network to obtain icense. This canbe accomplished through the confi olor the LCD. Both St of steps sxe listed here, bute ab assumes use ofthe cong oo ‘Changing default P address via the Command Line Gain access tothe stem serial por. ‘+ Forclasses sng srl cables, connect a null-modem cable between te BIG-P GTM gjtem snd 100 emulator. The srl stings should be ett N-8-1 at 19,200 bs ‘+ Forclasses sng Serial Terminal servers, open an SSI session using Paty o other SSI client tthe Padres provided by the nstuctor. That session should then connec tthe Seaport your st. You may ead login te canal see ri ogg io When prompted, logon asthe rot user wing he password default Bwter the config command to star using the tol Note: When using the config tool, edt entries using cursors and backspacos. 1 When prope, press Enter choose OK. 2 When prompted, do nat choose o assign an adress sing DHCP, press Tab and Enter to-choode Na 41 When prompt change the IP addres to 192.1683, where X i your station auber Press Tab and Enter to choore OK 4. When prompted, change the Nesask to 288285 0.0, Press Tab and Enter to chose OK. ‘Aina confrmation seren appears your settings shoud bea follows TPAdaress FRIES Netmask 255 255.00, 6. fall entries are comes, pres Enter to choose Yes. ‘Changing default IP address via the LCD — Lab (Optional) 1. Pres the rat X button onthe pay. Navigate tothe System menu and press the green checkmark baton Navigate to Management menu sr press he goon check mask but, ‘Navigate tolP Address mea and press the grosm checkmark bution [Navigate othe IP Address el and peess the pron chock mak button Se Using she up and down arow keys, enter the IP adres 192.168.X.31 ad pres the green heck ak baton, [Navigate tothe Netmask ld and pees the gven check mark bution Enter the netmask 288285.00, and press te green check mak bution 9. Navigate tthe Commit men, and pes the grcen check mark button 10, When yous the OK mens blinking, peste green check mark ton. Configuring BIC:1P CTM, Global Trae ManagerModule talon rere Objective Ins he system has a prope cease 4 Estimate time fo completion: § minutes Lab Requirements + Access tothe ystem’s registration key Aces tthe Internet oc acess othe system's ces file Network access tothe BIG-P GTM System Your BIG-1P GTM System may be ceased aleady. To determine if you have a BIG-P GTM licens file on yourbox, check forthe existence of eoalybigipsiense. View fom e CLisession by ‘sping ore /contig/bigip.ateense the System and Provisioning Lab you aresdy have he correc license ie, then you can skip to Setup Ulta. Cerise, license your system follow, Configure Address of Administrative System (PC) Set/ Ensue the IP seins on your PC match he allowing able Pacuess | 192168%30 and 10.1030 "your system suppors only 7 address at aime, use 192 168.X30 at his point. Netra 255.265,0.0 (both) Defaut Route | 1010.17.33 could vary between ste ‘Specific Licensing Steps 1. Cameco tps/192.168X.1. Tho systom ships witha self'signed SSLCentfeate. Ar aceeping the cee, login using the Usemame admin and password ofadmin Pret Enter orlick the Lag in ton 2. Af tbe system is unlicensed, you willbe in the Introduction to the Setup Ut. Ck Nexo continu. Then begin he licensing process y clickng Activate 3. Ifthe Base Registration Key fil is blank, ask the inrator wher to ind your eistation key. Generally it wl be in one ofthese latins Within ie on the studeat workstation such as RegKey liens on he desktop or within aliens folder + Ox.inthe license ile itself toward the bottom. The iene shoud be onthe desktop oF ina cose older, ‘Note: Systeme shipped diecty from FS manufacturing will have the registration Key in the {ie eont/RegKey leense, When this leis avaiable ahd formated propery, the setup ily wil pe-populate tne "Base Registration Key” eld wih your repisiaion key. 4. Wein te fst General Properties section, st the following vals Base Repisivalon Ke Eni Registaton Key fneeded Configuring BIG-IP GTM, Global Traffic Managertal ‘Ads.On Registration Key st [Leave Blank ‘Activation Method Select Manual ‘Outbound Interace This el is usualy not applicable for Note: Once "Mana is classroom labs, However ste as internet Selected ths option wil not be | access, the insbuetor may suggest using avatable Automatic registration 5. When complete lik Next 6. Within be second General Properties scton st the flowing values: Ragisvation Key agisvaton Key (Read Oni ‘Add-On Registration Key Ust | Read Only — Probably Blank Manual Method ‘Select the Download/Upload File buion coe Click the “Clk Here to Download Dossie™ button ang eave the dossior to the desktop, Hf your cassrocm has Internet access, you may Step 2: Licensing Sever | regenerate the teense. Alomately, move step 3. ‘Browse for your Hoonee; alter on two deshop, Step 3: Lcense a liconses folder, or a lecationspectod by the instuctr. 