Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • f5 101 Study Notes

    Enviado por

    Kishore Kumar
    868 visualizações7 páginas
    f5 101 Study Notes

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    f5 101 Study Notes

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    868 visualizações7 páginas

    f5 101 Study Notes

    Enviado por

    Kishore Kumar
    f5 101 Study Notes

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 7

    2/8/2015

    https://cld.pt/dl/download/9732dc58110448e08c2032722ca82a1d/Start.with.BIGIP.txt

    ApplicationSecurityManager(ASM)
    AccessPolicyManager(APM)

    PolicyBasedCOntrol

    SSLVPN

    Authentication

    SingleSignon
    GlobalTrafficManager(GTM)
    BIGIPFullProxyArchitecture
    Encrypt>unencrypt
    compressed>uncompressed
    ipv6>ipv4

    TMOSOperatingSystemfromF5
    FRomLCDyoucan:
    ClearAlarms
    Reloaddevice
    ConfigManagementNetwork
    GUIUtility
    SelfIP
    ManagementIP
    TMOSshell(tmsh)
    SetupBIGIP
    DefaultIPAddress192.168.1.245/24becausehexadecimalofF5is245
    ActivateBIGIPLicencehttps://activate.f5.com
    Steps:
    Generatedossier
    senddosssiertoF5licenseserver
    Generatelicence
    BringlicensebacktoBIGIP
    FinishlicensingprocessonBIGIP
    ProcessofLicensingcanbeAutomaticorManual
    ProvisioningLevels
    Nominal(recommended)
    Allocateonlywhatsneededtoenablemodulefunctions
    Allocateadditionalasneededduringoperation
    Minimum
    Allocateonlywhatsneededtoenablemodulefunctions
    Noadditionalresources
    Dedicated
    Takeeverything
    Onemoduleonly
    InstallingaDeviceCertificate
    Usedforadministrativetasksandintersystemcommunications
    BIGIPselfsignedcertificate(default)
    ImportCAsignedcertificate(optional)
    Storeceriticateon/config/httpd/conf/ssl.crt/server.crt
    data:text/htmlcharset=utf8,%3Cpre%20style%3D%22color%3A%20rgb(0%2C%200%2C%200)%3B%20fontstyle%3A%20normal%3B%20fontvariant%3A

    1/7

    2/8/2015

    https://cld.pt/dl/download/9732dc58110448e08c2032722ca82a1d/Start.with.BIGIP.txt

    Rootaccount,noGUIaccess(onlyCLI)andisnotpossibleenableit
    Adminaccount,noCLIaccessbutispossibleenableit
    Thisbothaccountscannotbedisabe
    (ONCLI)
    username:root
    password:default
    (ONGUI)
    username:admin
    password:admin
    Usethecommandconfigtosetupthemanagementnetwork
    tmshlistsysmanagementip
    (tmos)#save/sysucstrain1_base.ucs
    Storeon/var/local/ucs
    TheUCSfilehas:
    ALLBIGIPspecificconfigfiles
    Porductlicences
    useraccounts/passwords
    DNSzonefiles&ZoneRunnerconfig
    SSLcertificatesandkeys
    Rollingarchives,configbeforeapplyanewconfig
    cs_backup.ucs
    cs_backup_rotate.ucs
    Allowcheckissues,defects,bestpractises
    https://ihealth.f5.com
    NecessarytogenerateQKViewFile
    BIGIPPart2ApplicationDelivery
    VirtualServer(VIP)
    http_poolpoolofservers
    AFullProxyArchitecture
    Separateclientandserverconnections
    CLIENTSYN>SYN_ACK>ACKVIRTUALSERVER
    CLIENTHTTP_GET
    SYN>SYN_ACK>ACKandHTTP_GET(totherealserver)
    HTTP_RESPONSE(fromrealservertotheclient)
    LoadBalacingMethods
    Homogeneouspool
    NonHomogeneouspooldiferentserverswithdiferentcapacity
    Methods:
    Static:predefineddistributionpattern
    data:text/htmlcharset=utf8,%3Cpre%20style%3D%22color%3A%20rgb(0%2C%200%2C%200)%3B%20fontstyle%3A%20normal%3B%20fontvariant%3A

    2/7

    2/8/2015

    https://cld.pt/dl/download/9732dc58110448e08c2032722ca82a1d/Start.with.BIGIP.txt

    Dynamic:Observesruntimeenvironment
    adjustdistributionpattern"onthefly"
    RoundRobindefaultloadbalancing
    Stillexistsloadbalacingevenstatusofpoolisunknown
    StatisticsModuleStatisticsLocalTrafficPools/Virtualservers
    SourceNATTranslation(SNAT)
    YoucanuseAutoMAP,thisusetheFloatingSelfIPoftheinterface
    TheSNATisconfiguredinvirtualserversettings
    MethodsofHealthMonitoring
    Address/ServiceexampleICMP,TCPecho
    ContentCheckMonitorexampleHTTP,HTTPS
    ApplicationCheckMonitorexampleFTP
    PathCheckMonitorexampleGatewayICMP
    ConstructingHTTPMonitoring

