F5 101(2)

Study this set online at: http://www.cram.com/ashcards/f5-1012-4973187

LTM

Local Trac Manager

Full proxy between users and application servers. Creates a layer o
f abstraction to secure, optimize, and load balance application tra
c.

GTM

Global Trac Manager

Automatically routes connections to the closest or best performing
data center in the event of an outage, overload, or other disruption
.

APM

Access Policy Manager

Provides secure, context-aware , and policy-based access control. It
centralizes and simplies AAA management directly on the BIG-IP s
ystem

ASM

Advanced web application rewall that protects critical applications

and their data by defending against application specic attacks that
bypass conventional rewalls

Edge Gateway

Provides SSL VPN remote access security with applications accelera

tion and optimization services at the edge of the network.

Link Controller

Prevents costly downtime due to ISP problems or other link failures

by autmatically switching trac to alternate ISP connections and en
suring use of the fastest available connection

WOM

WAN optimization Manager

Overcomes network and application issues on the WAN to ensure th
at application performance, data replication, and disaster recovery
requirements are met.

WebAccelerator

Give your users an instant improvement in web application perform

ance ad helps reduce costs. By ooading your network and server
s, BIG-IP WEBaccelerator decreases your spending on additional ba
ndwidth and new hardware

F5 101(2)
Study this set online at: http://www.cram.com/ashcards/f5-1012-4973187

ARX Series

Evnable you to dramatically simplify data management and reduce

storage costs.
File virtualization results in dramatic improvement in cost,agility an
d business eciency

FirePass

Allows users secure access from anywhere they have an Internet c

onnection, while Firepass ensures that connected computers are full
y patched and protefcted

4 LTM inital set up steps

1. Setup MGMT port IP address via cong utility

2. License the system through web interface
3. Run the setup utility

Default ltm MGMT port IP address?

192.168.1.245

To gain a license, you need to use your registration key to generag

e what?

a Dossier and them present the dossier to the license server

Base registration key is how many characters?

27

Systems are shipped with your registration key where?

/cong/RegKey.license

After generating the dossier, what is it names and where is it locat

ed?

/cong/bigip.license

F5 101(2)
Study this set online at: http://www.cram.com/ashcards/f5-1012-4973187

Dedicated

designed for situations wher eonyl one module is functional on the s

ystem, such as GTM

Moninal

Gives the module its minimun functional resources and distributes a

dditional resources to the module if they are available.

Minimum

Give the module minimum functional resources and distributes addi

tional resources to other modules.

None

Designed for situation where another module need dedicated acces

s to resources

Lite

Available for selected modules granting limited feartures for trials

Setup Utility includes the following:

Self-IP Addresses and Netmasks for VLANS

Assign interfaces to VLANs
IP address of the default route
root password for cli
admin password for gui
ip address allowed for ssh

Administrative IP access Files:

/etc/hsots.allow

Interface and conguration les:

/cong/bigip.conf
/cong/bigip_base.conf
/cong/BigDB.dat

F5 101(2)
Study this set online at: http://www.cram.com/ashcards/f5-1012-4973187

Default terminal settings for console access..

8-N-1 19,200 bps

File extension for backups

*.ucs

pool members are?

each of the actual servers used for client trac.

includes and IP address and port

The devices represented by the IP addreses of pool membera are c

alled what?

Nodes -- they may represent multiple pool members

A pool is what?

A group of pool members.

system logs

/var/log/messages

packet lter logs

/var/log/pktlter

local trac logs

/var/log/ltm

F5 101(2)
Study this set online at: http://www.cram.com/ashcards/f5-1012-4973187

audit logs

Displays system conguration chagnes by user ad time.

A Full proxy maintains how many session tables?

bugger-and-stitch- methodology

Proxy buers a connection, often through the TCP handshake proce

ss and potentially into the rst few packets of application data, but
then stitches a connection to a given server on the back-end using
either layer 4 or layer 7 data.

DSR

Direct Server Return

Requests are proxied by the deice, but the responses do not return
through the device. Known as a half proxy because only half the co
nnection is proxied.

what is a proxy-based design

A ll proxy completely understand the protocols, and is itself an en

dpoint and an originator for the protocols. The connections between
a client and the full proxy is fully independent of the connection bet
ween the full proxy and the server.

iRules

scripts created using TCL with custom F5 extensions that enables us

ers to create unique functions triggered from TMOS events.

