F5 Networks Training
®
BIG-IP LTM V10 Essentials
Web-Based Training Lab Guide
12 / 17 / 2010
BIG-IP® LTM Essentials Web-Based Training Lab Guide – © 2010 F5 Networks, Inc.
P-2
Preface
BIG-IP® LTM V10 Essentials Web-based Training Student Lab Guide Third Printing December 2010 This Lab Guide was written for BIG-IP® LTM version 10.2.0. The lecture portions of the LTM Essentials web-based training were written for version 10.0.1. Because F5 feels it is important to perform the hands-on labs on a current version of BIGIP, the Lab Guide is updated more frequently than the lecture portions. Most of the concepts discussed in the lecture portion and lab steps in the lab guide apply to previous versions of BIG-IP LTM. © 2010, F5 Networks, Inc. All rights reserved.
Support and Contact Information Obtaining Technical Support Web
tech.f5.com (Ask F5)
Phone
(206) 272-6888
Email (support issues)
[email protected]
Email (suggestions)
[email protected]
Contacting F5 Networks Web
www.f5.com
Email
[email protected] &
[email protected]
F5 Networks, Inc.
F5 Networks, Ltd.
F5 Networks, Inc.
F5 Networks, Inc.
Corporate Office 401 Elliott Avenue West Seattle, Washington 98119
United Kingdom Chertsey Gate West Chertsey Surrey KT16 8AP
Asia Pacific 5 Temasek Boulevard #08-01/02 Suntec Tower 5
Japan Akasaka Garden City 19F 4-15-1 Akasaka, Minato-ku
T (888) 88BIG-IP T (206) 272-5555 F (206) 272-5557
[email protected]
United Kingdom T (44) 0 1932 582-000 F (44) 0 1932 582-001
[email protected]
Singapore, 038985 T (65) 6533-6103 F (65) 6533-6106
[email protected]
Tokyo 107-0052 Japan T (81) 3 5114-3200 F (81) 3 5114-3201
[email protected]
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
Preface
Legal Notices Copyright Copyright 2010, F5 Networks, Inc. All rights reserved. F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5 assumes no responsibility for the use of this information, nor any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent, copyright, or other intellectual property right of F5 except as specifically described by applicable user licenses. F5 reserves the right to change specifications at any time without notice.
Trademarks F5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, Acopia, Acopia Networks, Application Accelerator, Ask F5, Application Security Manager, ASM, ARX, Data Guard, Enterprise Manager, EM, FirePass, FreedomFabric, Global Traffic Manager, GTM, iControl, Intelligent Browser Referencing, Internet Control Architecture, IP Application Switch, iRules, Link Controller, LC, Local Traffic Manager, LTM, Message Security Module, MSM, NetCelera, OneConnect, Packet Velocity, Secure Access Manager, SAM, SSL Accelerator, SYN Check, Traffic Management Operating System, TMOS, TrafficShield, Transparent Data Reduction, uRoam, VIPRION, WANJet, WebAccelerator, and ZoneRunner are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries, and may not be used without F5's express written consent.
Patents This product protected by U.S. Patent[s] 6,374,300; 6,473,802; 6,970,933; 7,051,126; 7,102,996; 7,146,354; 7,197,661; 7,206,282; 7,287,084. Other patents pending.
Export Regulation Notice This product may include cryptographic software. Under the Export Administration Act, the United States government may consider it a criminal offense to export this product from the United States.
RF Interference Warning This is a Class A product. In a domestic environment this product may cause radio interference, in which case the user may be required to take adequate measures.
FCC Compliance This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This unit generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case the user, at his own expense, will be required to take whatever measures may be required to correct the interference. Any modifications to this device, unless expressly approved by the manufacturer, can void the user's authority to operate this equipment under part 15 of the FCC rules.
Canadian Regulatory Compliance This Class A digital apparatus complies with Canadian ICES-003.
Standards Compliance This product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable to Information Technology products at the time of manufacture.