7. When comple, click Net ‘os, click Continue to view the deft provisioning settings and aus if desired, 9. ‘Thesceen shows asystem witha GIM license. Be sue to change GTM fiom “none” Nominal, Dediatd, oe Minimum will have no effet. 10, Click Nexto begin the Sep Uti End of Licensing t LET) System Configuring BIGP GTM, Global Tras ManagerIndialaion SNe Objective “+ Run the Setup Uliy and to configure sytem acess parameters ‘Estimated in for completion: 20 minutes Lab Requirements + Reschabe IP ress onthe management port 4 Valid License fo the BIG-1P GTM Systems 1 Adminsteaton system with an IP addres on the BIG-P GTM’s network ‘Setup Utility 1. Within the Geral Properties ction, specify the ollwing: ‘Managemeat Por Configuration | Manual IP Address 192.168 X31 Network Mase 255.255.0.0 Host Name. ‘im iraink com Host IP Astrea ‘Use Management Por IP Adaress Time Zone: ‘AmericafLos Angels Within the User Aaministration sexton, specify the following: ‘Root Azzount Password! ak Root Account Conf: 0b ‘Admin Account Password [admin ‘Admin Account Conf: minx. SSH Access Enabled ‘SSH IP Allew= Al Addreseas 2 Click Newt. 38 Aes tothe romp nsing you wil have to login again. Click OK "Note: You are setirg the password ofthe rot and adirin accounts, not creating now ‘Secounts. Tho lab sugges you change the admin password tom aan to aaminx 4 Login tothe stm ae user admin with password of minX. 5. Click inthe under Advanced Network Configuration, Create VLANs 1. Inthe Configuration Uiilty, navigate to Network» VLANs and then ick Create 2. Inthe General Properties section, specify the following ‘VLAN Nan ‘external ‘VLAN Tagi0 Leave lank (assigns Righest avaiable unused lag) 3. Inthe Resoues seston, specity the following Contiyting BIGAP GTM, Global Tra Menger235 4. Clisk Flashed, 5, Crete asecond VLAN, click Creat, 6. Inthe General Properties section, specif the allowing: VLANName: ‘internal VLAN Teg 10 Leave Blank (esigns Righest availabe unused Tag) 7. Inthe Resoures section, spect the following ‘Wove 1.2 from Available to Untag Click Finished Create Solf IP Addresses 1. Inthe Configuration Ui, navigate to Network » Self IPs and then cick Create 2. Inthe Configuration seton, specify the following: Name ‘Use sor ExternalS@ifP or 1010.33 IP Aacess 40.103 IP Netmask 255,255 0.0 VLAN Tunnel ‘xemal rt Lacksown ‘Allow Custom Guston List ‘Ade TOP 443 only Trae Goup ‘Accept Default Setngs 3. Click Pissed, 4 Create asscond Sel Padres, click Create 5. Inthe Configuration tion, pif the following: Name ‘Ube either internalSelfP or 172.163.93 IP AaeSS 216X383 IP Netnask 255.255 0.0, ‘VLAN Tunnel internal ost Locksown ‘Alow Dafauit rate Group ‘Aczwpt Daaull Sag 6 Click Finished Eres Mn me) Confguring BIC-IP GTM, Clebal Trae Manager6 Module 1 nstatation Configuration Utility Lab Objective + Acces both the Web Coniguration uty and Command Line (S system and gt fia wi tho incertace ‘Estimated ime fr compleion 10 minutes Lab Requirements ‘+ Seif? adress of he BIGAP sytem onthe external VLAN. CLL and GUT users and psswords forthe BIGP system Configure Address of Administrative System Sot Ensue the IP stings on your PC match he following able. TPAdgress | 192-168 30 and 10.10.X.0 "your system suppors only 7 adress ata time, use 10.10.30 at this point ‘etmek 255,285.00 (both) Defaut Rouls | 10.16.17.38 “could vary betwoon Stes ‘The Web Configuration Utilty 1. Open a bower window te hips 22 Accept the self signed SSL cerifete and login ss admin using the pasword set alee (ecdminX was suggested) 3. Note options availabe one Weleome pug such as DNS, NTP, resunning the Setup Usliy and inks to mates seta he product documentation, ASKFS, and DevCetal 4, Clik on the Network endnote paramere for Interaces, Sel ts nd VLAN. 10.X.3 to connect tothe Web Configution Us. ‘Command Line access (SSH) 1. Open an SSH sesion snap to connect the extemal IP Adres of your BIC-P system (04033). Some examples of SH Client are Pty, Teraterm, and SeeureC, 2. Notice that you are not abo acess your BIG-P stom. This is beause Port Lackdown, forthe extra ssifP adress wat sl TCP 443 only Acces fo ter ports prevented 3. From he web GUI soac Network /SeIf IPs andthe click the 10.0.X.3 sf P Adress. 