    ApplicationSpecific

    ispossibleuseregularexpressions
    BehaviourswithProfiles

    ProfileParentChildRelationshipandInheritanceDefaultProfile
    Parent>ChildInheritbutispossiblecustomizeorcreateacustomprofile
    ProfileDependencies
    AllVShaveaLayer4profile(defaultisTCP)
    Someprofilesdependonothersbutsomeprofilesaremuttualyexclusive
    ClientSSLProfile
    ServerSSLProfile
    System>FileManagement>SSLCertificateList
    ****LTMPart1HighAvailabilityandTrafficProcessing****
    DeviceServiceClustering(DSC)
    Devicetrustbasedonmutuallyauthentication(digitalcertificates)
    syncfailover
    synconlydonotprocessingfailoverdata
    DevicetrustDevicesthattrustoneanother
    Devicegroupmultipledevicesthattrusteachotherandcansynchronizeconfigdatawithand
    failovertooneanother
    Onversion11.xadevicegroupcanhaveuntil8BIGIP
    TrafficFroupsandConfigSync
    data:text/htmlcharset=utf8,%3Cpre%20style%3D%22color%3A%20rgb(0%2C%200%2C%200)%3B%20fontstyle%3A%20normal%3B%20fontvariant%3A

    3/7

    2/8/2015

    https://cld.pt/dl/download/9732dc58110448e08c2032722ca82a1d/Start.with.BIGIP.txt

    Trafficgrouprelatedconfigobjectthatproccessparticularapplicationtraffic
    ConfigSynctheprocessofsynchronizationconfigdata(virtualservers,pools,monitors,
    profiles,....)betweendevicesinadevicegroup
    TheHAusestheSelfIPandnottheFloatingSelfIP
    UseNTP,andavalidcertificatetoestablishHAcorrectly
    LoadBalancingMethods
    Static:

    RoundRobin(default)

    Ratio
    Dynamic:

    LeastConnections

    WeightedLeastConnections

    Fastest

    Observed

    Predictive

    DynamicRatio

    LeastSessions
    Failuremechanisms:

    PriorityBasedMemeberActivation

    FallbackHost
    Theratio3receives3morerequeststhanaRatio1
    Ratio(member)andRatio(node)
    Ratio1
    Ratio2
    Ratio3
    PriorityBasedMemberactivation
    poolRatio(member)
    Prioritygroup
    Prioritygroupactivation
    Thinkingin3PriorityGroups,withratio331
    SpecifyingthePriorityGroupActivaiton<2meansthegroupwithlessprioritywillbeused
    onlyifoneofthegroupfails
    ****Module3DirectingTrafficwithiRules*****
    AfeweventsiniRules:
    CLIENT_ACCEPTED
    SERVER_CONNECTED
    SERVER_DATA
    iRulesConstruct
    OPerators==<>starts_withcontainsends_with
    Functionsfindstrgetfieldsubstr
    Statementsif,switch,log,pool
    CommandsHTTP::uriHTTP::headerAES::encryptSIP::call_id
    https://devcentral.f5.com/login?returnurl=%2fwiki%2firules.homepage.ashx
    https://devcentral.f5.com/d/tag/irules%20editor
    data:text/htmlcharset=utf8,%3Cpre%20style%3D%22color%3A%20rgb(0%2C%200%2C%200)%3B%20fontstyle%3A%20normal%3B%20fontvariant%3A

    4/7

    2/8/2015

    https://cld.pt/dl/download/9732dc58110448e08c2032722ca82a1d/Start.with.BIGIP.txt

    iRulesSyntax
    whenCLIENT_ACCEPTED{

    if{[[IP::remote_address]starts_with"10."]}{

    poolten_pool

    }else{

    poolcustomer_pool

    }
    }
    iRulebasedonaHeader
    whenHTTP_REQUEST{

    switch[stringtolower[substr[stringtrimleft[HTTP::headerAcceptLanguage]]02]]
    {