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
P-3
Table of Contents Lab Instructions: .........................................................................................................Lab-1 Connecting to the F5 Training Lab Environment ....................................................... Lab-1 The F5 Training Lab Network .................................................................................... Lab-3 F5 Training Lab limitations ........................................................................................ Lab-4
Lab 1: Initial Setup ........................................................................................................1-5 Lab – Setup Utility ..................................................................................................... 1-6 Lab – Configuration Utility........................................................................................ 1-9 Lab – Configuration Backup ...................................................................................... 1-11
Lab 2: Traffic Processing .............................................................................................2-13 Lab – Virtual Servers - Pools ..................................................................................... 2-14 Lab – Network Map ................................................................................................... 2-18
Lab 3: Load Balancing .................................................................................................3-19 Labs – Ratio Load Balancing ..................................................................................... 3-20 Labs – Priority Group Activation ............................................................................... 3-21
Lab 4: Monitors .............................................................................................................4-23 Lab – Monitors for Nodes .......................................................................................... 4-23 Lab – Monitors for Pools and Members Lab #1 and 2 ............................................... 4-26
Lab 5: Profiles ...............................................................................................................5-31 No Lab for this Course Module............................................................................................ 5-31
Lab 6: Persistence ........................................................................................................6-33 Lab – Source Address Persistence ............................................................................. 6-34 Lab – Cookie Persistence ........................................................................................... 6-36 Lab – Disabled Members ........................................................................................... 6-39
Lab 7: SSL Termination................................................................................................7-41 Lab – Client SSL Termination ................................................................................... 7-42
BIG-IP® LTM Essentials Web-Based Training Lab Guide – © 2010 F5 Networks, Inc.
Toc-2
Table of Contents
Lab 8: NATs and SNATs .............................................................................................. 8-45 Lab – NAT Lab .......................................................................................................... 8-46 Labs – SNAT Labs ..................................................................................................... 8-47
Lab 9: iRules ................................................................................................................. 9-49 Labs – iRules Lab #1................................................................................................ 9-50 Labs – iRules Lab #2................................................................................................ 9-53
Lab 10: Redundant Pair setup..................................................................................... 10-55 Lab –Redundant Pair Setup ........................................................................................ 10-55 Lab – Setup of BIG-IP #2 .......................................................................................... 10-57 Lab – Synchronization ............................................................................................... 10-58
Lab 11: High Availability .............................................................................................. 11-59 Lab – Network Failover ............................................................................................. 11-61 Lab – Connection Mirroring ...................................................................................... 11-63 Lab – Persistence Mirroring ....................................................................................... 11-65
Configuration Lab Project ............................................................................................ LP-67 Lab –Configuration Project ........................................................................................ LP-68
Appendix A – F5 Networks Products .......................................................................... A-1 F5 Networks Product Suite................................................................................................... A-1
Appendix B – Additional Topics .................................................................................. B-1 F5 Networks Support and Documentation ........................................................................... B-1 Installation Information ........................................................................................................ B-7
Appendix C – Other F5 Networks Training Courses .................................................. C-1 F5 Networks Instructor Led Courses .................................................................................... C-1
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
Introduction Welcome to the BIG-IP LTM Essentials Web-Based Training Course Student Lab Guide. The purpose of the BIG-IP LTM Essentials course is to introduce the basic information you need to set up and operate the BIG-IP Local Traffic Manager (LTM) from F5 Networks. The purpose of this Lab Guide is to provide all the information and exercises you need to work directly with a BIG-IP LTM system and solidify the concepts you have learned in the associated Web-based training modules. The hands-on lab exercises included in this course are critically important to your learning. These exercises are especially helpful if you can do them as soon as possible after completing the associated training module. Therefore, we recommend the following approach when taking this course: •
Before beginning a module, register for lab time.
•
Work through the training module as close to the start of your lab time as possible.
•
After completing the training module, move into the lab exercises. Be sure to complete the entire exercise, including the review questions at the end.
There are eleven modules in this course, each one taking approximately thirty minutes to complete. To complete the entire course, including modules and labs, will take you about fourteen hours. In addition to the lab exercises, this guide contains other useful information. •
Appendix A provides some background information on F5 Networks and its products.
•
Appendix B explains the various customer support resources that are available. We highly recommend that you review this listing. You may find some of these resources to be very valuable while working your way through this course.
•
Appendix C contains an informative list of other training courses available from F5 Global Training Services. After completing this introductory course, you may want to enroll in one or more of these classes to gain a deeper understanding of BIG-IP LTM.
We hope you enjoy learning with these lab exercises!
BIG-IP® LTM Essentials Web-Based Training Lab Guide – © 2010 F5 Networks, Inc.