4 Under Port Lackdewn /Castm List, click tho Port ado bute, enter 2 asthe pot click ‘Add. and thea click Update '5. Once port 22 has ben sed, you shoud be abet successfily use SS to atch fo your [BIG-P sytem, You maybe prompted to accept the SSH Key, dos, Login a aot using the password set are (rot was sugested). {6 Upompte for termi pe seat W100, 171. ner the following commands and compar to what you sain the Network section. Note: tmsh commands willbe clscussed moe in later modules. The joe parameter below allows ecroling (space ba) when command ouput is mere thn one screen Configuring BIG-IP GTM, Global Trafic ManagerModule 1 -Insalaton 447 neh shov /net vlan [nore Enon List /net ealf [more Verifying User Access 1. Open anew SSH sesion and attempt to Login a the admin user witha passwd of adn 2 From the Web Configuration uty sels System / Users ad then slet th ink forthe min ee, Change the Terminal Acces Advanced Shell ace, click Update ard thon tat SSH access withthe admin ser ID again, 5. Open broserto the GUI itrfice and ater ogni as ret, By dei, shold fi End of Configuration Utility Lab Configuration Backup Lab Saving a configuration 1. lathe Confguaion Ui, vipat Sytem » Archives, and then lik Crete. 2. Within the General Properties sto, pec the allowing Fle Name | Wain base Encryption | Disabled Private Keys | Include ‘Version BIG:P Varsion (ead ony) 3. Click Finished. Soon, an OK baton will appear. Click OK oc slat Archives agin, 4. Sclc traink_basees (he name isa lnk). Then click Dowalod to save copy to your Aeskop. There are pow two backups one onthe BIG-P sytem inthe /vaeeadues ‘dietary and one onthe desktop. ‘This bse conigraon wil be wd ler in hie coure ‘5. dosed, the es contents ean be viewed from the CLI of your BIG-IP stem, 1, Make anew directory forthislab: mkdir /var/tmp/test/ ', Change othe new dresiry: cd /var/tmp/test/ 4. Decompress the file and exact thei: Thereting fle show th directory stture andl files stored inthe le India Ges ean be viewed with en al, more and othe tol local /wes/'traink base cs traink_base.vce ovat traink base. ues Restore a Configuration 1. Inthe Coniguration Ut, navigate to System » Archives, Configuring BIG-1P GTM, Global Trafic Manager118 Module stataton 2. Select the file (the ie ares in to download 3. Chick Restore and thn click OK. Upload a Configuration 1. Inthe Configuration Utility navigate to Sytem» Archives Upload 2 Inthe Upload Configuration Areives sin, type the ene path and fle name, nding the es extension inthe Fils Name Hk Aleately, Browse fo th le lcation. Ifthe Hl tlrvdy exists onthe GTM sytem, you ean choos to overt. 21. Click Upload, The confguntion inthe specif ili loaded to the indicated locaton tmsh Commands To Save a Configuration: vemsh save /sys ues ‘The fle alocalues/ sce crete, To Restore» Configuration stmah load /ays vcr «filename “The coniguaton in the le /valoa/flname> sess loaded nko meray fie ele uration Backup Lab Configuring BIC-IP GTM, Global Tae ManagerModule t= neta BIG-IP Hardware Platforms Lesson Objective During ths leson, you lear bout the platform options fr BGP systems and how to assign an IP dace t the embudded Linx tem ued fo outa band management BIG-IP Hardware Platforms BICEP Systems optimize seer svalability and perfomance, csurng that pplication and servers respond ail wth the cor conen, BIGHP Sytens sit between cents and server, oninously monitoring sever nd network devices to ensue availa ad performance, and Airectng incoming queries tothe best server. Mulipi platforms ar available ft you tafe neds, Al platforms run the same sotware, but highe-nd platforms have more options an can suppor ‘more modules simultaneous Curent platforms include the VIPRION, 11000, $900, 6900, 600 ‘nd 1600. Those platforms al rpreseat years of esearch and developmen at FS Networks that as resto in bestof xed appleation management systems. Many sts wil eaatiue to we ope of FS [Network's second generatonsystems, inclaing the #800, 8400, 6800, 6400, 3400, and 1500, All ystems ar igh availabilty, itlget wali management products and include out of band ‘management, seal console aces and font panel LCD serens. All systems support inerated SSL (Gey nd blk enerypio) anc HTTP compression. Allston include gigabit Eiemet pots and ‘any elie LO gab por "Note: For ourent informatlon, got: tp 15.com! BIG-IP VIPRION® ‘VIPRION isthe fst Applicaion Delivery Conrller (ADC) that sales on demand. The F5 TMOS technology is sed to provide th highest evel of throghpst perfomance wd ansaction pe second available for BIG-1Ppltforms Instat of eding more devices in the network and Segmeating applications, each VIPRION platform is singe, powerful application delivery controller ‘with moduler performance Bde you can ad or remove wihaut srupting your ppicatons. The VIPRION system i aaiablein rec chass designs: the VIPRION 2400, VIPRION $400, and he VIRION 40, ‘+A filly loaded VIPRION 2400 system contains fou 2100 blades, with ach bade composed (ofa single quad core processor, 16 GB RAM. and ight 10 Gps ber (SFP) pots ‘+A fully loaded VIPRION $400 system contin four 200 blades, with each Bade composed (of? quadcore processor, 16 GB RAM, four 1010/1000 Mbps copper pos, ad eight 1000 Mops! Gops fiber SFP*) por. +All loaded VIPTION 4480 sytem contains four 430 blades, wth ech blade composed ‘tz nex core proceso, 48 GB RAM, eg 10/1001000 bps copes pots, and vo 30 ‘Gps ber (SFT) pur In aon, the 420 Bad isthe only Wade with a bardvare ‘compression o-procar BIG-P" 11000 Series ‘The 11000 comes wit symmetrical mutpocesing across twelve cores. It includes 1X lOgianbit, [tes prs. The 11000 sess pt 100,000 TRS of SSL encypion Duel power lade Configuring BIG-1P GTM, Global Trafic ManagerModule + [BIGAP® 6200 Series “The #900 comes wih symmetrical muliprocestngacos eight cores. Itinludes 16 gigabit copper pons upto SK, LX oF copper ports (4SX incladed in bse) and an option fr upto 2 10-ggnbe ‘Pons, The 900 supports ap 036,00 TPS of SSL eneryption. Du power i included IGP 6900 Series “The 6900 cms with ymmictricl malirocessng across fur crs. includes 16 gait copper there pons and up 8 SX, LX or copper ports (4 SX inl in base). The 600 support up to 25,000 TPSofSSL encryption. Dual powers included BIGAP® 3900 Series The 3900 comes with symmetical mulprocesing across four cores. It includes 8 gigabit copper poms and wpto4 SX, LX or copper ps. The 3900 supports upto 15,000 TPS of SSL enerypton ual poweris an option, BIGAP® 3500 Series “The 3600 cames with symmetrical mtiprocessing sro two crs. Include 8 gai copper pots and up to2 SX, LX or copper ports The 3600 supports up o 10,00 TPS of SSL encryption, ual powers an option. BIGAP® 1600 Series The 1600 comes with symetrisal mukprocesing sro two cores. It includes igbit copper ots and upto 2 SX, EX o copper ports. The 1600 suppor upto 5000 TFS of SL encryption. Dan powers an opin ‘Add-On Hardware ‘Redundant Power Supply Dual power supplies educ ny single point failure within the appliance. The 8900 and 6900 ators sip with al power supplies The S400, 600, 6400 and 3600 plaorms canbe ordered ‘with an aptnal Redundant Power Sup HTTP Compression “The 8900, (900, an $800 platforms inelude HTTP compression hardware The 8400, 6800, and (6400 can tae hardware compresron ned BIG. APs SSL Accelerator “The BIG-IF FlPs SSL. Aocclerator ea optional cad that can be aed to most BIGAP Systems. FIPS 140-1 evel validation allows for independently ceed sere management and storage of private keys. Italo allows for tampe-resistant secunty and holographic seals hat guard pains. physical sticks on your hardware apd indicates any amps at physica mperng. The IPs option ut be nse at hefty. Configuring BIC-IP GTM, Global Trae MonogorModu Switch Card Control Processor (SCCP) and Always On Management (AOM) ‘The SCCP and AOM are embeded Linx ystems and are dedicate separate systems hat provide lights out management and other supprug functions forth BIG-IP systems. The 11000, 8900, 600, 3600, nl 1600 have dhe AOM chip. The 880, 8400, 6800, 640, 3400 and 1500 have he SSCCP chip. Bath are accessed through a ddiated menu, ingalaion ‘Accessing SCCP or AOM from the console From a consol session, wheter not you are logged in, you can secs the ddd en 10 ‘manage tha sam and asign an IP ade, mask and gateway tothe syst, This should be dome {88 prof ay ntl nsalltion. To access the man press SC ross and eens the ESCape yan than pres he shi and 9 keys o produce ef parenthesis Either the SCCP menu will apps Scicc: tect subeyatem bect modes boot from local dr:ve Reboot Host subeysten (senda reboot commend) Bele Host aubeyetem (sends hale comand) feast Host subeyaten (Isuuee hardware reaet--USE (CTH CARE!) Reboot fete subsystem (ismues hardware Feast -Ust Wl CARE!) Hale cep subeyeren (Leouee hardware shutaow-USE WITH CARE!) fin GlG"TP installer (Lecuee hardware reset--USE MIH CARE!) (the AOM menu will appa: 3 2! boot ust aubeyatan (eende "ehoot comand) ReteC oat sbeybisn fasten Sandenre reeet"-0s unt ca) Sonor o£f fost supeyaven.[inaves hardware. shutdown "OSE WETH CARE!) dost plattore Snformeeion For both, ote N, to st the IP aes, i vale ony if onnete via sera console, Ise, the dress rast in the same network range athe management por ake. is best pace citer set the Fables of SCCP/AOM, ose Sra terminal, or both esis remote acces Sllble to the spem even while the oe eytem Belg updated or eo, Configuring BIGAP GTM, Global Trafic ManagerModule 4 Installation ISCCP / AOM IP Ac Objec Configure an Adress onthe SCP AOM {Reboot the ot (Linx and TMM) fom the SCCP / AOM Estimated Time 10 mites i} Configurati Ele) Note: This lab may vary per waning location. Ifyou donot have acces oa serial conscle, then you may already have an IP Address for