Single Device HA

-Core services being up and running on that device

-VLANs being able to send and receive trac

Redundant system conguration HA

Core system services being up and running on one of the two BIP-IP
systems
Connection being available between the BIP-IP system and a pool of
routers, and VLANS on the system being able to send and receive tr
ac.

F5 101(2)
Study this set online at: http://www.cram.com/ashcards/f5-1012-4973187

Hard-wired failover

you enable failover by using a failover cable to physically connect t

he two dedundant units
default setting

Network Failover

Enable failover by conguring redundant system to use the network

to determine the statuc of the active unit.

what is CongSync

a process where you replicate one units main cong le on the peer
unit.

What does SNAT do?

Secure Network Address Translation

maps the source client IP in a request to a translation address den
ed on the BIG-IP device

what is Intelligent SNAT

the mapping of one or more original client IP address to a translatio

n address. However, you impliment this type of SNAT mapping withi
n an iRule
Can be based on any piece of packet data you speciy

how to monitor the number of concurrent connections going throug

h the SNAT?

tmsh show /ltm snat

Auto Last Hop

Is a global setting that is used to track the source MAC address of i

ncoming connections.
Allows the BIG-IP system to send return trac from pools to the MA
C address that transmitted the request, even though the routing tab
le points to a dierent network or interface.

what is a node?

the physical server itself that will receive trac from the load balan
cer

F5 101(2)
Study this set online at: http://www.cram.com/ashcards/f5-1012-4973187

How is a member dierent than a node?

What is a basic load balancing transaction...

a member includes the TCP port of the actual application that will b
e receiving the trac

1. Client attempts to connect with the service on the load balancer

2. LB accepts the connection, and changes the destination IP to mat
ch the service of the selected host
3. Host accepts the connection and responds back to the original so
urce, the client, via its default route
4. The LB intercepts the return packet from the host and now chang
es the source IP to match the virtual server IP and port, and forwar
ds packet
5. Clients receives the return packet, believing that it came from th
e virtual server.

Random Algorithm

randomly distributes load across the servers availables.

Round Robin Algorithm

passes each new connection request to the next server in line, eve
ntually distributing connection evenly across the array of machines
being load balanced.

Weighted Route Robin Algorithm(Ratio) Algorithm

the number of connections that each machine receives over time is

proportionate to a ratio weight you dene for each machine

Dynamic Round Robin (dynamic ratio) Algorithm

Weights are based on continuous monitoring of the servers and are

therefore continually changing. Distributed based on real-time serve
r performance analysis.

Fastest Algorithm

Passes a new connection based on the fastest response time of all

server.

Least Connections Algorithm

The system passes a new connection to the server that has the lea
st number of current connections. Works best with equipment all h
as similar capabilities.

F5 101(2)
Study this set online at: http://www.cram.com/ashcards/f5-1012-4973187

Observed Algorithm

Uses a combination of the logic used in the Least Connections and F

astest Algorithms to load balance connections to servers. Servers a
re ranked based on current connections and response time.

Predictive Algorithm

The system analyzes the trend of the ranking over time, determinin
g whether a servers performance is currently improving or declinin
g.

What is the primary reason for tracking and storing session data?

To ensure that client requests are directed to the same pool memb
er throughout the life of a session, or during subsequent sessions.

what is a Persistence Prole?

a pre-congured obect that automatically enables persistence when

you assign the prole to a VS

Cookie persistence

Cookie persistence uses an HTTP cookie stored on a clients comput

er to allow the client to reconnect to the same server previously vis
ited at a web site.

Destination address anity persistence

Also known as sticky persistence, destination address anity persis

tence supports TCP and UDP protocols, and directs session requests
to the same server based solely on the destination IP address of a
packet.

hash persistence

Hash persistence allows you to create a persistence hash based on

an existing iRule

Microsoft Remote Desktop Protocol persistence

Microsoft Remote Desktop Protocol (MSRDP) persistence tracks se

ssions between clients and servers running the Microsoft Remote
Desktop Protocol (RDP) service.

F5 101(2)
Study this set online at: http://www.cram.com/ashcards/f5-1012-4973187

SIP Persistence

SIP persistence is a type of persistence used for servers that receiv

e Session Initiation Protocol (SIP) messages sent through UDP, SCTP
, or TCP.

Source address anity persistence

Also known as simple persistence, source address anity persisten

ce supports TCP and UDP protocols, and directs session requests to
the same server based solely on the source IP address of a packet.

SSL Persistence

SSL persistence is a type of persistence that tracks non-terminated

SSL sessions, using the SSL session ID.