Introduction
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
Module Lab Instructions 1 Lab – Initial Setup
Lab-1 1-1
Connecting to the F5 Training Lab Environment PLEASE NOTE: This lab is not a test environment and is strictly for use by students taking the BIG-IP LTM Essentials Web-Based Training (WBT) course. Your user ID will be time limited and you will be cut off after so many hours of connect time.
1. After logging in to F5 University, select the link for F5 Training Lab as shown to the right. 2. You should now be at the Lab web page where you downloaded this Lab Guide. 3. Select the link for Lab registration. 4. When prompted, enter your email, first and last names and then Launch Lab. You will be placed into your own F5 Training Lab environment. 5. Your lab environment will take a couple minutes to initialize. Notice the message at top of screen that says “Your environment is X% ready”.
6. The first time you connect you will need to install the Cloudshare plug-in and may need to enable pop-ups for it to install. This is a first-time only install.
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
1-2 Lab-2
Module 1 Lab Lab – Initial Instructions Setup
1. Each lab starts assuming an un-configured BIG-IP and then instructs you to restore a UCS backup file that was captured at the end of the previous lab. 2. If during your lab time you wish to revert back to this un-configured state you may do so by selecting Actions and then Revert Now.
3. Rather than restoring UCS files at the beginning of each new lab you may also work straight through all the labs. From an instructional angle, F5 recommends doing the Module WBT, then the lab for that Module. Then the next Module WBT and its corresponding lab. 4. Also, you can only enter the F5 Training Lab environment from the links within F5 University (ie. the graphic to the right).
5. When ready to leave the F5 Training Lab Environment, use the Logout button in the upper right corner of the screen shown below.
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
Module Lab Instructions 1 Lab – Initial Setup
Lab-3 1-3
The F5 Training Lab Network 1. You will be connected to a Windows virtual machine that will be used to administer your BIG-IP and as the client machine to drive traffic through BIG-IP LTM. 2. Your Windows virtual machine has both a 192.168.1.30/24 and a 10.10.1.30/16 IP Address configured for the lab network shown below. 3. There is already a Management IP Address set on your BIG-IP to 192.168.1.245/24, and we will setup the other 10.10 External and 172.16 Internal IP Addresses in Lab #1. 4. There are also three servers configured at 172.16.20.1, 172.16.20.2 and 172.16.20.3. You will not be able to access these servers directly from your Windows client machine but these are the servers to which we will load balance traffic starting in Lab #2.
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
1-4 Lab-4
Module 1 Lab Lab – Initial Instructions Setup
F5 Training Lab limitations 1. The F5 Training Lab is running in a virtual lab environment and therefore does not have all hardware features of BIG-IP available. For instance, you will not have a serial console connection to your BIG-IP. 2. This lab environment only supports BIG-IP LTM, no other F5 products or BIG-IP modules like GTM or ASM. 3. This lab environment has only been tested with the lab steps in this lab guide. If you do not follow the steps in this lab guide, results will vary.
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
Module 1 Lab – Initial Setup
1-5
Module 1 Lab – Initial Setup and Access
Initial Setup Labs Objective:
Perform initial setup of the BIG-IP LTM System
Explore the Web Configuration Utility
Make a backup of the BIG-IP System
Estimated Time: 30 minutes
LAB CONFIGURATION
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
1-6
Module 1 Lab – Initial Setup
Setup Utility Lab Objective:
Run the Setup Utility and to configure system access parameters
Estimated time for completion: 20 minutes
Lab Requirements:
Reachable IP address on the management port
Valid License for the BIG-IP LTM Systems
Administration system with an IP address on the BIG-IP LTM’s network
Current BIG-IP Settings At this point, your BIG-IP system should already be licensed and the management port address still set to the default IP Address of 192.168.1.245/24.
PC Configuration Your PC is configured with two IP Addresses in order to reach both the Management and client networks once they are configured on your BIG-IP. PC Mgmt IP Address PC Client IP Address
192.168.1.30/24 10.10.1.30/16.
Access the BIG-IP LTM System 1. Open a browser to https://192.168.1.245. 2. When prompted, accept the SSL certificate. 3. When prompted, login as admin with a password of admin.
Licensing Steps 1. You should first see the Setup Utility’s Welcome screen. Click Next. 2. Normally, you would need to license your BIG-IP System. For these labs, the systems should already be licensed. Review the features that are licensed and then click Next.