your SCOP / AOM. Ask your intuctor for etais. If you are working on VE edton, the system wil not have ACM or SCCP. Adding an Address to SCCP /AOM 1. fyou have aosess to sera console ssion wih your BIG Syston, ton fom your seria comsle ssa, pe ESC ( Crooks opon.N, SCCP/ AOM network configurator For Use DHCP? Enter ® For Host an (options: press the Ener key ForiP addos(rogiral): 192.168:X.35 ‘Thi IP adres must be on hese networks the Management Pade For Network mask roquied): 285255.0.0 7. For Broadcast Padres (optional) pres the Hater key For Defoe gteway IP adress (optional): 192168201 9. ForNamesere Padres optional: press the Enter key Rebooting the Hest System from SCCP / AOM (Optional Note: Ifyou dont have access fo a sera console or SCCP / AOM, ast your instructor for aptons rebooting the Host System, ‘Open an SSH esi to SCCP / AOM at 192168.X.35 ‘When prompted, loan as rot wih password of rootX From the prompt, exter host.consh and then ESC (10 access the SCCP or AOM mem, Sele option, Coanet to Host subsystem console and press the Kater ey From the host prompt, enter BSC (1 acess the SCCP me apn Select to Rebsot Hos ubeystem (5 for SCCP and 2 for AOM) and ener ¥ when prompted, For AOM youare auomatcally coneced back tothe Host subsysten. For SCCP, set ‘option i Cones to Host ubsytem console an pres the Enter Key You will ow se the bos subsysten rebooting fom an SSH session and you shoud ot se your connestion End of SCCP / AOM IP Address Configuration Lab Configuring RIG.IP GTM, Gal Trafir ManagerModule 2 - DNS and GTM Systems The Domain Name System (DNS) Lesson Objective {Upon completion ofthis lesson, participants wil be ale o explain hw the Dorin Name System resales host nanes into IP addesses, DNS Overview ‘The ntret is collection of networks accessed through IP adresses. While the Pade scheme is functional, vas recognized very quickly hat naming scheme woud facilitate we. The solution is he Doman Name Sytem (DNS), dstbuted database that ansateshosmanes ao IP address snd vice vers, Additonal, DNS allows multe address o be asoiated witha given name. ‘When thins thecas, muti servers cach with unique adres, can host th sme wevie sn load trance cen reas aly inthe growth ofthe Intemet, name--addess esolton was managed by “oss files. Those textiles conse ts of IP addeses andthe names associated wih them. At an pot single ost ile was ust by thousands of wars arash Inert managed std updated bya single individ, Twoprblems with hie scheme became obvious. Fit confi occur. For example, two diffrent “Steve's” bot wanted thet IP adres asociated wth "Steve™ Sooodly, he owing umber of users made it aparet hat such a system would et sale well ‘The DNS that sud toy is distributed and hirrchical database. It is istibued across multiple systems with et managing portion ofthe database. The naming stir, where each mae his ‘altpe sections separated by prods (pronounced “do, ishiearchial. Names bain with the ‘ot epic information abd procsed tothe moet genera, For example, inthe mame sevecompany.con”,"steve™is the most specific, tea "compuny” ad ally "eo Names that se “Fully Qualified Domain Names” (FQDN) end with paid which ndeatss the topsmat eve ‘vitin the DNS database struct. The system has prover tobe an effvive method for name Tesston even the nee hs grown, ‘A subst ofthe DNS database i calla domain, Within each domain, servers ae configured with ‘owe a zane Bes. A given DNS sever wil havea copy of ils own zne files and ypically Know howto get to ede server. Wana DNS server wishes o resolve names in ther 20s, pill Send res o"70t server, he serves at are espnsible fo he top mast evel zoe: the" Local DNS Servers (LDNS) Usaly DNSserveri placed on he network to which your pertonal computers tached, aking the DNS SererToel” ta you IFyoi acces the Item trough an Internet Seve Prvidr (SP), ost ily you ISP maintains a DNS serve. Likewise, most basinesss that are age enough have ther own formation Technology (7) department probably maintain a DNS sve. ‘rational GTM implementation do nt configure GTM a he organizations LDNS, GTM ads ineligence to sandard DNS queries and ensres tht end wer ar set toa site ha is availble nd provides the bet response. GTM's unique ineligene ean examine the health of dt ees, the network, andthe geography of users, and thea diet tafe based on customizable snes rls. Configuring BIGAP GTM, Global Trafic Manager22. Module 2— ONS Overview Whenever 2 GTM receives a DNS query it assume itis coming from a LDNS. LDNS's are the GTM. syst “custom” End users ypialy sed thir queries fo thir LDNS an the LDNS proxis the “equal o ote stems including GTM systems. Because ofthis, GTM typically does nat ‘Somnath theulmate ester. When