Univresal persistence

Universal persistence allows you to write an expression that denes

what to persist on in a packet. The expression, written using the sa
me expression syntax that you use in iRulesTM, denes some sequ
ence of bytes to use as a session identier.

What is the Positive Security Model

One that denes what is allowed, and rejects everything else.

What is the Negative Security Model

Denes what is disallowed, while implicitly allowing everything else.

Benet of the Positive Security Model

Reset on Timeout

Is that new attacks, not anticipated by the admin/deveoper, will be

prevented.

The system sends a reset (RST) and deletes the TCP connection wh
en the connection exceeds the idle timeout value. If disabled, the s
ystem will delete the TCP connection when it exceeds the idle timeo
ut value, but will not send an RST to the client.

F5 101(2)
Study this set online at: http://www.cram.com/ashcards/f5-1012-4973187

SIP

Session Initiated Protocol

Application layer protocol that can establish, modify, and terminate
multimedia sessions such as Internet telephony calls.

HTTP Header Methods?

GET
POST
PUT
DELETE
HEAD

With the get method, all query parameters are mart of what?

URI

200 OK

This indicates a success

304 Not Modied

This shows that the resource in question has not changed and the b
rowser should load it from its cache instead. This is used only when
the browser performs a conditional GET request

404 Not Found

This suggests that the resource requested cannot be found on the s

erver

401 Authorization Required

This indcates that the resource is protected and requires valid cred
entials before the server can grant access

500 Internal Error

This signies that the server had a problem processing the request

F5 101(2)
Study this set online at: http://www.cram.com/ashcards/f5-1012-4973187

most important browser headers?

HTTP Version
Accept-Encoding: gzip, deate
Connection: Keep-Alive
If-* headers
Cache-Control or Pragma no cache

Most important web server headers?

HTTP Version
connection: Keep-Alive/Close
Encoding: gzip, deate
Cach-strong headers (max-age)
Content-Type:
Date:
Accept-Ranges: bytes

no-cache meta tag

instructs the browser to not cache the object that contain the meta
tag
Forces the browser to always get a full download of that object

refresh meta tag

often used to mimic an HTTP 302 redirect response.

Tells the browser to override the browser's cache settings and reval
idate every object referenced by the refresh tag.

IPSEC

IP layer protocol that enables the sending and receiving of cryptogr

aphically protected pachets of any times (TCP, UDP, ICMP) without a
ny modication

What two cryptographic services does IPSec provide?

1. condentiality and authenticity (Encapsulated Security Payload)

2. Or authenticity only. (Authentication Header)

Main Mode exchanges

Aggressive Mode Exchanges

-> HDR, SA
<- HDR, SA
<- HDr, KE, Ni
-> HDR, KE, Nr
<- HDY*, ID_I, [CERT], SIG_I
-> HDR*, ID_R[CERT], SIG_R
HDR ISAKMP header
SA Security Association
KE HDR,
Die-Hellman
exchanged
public value
->
SA, KE, Ni,
ID_I
Ni Nr
theSA,
nonce
<HDR,
KE, Nr, ID_R, [CERT], SIG_R
ID IHDR,
ID R [CERT],
the Initiator
Responder
->
SIG_R
CERTISAKMP
the certicate
HDR
header
SIG Security
I SIG R the
signature for the Initiator Re
SA
Association
sponder
respectively
KE
Die-Hellman
exchanged public value
Ni Nr the nonce
ID I ID R the Initiator Responder
CERT the certicate

F5 101(2)
Study this set online at: http://www.cram.com/ashcards/f5-1012-4973187

What does Phase 2 do?

Negotiates the cipher and authentication algorithm required to prote

ct further transactions.

What does Phase 1 do?

Performs mutual authentication and produces the encryption key re

quired to protect Phase 2.

What is SSL?

an application layer protocol. Mostly utilized to protect HTTP transac

tions, and has been used for other purposed like IMAP and POP3
Only compatible with applications running over TCP

SSL is composed of what 4 protocols?

Handshake protocol
Change Cipher Spec protocol
Alert protocol
Application Data protocol

What is the handshake protocol used for?

To perform authentication and key exchanges

What is the Change Cipher Spec Protocol used for?

To indicate that the chosen keys will now be used

What is the Alert protocol used for?

Signaling errors and session closure

What is the application data protocol used for?

to transmist and receive encrypted data

F5 101(2)
Study this set online at: http://www.cram.com/ashcards/f5-1012-4973187

Hash algoritms used in SSL "Client Authentication"?