Provisioning Steps 1. The second screen should be Provisioning. Verify that Local Traffic (LTM) is set to Nominal, any other products are set to None (Disabled) and then click Next.
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
Module 1 Lab – Initial Setup
1-7
Setup Utility 1. Within the General Properties section, specify the following: IP Address: Network Mask: Management Route: Host Name: Host IP Address: High Availability: Unit ID: Time Zone:
192.168.1.245 255.255.255.0 Leave blank bigip1.f5trn.com Use Management Port IP Address Redundant Pair 1 America/Los Angeles
2. Within the User Administration section, specify the following: Root Account Password: Root Account Confirm: Admin Account Password: Admin Account Confirm: SSH Access: SSH IP Allow:
default default admin admin Enabled * All Addresses
3. Click Next. NOTE: When you type in the admin password field you will be required to log back into the system whether the password has been changed or not. Once this first step of administrative access has been configured, you can configure self-IP addresses and VLANs. We will choose the Basic Network Configuration option, which will step through creating two VLANs, internal and external, and their IP addresses, and interfaces. Each self IP will be assigned Port Lockdown settings. Port lockdown limits administrative access to the self IP addresses. Because we have configured the system as a redundant pair, Allow Default should be selected for Port Lockdown on self IP’s of the internal VLAN to ensure the systems will be able to communicate. Because we have configured as a redundant pair, the administrator will also be prompted for a partner address and a floating IP address for each VLAN. Generally, the partner address should be an address on the internal VLAN to minimize security concerns. Floating addresses are shared between the systems and used by the system that is currently active. These concepts are discussed in the Redundant Pair module.
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
1-8
Module 1 Lab – Initial Setup 4. Select the Basic Network Configuration option by clicking Next, then specify the following:
Internal Network Settings Self-IP Address Self-IP Netmask Self-IP Port Lockdown Floating IP Address Floating IP Port Lockdown Failover Peer
172.16.1.31 255.255.0.0 Allow Default 172.16.1.33 Allow Default 172.16.1.32
Internal VLAN Configuration VLAN Name VLAN Tag ID VLAN Interfaces
internal (Read Only) Auto Untagged – Port 1.2
5. Click the Next button to configure the External VLAN, then specify the following:
External Network Settings Self-IP Address Self-IP Netmask Self-IP Port Lockdown Default Gateway Floating IP Address Floating IP Port Lockdown
10.10.1.31 255.255.0.0 Allow 443 Leave blank 10.10.1.33 Allow 443
External VLAN Configuration VLAN Name VLAN Tag ID VLAN Interfaces
external (Read only) Auto Untagged – Port 1.1
6. Then click Finished. 7. Since we previously completed Licensing and Provisioning, we should reboot the BIG-IP so that our Licensing and Provisioning changes take effect. Select System / Configuration and click the Reboot box under Operations. Once the Basic Network Configuration is complete, the Welcome screen from the Overview section appears. The administrator can choose to change many presentation options, enable SNMP including downloading the MIB, access F5’s knowledge database (Ask F5) or re-run the setup utility to change addresses or access methods.
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
Module 1 Lab – Initial Setup
1-9
Configuration Utility Lab Objective:
Access both the Web Configuration utility and Command Line (SSH) utility for BIG-IP LTM system and get familiar with the interface
Estimated time for completion: 5 minutes
Lab Requirements:
External IP address of the BIG-IP LTM system
User ID and password of the BIG-IP LTM system’s Web Configuration Utility
User ID and password of the BIG-IP LTM system’s Command Line Interface
PC Configuration Your PC is configured with two IP Addresses in order to reach both the Management and client networks once they are configured on your BIG-IP. Mgmt IP Address Client IP Address
192.168.1.30/24 10.10.1.30/16.
The Web Configuration Utility 1. Open a browser window to https://10.10.1.31 to connect to the Web Configuration Utility. 2. Enter a user ID and password of admin / admin that you added during Setup. 3. Note options available on the Welcome page. 4. Click on the Network section, then note what is set for the Interfaces, Self IPs, and VLANs options.