a GTM System measures response times between ‘Jour server and jour customer it ctualy measures response Ue rom you aa centers tothe EDNS systoms ‘The DNS Hierarchy “The inte is rio int groups of ministre units cllod domains. Domains ae organized in ‘erarchialsnctre ended bythe wot” domsin. The second level include are organization ‘ypes such asco, ed go org, te. Levels are pall separated eo subdemains with each [eve boing separated by a period. Fr example, in the” om domain, (com isa subdonan, ‘Mull eels ae supported 1 com might have subomains suchas tech 5.com and seveteeh com, Configuring RIG.IP GTM, Glohal Tear Manager29 Zones teach domsin evs, administrators choose how a domain organized. The acta databace ies that DNS is based on are defined fora single one. Azone isa well ined portion of «domain Configuring BIG-IP GTM, Global Traffic Manager24 Module 2 The Name Resolution Process Lesson Objective ‘Upon completion ofthis module, pariciants wil be bl to explain the steps involved inthe name reelsion proces an how Local DNS serters(LDNS), eit DNS Severs, ame servers, and Foot servers ac in this process, Example Name Resolution [Name resolution involves multiple tps but il very quick. ‘Typically, resolutions are competed ‘less han half second, The scp elow lsat a simplified example 1. Acie enters the name wo. S.om in @ bowser 2. Thectiet syst sends a DNS query tits DNS server, known is Local DNS (LDN). 3. The LDNS send the sme query o one or more rot servers 4._Aoot server responds withthe IP arses for com mune server 5. The LDNS sens the same query to one or mor ofthe. om name serves. 6, A.comname server esponds withthe IP adesses ofthe [5 com name serves. 11 TheLDNS send the same query to one or more of the (5.com ame Servers An S.om ame server responds wih an A rsord (an IP aes) for wor 15.com, ‘Nola: The com server may delogao to el anciher level of name servers oF may respond the name does not exist inthe zon 9, The LDNS cates this Padres and sends ito the lent da made he request. 10, The client connects tothe I addres supplied bythe LDNS. Configuring BIG-IP GTM, Gobal Trafic ManagerModule 2- DNS Overview 25 Caching and Time-To-Live Values When a name server receives a respons, it aches th answer fran amount of ie specified by the ‘Time-o-Live (TTL) value. Ihe cents cod requests tothe ae sever before the TTL has expired, te LDNS server will answer del. The Se ofthe TTL can impact cent aces to {ofl s large TTL would prevent cents fom acoesing an altemat server ul th TTL exited DNS and GTM System Options Lesson Objective Upon competion of thi lesson, paisipants wl be het ist the most cmon implerentton of (GTM systems and yore of ter advantages and duabvaniages. DNS Servers “Many systems provide DNS services. Many ae hast on recent versions of BIND. Additionally, any sites use Microuo®t DNS services. BIND is toon most UNIX ates and the more prevalent choice over while Microsoft DNS is used in many Window envionment, DNS Server Implementation Limitations nile bod BIND and Micoso DNS are functional. they have inttions. Fas, BIND fle re prone o eding eves. The more significant instars become issues when mule esses are ‘Ssoeated with single ame In his sitution the sme seve might be availble at vrious sites ‘sound the Interet. As long as all he sites ae work chet shoud beable to et their conen Butta sit fa, both BIND and Micrsof! DNS wil continue to resolve DNS queries ott P dress. Even al site are working, what woul th desired result be fall the serves are working, tutsome working beter than ots? What al the servers ar working, bt th network latency saris acween testes? What fall the servers ae working, butte adminsratrs would ke eens {ose some servers more thin ler or some serve exchasively? For each of thee snuaons, BIND and Mieroeot DNS wil esnve the adresesin round robin ahion. Thee re the Kind of issues the GTM System s designed to resolve GTM Advantages GTM uses is knowledge of your environment tain making name elton decison. Fis, {GTM will determine which addresses are working opty. If esd, GTM ean compare the ‘response time betwoen your customers and your arous datacenters. Using hese otic, GTM will ‘hows thebestof th valle virual server and rove the name request oat IP addres. This ie known a inteligent DNS Configuring BIGAP GTM, Global Trafic Manager26. Mocule 2 - ONS Oveniow: (GTM and Intelligent Name Resolution “The ftlorng proces tram explains ow a GTM system improves the DNS query esltion proces for inte client outside your orgnaton, 1. ellen enters the nme www 15.com in a browse, ‘The cet sytem sends a DNS query tits Local DNS (LDNS), ‘The LDNS sends the sme query o one oF more rot ser. A root server