Document created by Kalpesh Dalwadi F5 BIGIP Configuration F5 offers free training for the LTM module. You have to register and create your account and using this account you can take the online training classes. https://f5.learn.com/learncenter.asp?
Configuration examples via iApp GUI: Project example: Add new url tctssw.con-way.com with 80 & 443 services. The physical servers (pool members) will be listneing on tcp/8080 for http request while for https request they will listen on tcp/443. The physical servers in this example are 10.6.109.79 & 10.6.109.80 Implementation: Step 1: Selecting correct partition on F5 where the URL configuration will reside: After login to the correct F5, select the right partition for the new url (There are different partitions on F5 based on application types) : Click on ‘Local traffic’ and then ‘Pools’. On the right hand top you have Partition drop box where you can select correct partition where the URL configuration should reside. Note: LTM – Refers to Local Traffic Manager – This is the module in the iApp GUI.
Step 2: Create Pool and add pool members (physical servers) in the pool: LTM -> POOLS -> + (there is a + sign by clicking which you can add new configuration) - We will start with configuring the pool for http://tctssw.con-way.com. The pool consist of physical server members and their ports (which can be same or different then the url ports) Configuration: Name:
Advanced p- prepod-tctssw.con-way.com-8080
Health Monitor:
eweb_lb_healthcheck
Note: Select health monitors from the ‘Available’ box. You can also create custom health monitors by selecting ‘Monitors’ under Local Traffic. Availability Requirement: Allow SNAT: Yes
All (Health Monitors)
Note: SNAT option depends on how the F5 is setup: 1) Transparent mode- In this mode the server VLAN resides on the
LB and hence server will use LB as their gateway. The client source address is forwarded by the F5 to the server as is. In this mode both the URL access and a direct server access will be routed via the F5. Default route for the servers will point to F5 gateway IP. 2) Proxy mode- In this mode LB uses SNAT to NAT the source IPs so that the physical server sees the connection come in from the SNAT IP pool configured on F5 and will not see the real client IP. F5 maintains the translations and will route the packets from clients to the physical servers. In this case the server VLAN will not reside on the F5, instead it will reside on the layer 3 switch. All the traffic destined to the URL VIP will be directed to the F5, F5 will NAT the source IP and will proxy the request to the physical servers. If a connection is sent directly to the physical server from the client, the packets will be routed by the layer 3 switch directly to the server and not via the F5. F5 will have default pointing to the VIP subnet gateway IP assigned to one of it’s physical interface connected to layer 3 switch, while the routes to all the server subnets will point to another physical interface IPed out of the SNAT Subnet. The gateway on the servers will be their respective subnet network address which will reside on the layer 3 switch. Allow NAT: Action On Service Down:
Yes None
Slow Ramp Time:
10 seconds
IP ToS to Client:
Pass Through
IP ToS to Server:
Pass Through
Link QoS to Client:
Pass Through
Link QoS to Server:
Pass Through
Reselect Tries:
0 (zero)
Click on ‘Update’ box to save the Pool configuration. Now we need to add the physical servers as Pool members under the newly created pool. Click on Members as show in below image.
Under Load balancing: Load Balancing Method:
Least Connections (members)
Note: There are different types pf LB algorithms supported by F5. Ask the application team/requestor of the project on what algorithm they want to use. Note: Difference between a node and a member is node is just referred to as an IP, while member refers to IP & a service port. Priority Group Activation: Disabled
Then click on Add to add physical members. Under New Pool Members Address:
New Address
Note: Select ‘New Address’ if you don’t have the physical server added under Nodes (under LTM). Select ‘Node list’ if the Node exist already. Service Port:
8080
Under Configuration: Ratio:
1
Priority Group: 0 Connection limit:
0
Health Monitors:
Inherit From pool
Select Monitor: We have already configured health monitor for the Pool so the same will be applicable to the members in the pool. Click on Update to save.
Step 3: Create virtual server (URL) and assign the pool to the virtual server Note: VS – Referred to as Virtual Server LTM -> VIRTUAL SERVERS -> + (create) Under General Properties: Name:
vs- prepod-tctssw.con-way.com-80
Destination:
Type: Host
Address: 10.6.111.130 (this is the virtual IP for the URL – if new URL you need to assign the IP from the VIP pool depending on the F5 environment for e.g. test/dev/prod etc and need to register the URL in DNS) Service Port:
80 (HTTP)
State:
Enabled
Under Configuration (Select ‘Advanced’) Type:
Standard
Protocol:
TCP
Protocol Profile (client):
TCP
Protocol Profile (Server):
Use client Profile
OneConnect Profile :
None
NTLM Conn Pool:
None
HTTP Profile :
http-eweb
Note: This is a custom HTTP profile which can be created under ‘Local Traffic’ Profiles HTTP FTP Profile:
None
Stream Profile:
None
SSL Profile (client):
None
SSL Profile (server):
None
Authentication Profiles:
None
RTSP Profile:
None
Diameter Profile:
None
SIP Profile:
None
Statistics Profile:
None
VLAN and Tunnel Traffic: SNAT Pool:
All VLANs and Tunnels
Auto Map
Traffic Class:
None
Connection Limit:
0 (zero meaning no limit)
Connection Mirroring:
Do not check this box
Address Translation:
Enabled
Port Translation:
Enabled
Source Port:
Preserve
Clone Pool (Client):
None
Clone Pool (Server):
None
Last Hop Pool:
None
Click on Update to save. Now click on resource at the top as shown in the below picture
Under Load Balancing: Default Pool:
p- prepod-tctssw.con-way.com-8080
Default Persistence Profile: None Fallback Persistence Profile: None Click on update to save. Note: If you have to assign existing iRule to the VS (iRule is a custom script written in TCL which provides different type of manipulation, responses for a given URL request that comes to the F5 LB.) the click on Manage Under Resource Management select the iRule you want to assign from the ‘Available box’ and click on finish.
In the same way if you want to assign HTTP Class Profile to the VS (Virtual server = URL)
Understanding iRule An iRule is a powerful and flexible feature of BIG-IP devices based on F5's exclusive TMOS architecture. iRules provide you with unprecedented control to directly manipulate and manage any IP application traffic. iRules utilizes an easy to learn scripting syntax and enables you to customize how you intercept, inspect, transform, and direct inbound or outbound application traffic.
An iRule consists of one or more event declarations, each containing TCL code that is executed when that event occurs. To further understand the iRules and how they work, please refer the below link. https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/a rticleId/122/iRules-101--01--Introduction-to-iRules.aspx To learn more about TCL language operators and commands refer the below link. http://tmml.sourceforge.net/doc/tcl/index.html Note: ‘Curl’ and ‘bigpipe’ commands are very helpful in troubleshooting F5 issues from CLI (ssh to the F5 and login via root user)
Thank you for interesting in our services. We are a non-profit group that run this website to share documents. We need your help to maintenance this website.