Command Line access (SSH) 1. Open an SSH session using Putty and attempt to connect the external IP Address of your BIG-IP System (10.10.1.31). 2. Notice that you are not able to access your BIG-IP LTM. This is because Port Lockdown for the external self-IP addresses defaults to Allow 443 only. Access to port 22 is prevented. 3. From the web GUI select Network / Self IPs and then click the 10.10.1.31 self IP Address. 4. Under Port Lockdown / Custom List, click the Port radio button, enter 22 as the port, click Add, and then click Update. 5. Once port 22 has been added, you should be able to successfully use SSH to attach to your BIG-IP System. You may be prompted to accept the SSH key, do so. When the logon appears, enter root as the user ID and default as the password that you added during Setup. 6. If prompted for terminal type, select vt100. Enter the command: b self show
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
1-10
Module 1 Lab – Initial Setup What information is listed here? 7. Enter the command: b vlan show What information is listed here? 8. Enter the command: b interface show What information is listed here?
Verifying User Access 1. Logout of your SSH session. 2. Open a new SSH session but login and try the admin user. By default, you should not be able to get in as admin. 3. From the Web Configuration Utility select System / Users and then select the link for the admin User Name. Change the Terminal Access to Advanced Shell access, click Update, and then test SSH access with the admin user ID again. 4. Open a new browser window but try to login using the root user ID. By default, you should not be able to get into the Web Configuration utility with the root user ID.
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
Module 1 Lab – Initial Setup
1-11
Configuration Backup Lab Objective:
Create a backup of the BIG-IP System on both the BIG-IP and your desktop.
Estimated time for completion: 5 minutes
Lab Requirements:
External IP address of the BIG-IP LTM system
Saving a configuration 1. From the Navigation pane, click the System section. 2. Select Archives, then click Create. 3. Within the General Properties section, specify the following: File Name Encryption Private Keys Version
Module1_End Disabled Include BIG-IP Version (read only)
4. When complete, click Finished. 5. When complete, an OK button will appear. Click OK or select Archives again. 6. Select Module1_End.ucs (the name is a link) and notice you can click Download to save a copy to your desktop. The Download option does not work in this F5 Training Lab environment but will in yours. 7. If desired, the files contents can be viewed from the command line of your BIG-IP System. From an SSH session, perform the following: a.
Make a new directory for this lab: mkdir /var/tmp/test/
b.
Change to the new directory: cd /var/tmp/test/
c.
Copy the backup to the new directory: cp /var/local/ucs/Module1_End.ucs Module1_End.ucs .
d.
Decompress the file and extract the file: tar -xvzf Module1_End.ucs. The resulting files show the directory structure and all files stored in the *.ucs file. Individual files can be viewed with cat, tail, more and other tools.
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
1-12
Module 1 Lab – Initial Setup
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
Module 2 Lab – Processing Traffic
2-13
Module 2 Lab – Processing Traffic Objectives:
Configure pools for servers
Configure virtual servers and associate them with a pool
Verify functionality
Estimated time for completion: 20 minutes
Lab Requirements:
IP and port addresses available for use on BIG-IP LTM that can be reached by the client systems
Actual servers with appropriate routes to return traffic through each BIG-IP LTM system
Restoring a Configuration from previous Lab 1. After connecting to F5 Training Lab, open a browser to https://192.168.1.245. 2. When prompted, login as admin with a password of admin. 3. If you have an existing lab environment, skip to step 10 below. 4. If starting with a new lab environment, on the Welcome / Setup Utility screen click Next. 5. On both the License and Resource Provisioning screens click Next. 6. On the Setup Utility / Platform screen enter a Host Name of bigip1.f5trn.com and change High Availability setting to Redundant Pair. 7. Enter a Root Account password of default twice and an Admin Account password of admin twice and then click Next. 8. You will be prompted to login again because of changing the Admin password. 9. After logging in, click the Finished button under Advanced Network Configuration. 10. From the Navigation pane, expand the System section, then select Archives. 11. Click the Module2_Lab_begin.ucs archive and then click the Restore button. An Ok button appears to acknowledge the restore has started. It will take a minute, but watch this screen and you should see messages that your restore completed successfully. You might receive one error message but that is ok and is due to the F5 Training Lab environment only. 12. Because of the state of BIG-IP, we need to reboot so that our Licensing and Provisioning takes effect. Select System / Configuration and click the Reboot box under Operations. 13. After Restore and Reboot, your configuration should be as if you had just finished all Module 1 labs. Please verify this is the case. Your configuration should be licensed, include 2 VLAN’s (Network / VLANs) named external and internal and have 4 self IP’s (Network / Self IPs) at 10.10.1.31, 10.10.1.33, 172.16.1.31 and 172.16.1.33 configured.