    "fr"{poolhttp_fr_pool}

    "jp"{poolhttp_jp_pool}

    default{poolhttp_pool}

    }
    }
    ToapplyaiRulethevirtualserverrequiresaHTTPProfileashttp,afterconfigtheprofile
    gotoresourcesandapplutheirulecreatedbefore
    ****Module4AcceleratingTraffic****
    LeveragingOneConnect
    OnceaclientconnectedtheBIGIPkeepaConnectionreusepooltousefromthesameclientor
    otherclientstoconnecttothesameserverwithaopenedconnection
    OptionunderLocalTraffic>Profiles:Services:HTTP
    SourceMaskdetermineseligibilityforreusingandopen/idleconnection,thevalue0.0.0.0
    meansallclientscanreusethesameconnection.And255.255.255.255onlythesameclientis
    abletoreusetheconnectionopened
    MaximumSizeMaxconnsheldinConnectionreusepool,ifthemaximumisreached,theBIGIP
    systemwillcloseaserversideconnectionaftertheresponseisreceived
    MaximumAgeMaxtimeaconnecitoncanstayopenANDidle
    Maximumreusemaximumnumberoftimesaconnectioncanbereused
    ****GettingStartedwithBIGIPAccessPolicyManager(APM)****
    WhatisaBIGIPAPM
    RemoteAccessSolution
    NetworkAccessSSLVN
    PortalAccessreverseProxyWebApplications
    ApplicationsAccessSingleApplicationTunnelincludingRemoteDesktop
    PolicyEnforcementPoint
    AuthenticationandAuthorization
    EndpointInspection
    AccessControlLists
    DynamicResourceAssignment(perUserorGroupBasis)
    SingleSignon(includeOAM,KerberosandSAML)
    data:text/htmlcharset=utf8,%3Cpre%20style%3D%22color%3A%20rgb(0%2C%200%2C%200)%3B%20fontstyle%3A%20normal%3B%20fontvariant%3A

    5/7

    2/8/2015

    https://cld.pt/dl/download/9732dc58110448e08c2032722ca82a1d/Start.with.BIGIP.txt

    PolicyenforcementonLTMusingAPM
    ProfilesrequiredtoimplementAPM:TCP,ClientSSL,HTTP,ServerSSL,Access
    LookslikeaFlowchartconfiguringaAPM
    ConfigFullWebTop
    Config

    HTTPBasics
    StatusCodes
    100Informational
    200Success
    300Redirection(301MovedPermanently)
    400ClientErrors(400Badrequests,401NotAuthorized,402Notfound)
    500ServerErrors(500InternalServerError,505HTTPVersionUnsupported)
    ResponseHeaders
    ServerandContentFormatInformation
    Age
    ETag
    Location
    Server
    EntityHeaders
    Contentinformation
    ContentLength
    ContentEncoding
    ContentType
    LastModified
    ProcessExamples
    Caching
    ContentTransferCompletion
    Caching
    CachingModels:
    Expiration>ReducesRequests
    Validation>Reducescontenttransfer
    CacheExpiration
    ReducesRequests
    Example:
    ExpiresTues13Feb200713:00:00GMT
    CacheControl:maxage3600
    CacheValidation
    ReducesContentTransfer
    304NotModifiedStatusCodes
    Example:
    EtagandIfNoneMatch
    LastModifiedandIfModifiedSince
    Whenclientreceives304codeusetheobjectinlocalcache
    data:text/htmlcharset=utf8,%3Cpre%20style%3D%22color%3A%20rgb(0%2C%200%2C%200)%3B%20fontstyle%3A%20normal%3B%20fontvariant%3A

    6/7

    2/8/2015

    https://cld.pt/dl/download/9732dc58110448e08c2032722ca82a1d/Start.with.BIGIP.txt

    ContentTransferCompletion
    VIPRIONBasics
    Failovercanbedoneusingunicastormulticast.Canbespecifiedaminimumnumberofblades
    todoafailover
    Mirroringcanbedoneinsamecluster,cloneallsessionstatetootherblade.Andbetween
    clusters,mirroringsesseionstatetoapeer
    VirtualClusteredMultiProcessing(vCMP)aclusterofvirtualmachinesrunningTMOSis
    calledavCMPguest
    ImportantVIPRIONcommands
    Bladectlallowauserremotelyperformsimpletasks(likerebootablade,connecttoconsole
    ports)inotherbladesinaVIPRIONchassis
    clshallowausertoexecutethecommandoneveryactiveblade,userclshcommandasa
    prefixtothebeginningosanothercommand
    tmsh/sysvcmp
    tmsh/sysclustermodifytheconfioftheprimarybladeinacluster,thesystemwill
    propagateallchangestotheotherbladesinthecluster(knownasclustersynchronization)
    TroubleshootingBasics
    EndUSerDiagnostics(EUD)
    AccessedviaGRUB
    VIPRIONSpecifictests:Clustering,Hardwareproblems
    TwoVIPRIONEUDBranches
    EUD_V(VIPRION4000)
    EUD_S(VIPRION2000)
    !!!!Warning!!!!
    DonorunitinaproductionEnvironment
    Removeallbladesfromchassis
    RunEUDdirectlyonbladebeingtested
    OutofBandManagement
    LightsOutProcessor(LOP)VIPRION2000Series
    SerialPortRedirector(SPR)VIPRION4000Series
    invokeLOP/SPRattheconsolewithEscthenShift+(9

    data:text/htmlcharset=utf8,%3Cpre%20style%3D%22color%3A%20rgb(0%2C%200%2C%200)%3B%20fontstyle%3A%20normal%3B%20fontvariant%3A

    7/7

    Você também pode gostar