responds wih the IP addresses for com name Severs ‘A com ame sever esponds wth the IP adress of he GTM System, The LDNS sends the query tothe GTM system. ‘The GTM System determines the best DNS answer and send that ansner back othe equsing cet’ LDNS saree 9, The LDNS caches this IP aos nd sends io then that made roqust 10. The cliet comnts to the Paes supplied by the LDNS, 2 x '.TheLLDNS sends the same query to one or mor ofthe om name ere. 6 1 8 Configuring BIG-IP GTM, Global Taffe ManagerNS Overview: 24 GTM as the LDNS Server The folowing proces diagram explins how a GTM system improve the DNS query reoton| process for nem sents nie your organization, 1. An internaclient estes the name wor 15cm ina browser 2. Thectient ster sends a DNS query for an nee st outsde ther loa organization tits local GTM system, now ating asthe lal DNS (LDNS) seve. $4.The GTM sistem acting asthe LDNS resolves the quay by any al or &combinstion of ‘meas, nceing + Local BIND {Stara DNS service. + DNS Exprese 9. The GTM System reeves answer, caches the answer, and sends the answer back tthe requesting cent 10, The client connects tthe Pads, Confauring BISP GTM, Global Taff ManagerResolution Diagnostic Tools Lesson Objective ‘Upon compiston ofthis modal, pariianis willbe able wo us lipo methods oresaving host ‘names and IP aeses ing any valle name server Host Name Resolution Tools Witter are many toos that can be used to est DNS serves, the two most common ate dig and rslockup + Sg (Dormia Infomation Gre ‘+ -melookup (Name Serer Look Up). commandline too or querying DNS name servers coats a DNS lookup and displays the Stowers etumed from the quened DNS name server digi lesb easy to use, and the output is ‘ily understood. Version are availble footer operating system ineloing Windows. You my ‘owt dowload and est dig fom the Internet hit search "ig for Windows"), Using aig General Syntax for dig: ig (@ServerP) (x IP Ades Host Name) ‘Nove: The 5 in his case sw dig option, nal he number you sialon Fist dg Example: >aig ww. £5.com Second dig Example: sig“ 207.155.208.23 lage: qr rd ra) QUERY: 2, ANGWER: 1, AUTHORETY: 0, ADDITIONAL: © Configuring BIGP GTM, Gobal Trafic Manager29 _shookyp is Windows command tne uty, But aversion sal available on UNIX/LINUX Stems It provides sia functionality to dig Nslookyp can perform a varity of nae resolution ‘ass inctuding name resoluonaddes resolution aka inverse solution and Suppor using somate name servers ‘slookup has two modes: interactive and non-interactive. Non iterative mes wed fr single {uere Ithe sums resolution is going tobe prfoonedmulploties, poner ode ‘ombined with command history (sing the wpa ope te st command) works eet nslookup nslookup where: toe inthe host name eave oan IP ae. Examples: tn interactive mode adtonal options ar avilable. Far example, the “server” option allows the ero specify anslienate name server and the “dcug” option yields adinonal etal including the limetodve (TTL). eiookup center> > server <1P of servers 2 Ghosts or or cexit> whee:

isthe host ame to eslve oan IP ress, - isthe IP addres tobe resolved oa hot mae. exit ets nstookups iterative made xamples: nelootaup > server 172.16.2.2 > we. £5.c0m Server: ne1.t5.com Non-authoritative answer: ‘same: wow f5.com Addressee: 2001:19b8;102:2::£5€518 Configuring BIGAP GTM, Glbal Trafic Manager20 Module 2= DNS Oveniw Contiyuriny BIGAP OTM, Gobel Traffic MonagerModule 3 - Accelerated DNS Resolutions Global Traffic Manager and DNS Resolutions Lesson Objective Upon completion of this module, participants willbe able to explain the diferent methods that GTM case to resolve DNS qs. GTM Resolution Options [When a DNS query is metved by GTM syste, ther ar several ferent methods that may be sed to esolve cach uy. Mos importantly, or any ofthe GTM advanced DNS faust be involved inthe resolute, te query must arive on the system destined ta Lister. A GTM istener is special objet on the BIG 1P GTM ster hat ean ‘+ Resolve DNS solos intelligently 1 Accelerste DNS resolutions ‘Ad security aud sgn responses according to the specification of DNSSEC. Intelligent DNS Resolution ‘Whe a queyarves on tbe GTM systom, andthe quis adresse fer a GTM Listener, an the nam beng resolved isa Wide IP, the GTM sya wil esole the query othe ext addres ated ‘on multiple parameters. These parameters ince various network matics, server mre, and st Specie ply ehoies, Discusion of iteligen DNS resolution and Wide IPs sin inte mode, ‘Accelerated DNS Resolution ‘Two GTM features arava lp sale DNS resolutions hosted on standard DNS systems (Goch a those inning IND). + Configuring GTM Listener nd associating with a ool of DNS serves. + Configaring DNS Express, new featur