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
2-14
Module 2 Lab – Processing Traffic
Creating an HTTP Pool and Virtual Server Lab Create a Pool 1. From the Navigation pane, expand the Local Traffic section. 2. Either select Pools and then the Create button or hover your mouse over Pools and then click the
sign on the flyout menu.
3. In the Configuration section, enter the following: Configuration Level Name Health Monitors
Basic http_pool Leave Blank
4. In the Resources section, enter the following: Load Balancing Method Priority Group Activation New Members For each, enter Address and Service Port and press Add
Round Robin Disabled 172.16.20.1 port 80 172.16.20.2 port 80 172.16.20.3 port 80
5. When complete, click Finished.
Create a Virtual Server that uses this pool 1. From the Navigation pane, expand the Local Traffic section. 2. Either select Virtual Servers and click Create, or hover your mouse over Virtual Servers and then click the
sign on the flyout menu.
3. In the General Properties section, enter the following: Name Destination Service Port State
vs_http 10.10.1.100 80 (or HTTP) Enabled
4. In the Configuration section, accept all defaults. 5. In the Resources section, enter the following: iRules HTTP Class Profiles Default Pool Default Persistence Profile Fallback Persistence Profile
Leave Blank Leave Blank http_pool None None
6. When complete, click Finished.
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
Module 2 Lab – Processing Traffic
2-15
Verification through Statistics 1. Open a new browser session on your PC and point it to the virtual server at http://10.10.1.100. Note the results and refresh the screen 5-10 times. You may need to refresh using the Ctrl and F5 keys to force the browser not to use its cache. 2. View statistics and configuration information through: a. Overview Section / Statistics / Local Traffic Tab b. From the Statistics Type drop down list, choose Virtual Servers c. From the Statistics Type drop down list, choose Pools 3. Did traffic go to each pool member? 4. Did each pool member manage the same number of connections? 5. Did each pool member manage the same number of bytes? 6. How many TCP connections are opened each time you refresh the browser page?
Expected Results and Troubleshooting
Expected result: 5 connections per refresh distribute evenly among the pool members. The webpage consists of the index.html and 4 objects. The web servers have keep-alives disabled.
If not, verify the following: •
Is traffic getting to the virtual server?
Does 10.10.1.100 appear in your workstation’s ARP table? Type arp -a at the workstation’s command prompt.
Does the Statistics page show traffic received by vs_http? Verify that the address and port are correctly configured
Is traffic getting to the pool members? •
•
If no traffic is going TO the pool members:
Verify http_pool has been assigned to vs_http
Verify the correct members address / port
If traffic goes TO pool member, but does not return:
Verify that self IP address 172.16.1.33 is configured on port 1.2 (this address is the pool members’ default route.)
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
2-16
Module 2 Lab – Processing Traffic
Creating an HTTPS Virtual Server and Pool Lab 1. From the Navigation pane, expand the Local Traffic section. 2. Either select Virtual Servers and click Create or leave your mouse over Virtual Servers and then click the
sign on the flyout menu.
3. In the General Properties Section, enter the following: Name Destination Service Port State
vs_https 10.10.1.100 443 (or HTTPS) Enabled
4. In the Configuration Section, accept all defaults. 5. Since we “forgot” to create the pool first, navigate to the Resources Section and click the “+” character to the right of Default Pool. 6. In the Configuration section of the new pool, enter the following: Configuration Name Health Monitors
Basic https_pool Leave Blank
7. In the Resources section, enter the following: Load Balancing Method Priority Group Activation New Members For each, enter Address and Service Port and press Add
Round Robin Disabled 172.16.20.1 port 443 172.16.20.2 port 443 172.16.20.3 port 443
NOTE: Since the member’s IP addresses are the same, you could select Node List and choose the member’s IP addresses from the drop-down list.