ND5 and SHA-1

IPSec supports the use of Digital Signature ad the use of a Secret K

Ey Alforithm, where SSL supports only the use of what?

Digital Signature

MAC

Message Authentication Code

Used for authentication the exchanged messages after the connecti
on is established.

What two connection modes what IPSec have?

Tunnel Mode
Transport Mode

What is Tunnel mode?

Established between gateway-to-gateway, gateway-to-host, and hos

t-to-host. It established a tunnel between the endpoint and it requir
es adding a new IP header to the original packet

What is Transport mode?

Host-to-host connection. The data between the two entities are encr
ypted.

PFS

Perfect Forward Secrecy

Exchanges new DH values each time a session is resumed

100 Continue

This means that the server has received the request headers, and
that the client should proceed to send the request body

F5 101(2)
Study this set online at: http://www.cram.com/ashcards/f5-1012-4973187

101 Switching Protocols

This means the requester has asked the server to switch protocols
and the server is acknowledging that it will do so.

200 OK

Standard response for successful HTTP requests.

201 Created

The request has been fullled and resulted in a new resource being
created.

202 Accepted

The request has been accepted for processing, but the processing
has not been completed. The request might or might not eventuall
y be acted upon, as it might be disallowed when processing actuall
y takes place.

203 Non-Authoritative Information (since HTTP/1.1)

The server successfully processed the request, but is returning info

rmation that may be from another source.

204 No Content

The server successfully processed the request, but is not returning

any content. Usually used as a response to a successful delete requ
est.

205 Reset Content

The server successfully processed the request, but is not returning

any content. Unlike a 204 response, this response requires that the
requester reset the document view.

206 Partial Content

The server is delivering only part of the resource due to a range he

ader sent by the client. The range header is used by tools like wget
to enable resuming of interrupted downloads, or split a download in
to multiple simultaneous streams.

F5 101(2)
Study this set online at: http://www.cram.com/ashcards/f5-1012-4973187

207 Multi-Status

The message body that follows is an XML message and can contain
a number of separate response codes, depending on how many su
b-requests were made.

208 Already Reported

The members of a DAV binding have already been enumerated in a

previous reply to this request, and are not being included again.

226 IM Used (RFC 3229)

The server has fullled a GET request for the resource, and the res
ponse is a representation of the result of one or more instance-ma
nipulations applied to the current instance.

SNAT

Security Network Address Translation

Maps the source client IP address in a request to a translation addr
ess dened on the BIG-IP device

300 Multiple Choices

Indicates multiple options for the resource that the client may follo
w. It, for instance, could be used to present dierent format options
for video, list les with dierent extensions, or word sense disambi
guation.

301 Moved Permanently

This and all future requests should be directed to the given URI.

302 Found

This is an example of industry practice contradicting the standard.

The HTTP/1.0 specication (RFC 1945) required the client to perfor
m a temporary redirect (the original describing phrase was "Moved
Temporarily"),[5] but popular browsers implemented 302 with the fu
nctionality of a 303 See Other. Therefore, HTTP/1.1 added status co
des 303 and 307 to distinguish between the two behaviours.[6] How
ever, some Web applications and frameworks use the 302 status co
de as if it were the 303.[7]

303 See Other

The response to the request can be found under another URI using
a GET method. When received in response to a POST (or PUT/DELET
E), it should be assumed that the server has received the data and
the redirect should be issued with a separate GET message.

F5 101(2)
Study this set online at: http://www.cram.com/ashcards/f5-1012-4973187

304 Not Modied

Indicates that the resource has not been modied since the version
specied by the request headers If-Modied-Since or If-Match. This
means that there is no need to retransmit the resource, since the cl
ient still has a previously-downloaded copy.

305 Use Proxy

The requested resource is only available through a proxy, whose a

ddress is provided in the response. Many HTTP clients (such as Mozi
lla[8] and Internet Explorer) do not correctly handle responses with
this status code, primarily for security reasons

306 Switch Proxy

No longer used. Originally meant "Subsequent requests should use

the specied proxy

307 Temporary Redirect

the request should be repeated with another URI; however, future r

equests should still use the original URI. In contrast to how 302 was
historically implemented, the request method is not allowed to be c
hanged when reissuing the original request. For instance, a POST re
quest should be repeated using another POST request

308 Permanent Redirect

The request, and all future requests should be repeated using anoth
er URI. 307 and 308 (as proposed) parallel the behaviours of 302 a
nd 301, but do not allow the HTTP method to change. So, for exam
ple, submitting a form to a permanently redirected resource may c
ontinue smoothly.