in BIG-IP GTM versions I GTM systems can acccate DNS query resolutions by defining groups of DNS servers, called pools (onthe BIG-P system, and associate such pools with GTM Listener When the DNS query ares estiaed othe Listener, the query load alncedseros the pool of DNS servers. This ecnigue allows the DNS sructreto sale based on the number of DNS resolutions being processed As moe ‘queries ae processed ional backend DNS servers canbe aed. In ato, the GTM system ‘an ure Monitors sa method to ensure the DNS sorver are working propery. Defining 8 poo of [DNS servers to resolveDNS qurys was made avaiable in version 10.2 of BIG-P GTM. Fr those familar with the Local Traffic Manage (LTM) produc this isthe kind of rocessng typically performed by LTM syste. “Te second acceleration technique, called DNS Express new in GTM version 11.0. When DNS Expres is configured GTM sytem ats ea secondary DNS server and requ a zone transfer froma primary DNS server. The GTM thea resolves ques diel Performance on GTM Stems ‘with DNS Expres canbe measured by handling hunarecs of thousands of requis per second. When DNS Expres ig used te primary servers need pall zone transfert the GTM system at send notes othe GTM stem when changes have been made. Additionally, the DNS system ean be Coafguring RIG-IP GTM, Glohal Trafic Managera fonda = cclute DS Rsssion ‘configured with TSIG (Transaction SiGnature, defined in RFC 2845) keys so that the GTM system be sienna Pe ramate ONS Resolution . Finally, if a query arrives on a GTM system destined to a Listener but itis NOT: wo 1 anges iP ae 2. Atnpag ee neta coi ON ge 3 oslo s sero! ihe of DNS eee Theorem beat stand DNS Se ein the query adessdto a GTM Liter an ifthe Lstne's DNS profile hs loa BIND suppor ‘rable the query is forwarded tote BIND instance running on he GTM system. Ifthe Listener's DDNS profile doesnot have teal BIND supprt cabled and the Listener's ares sot wl IP on the GTM system, the query ea be forwarded tthe remote stem that hosts hat IP adres. At that oi, resolution is determined bythe configuration oa that standard DNS sytem. Note: if@ DNS query arives on a GTM system tha snot destined fre Listner adcress butis destined fora sl that has port UDP 53 unlocked, tne quory wil be processed by the instance of BIND running on the GTM systom. Cunfigriny BIG-IP GTM. Global Talc ManagerModule 5 — Accelerated DNS Resolutions Hierarchy of Options Flow Chart “The resolutions options discussed above he following How chart, owniene CConfluring BIG.IP GTM, Global Trafle Managera edule 3 — Accelerated DNS Resolutions GTM Listeners Lesson Objective {pon completion of hs mad, paricipns wil be blo configure Hien on OTM Systems Overview The features of the GTM system ae acest through it listener. A Listener an object that “sen for DNS ques tan Padre and pot 3, The reqs canbe prosesod many Ways Listener Options Most fon, Litsnar mash he elf Padres ofthe GTM syst, In general hare ar four (ort cenatioe ta could determine an approprnte Listener adress ‘Stand Alone System — Local Resolution In this sition, the Listener pically matches a ef 4P ofthe GTM sytem, Redundant Pair - Local Resolution This sation could have two options ~ the Listener could math a oating self Por 3 nonostng seiGIP. The Listener ould match Neti CP if you only wanted system that eure ods that Padres o answer ques. Upgrade re case wen this choice is made. Altera, the {istener shuld match te non floating ress i you wat both GTM systems to answer qetes or ‘when only one BIC-IP ie Heensed for GTM. Note hat oly one af the paris icesed for GTN, ‘both shouldbe provisioned for GTM. Forwarding Queries to Other DNS Systems Inti stustion, ithe Listeners associated with pool of DNS servers the Listener could match 2 Sie Por bea virtual IP onthe GTMaysem. I he Listener dos not haves pool, the Listen should Ich the dress ofthe Other DNS system and that Listener's DNS profile should have he “Use BIND serer on BIG-1 opson” unchecked. Anycast Listeners. ithe GTM systems have the rstng module available, you can use the same Listener adres ot ‘multiple GTM systems, The eddess most ot be ae of any of he systens and woud ood be ‘veto wth the BIG-P routing made. The roting module is optional with GTM on 1600's 5900's and is included in higher ystems. Configuring Listeners “Typical Listners have foursetings: their Padres, the VLANs) fr which the are enabled, he protocol, and wether the objets enabled, In alm al eases, only the IP is Set. The other opt ons ‘Se eflatthr defauls. For GTM to resovea Wide IP, the query mst ative destined toa Lister's IP sess, pot, protcol and emus ave on a VLAN where the seers esble Configuring RIG-IP GTM, GlohalTeaffie Manager