8. When the pool is complete, press Finished. 9. In the Virtual Server’s Resources section, verify the following settings: iRules HTTP Class Profiles Default Pool Default Persistence Profile Fallback Persistence Profile
Leave Blank Leave Blank https_pool None None
10. When complete, make sure to click Finished for the virtual server.
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
Module 2 Lab – Processing Traffic
2-17
Verification through Statistics 1. Open a new browser session on your PC and point it to the virtual server at https://10.10.1.100. Note the results and refresh the screen 5-10 times. 2. View statistics and configuration information through: a. Overview Section / Statistics / Local Traffic Tab b. From the Statistics Type drop down list, choose Virtual Servers c. From the Statistics Type drop down list, choose Pools 3. Did traffic go to each pool member? 4. Did each pool member manage the same number of connections? 5. Did each pool member manage the same number of bytes? 6. How many TCP connections are opened each time you refresh the browser page?
Statistics using the Command Line 1. Open an SSH client window using Putty, enter the external IP Address of your BIG-IP LTM System (10.10.1.31) and make sure the protocol is set to SSH. 2. When prompted, enter root as the user ID and the password that was added during setup. A password of default was suggested in Lab 1 and set in the Module2_Lab_begin.ucs file. 3. If prompted for terminal type, accept or enter vt100. 4. Enter the command bigtop. This command shows real time information on the virtual servers and pool members that you have configured. 5. View the screen while refreshing your session to either http://10.10.1.100 or https://10.10.1.100. What does bigtop show? Exit bigtop by pressing the q key. 6. Statistics for pools and virtual servers can be viewed by typing the following: b pool show example: b pool http_pool show b virtual show example: b virtual vs_http show
Expected Results and Troubleshooting
Expected result: You may see six connections the first time you request the page, (due to the SSL key exchange) but should see five connections per subsequent refresh. The requests should be evenly distributed among the pool members.
If not, verify the following: •
Confirm that the virtual server was created. Students often neglect to hit Finish for the virtual server after hitting Finish for the pool.
•
Local Traffic / Virtual Servers
Is traffic getting to the virtual server?
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
2-18
Module 2 Lab – Processing Traffic
Does 10.10.1.100 appear in your workstation’s ARP table? You may need to clear your ARP table before testing to remove the entry from the vs_http virtual server.
Does the Statistics page show traffic received by vs_https? Verify that the address and port are correctly configured.
•
Is traffic getting to the pool members? Check Pool statistics:
If no traffic is going TO the pool members: Verify https_pool has been assigned to vs_https Verify the correct members address / port
•
If traffic goes TO pool member but does not return:
Verify that self IP address 172.16.1.33 is configured on port 1.2 (this address is the pool members default route).
Network Map Lab View Configuration and Status from Network Map 1. Open a browser session and access https://10.10.1.31. 2. Select Local Traffic / Network Map, then click Show Map. 3. Mouse over both virtual server and Pool objects and notice what information is displayed about that object. 4. Select a Pool member and disable it. a. From the Navigation pane, expand the Local Traffic section. b. Select Pools. c. Select http_pool. d. Select Members. e. Check the box to the left of the chosen member and click the Disable button. 5. Go back to Network Map and notice that status changed to disabled, indicated by a black square. 6. Re-enable the disabled pool member for later labs. 7. Change the search field to 20.1 and then click Update Map. Notice that all members are still listed, but matches are highlighted. 8. Select System / Preferences and change the Start Screen from Welcome to Network Map. Close your browser session to the admin GUI, and then log back in to https://10.10.1.31 and notice that your default screen is now Network Map.
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
Module 3 Lab – Load Balancing
3-19
Module 3 Lab – Load Balancing Objectives:
Choose differing load balancing methods and view the resulting behavior
Choose differing member priority and ratio values and view the resulting behavior
Estimated time for completion: 10 minutes
Lab Requirements:
Access to a BIG-IP LTM with at least a pool with two or more working members
Restoring a Configuration from previous Lab 1. After connecting to F5 Training Lab, open a browser to https://192.168.1.245. 2. When prompted, login as admin with a password of admin. 3. If you have an existing lab environment, skip to step 10 below. 4. If starting with a new lab environment, on the Welcome / Setup Utility screen click Next. 5. On both the License and Resource Provisioning screens click Next. 6. On the Setup Utility / Platform screen enter a Host Name of bigip1.f5trn.com and change High Availability setting to Redundant Pair. 7. Enter a Root Account password of default twice and an Admin Account password of admin twice and then click Next. 8. You will be prompted to login again because of changing the Admin password. 9. After logging in, click the Finished button under Advanced Network Configuration. 10. From the Navigation pane, expand the System section, then select Archives. 11. Click the Module3_Lab_begin.ucs archive and then click the Restore button. An Ok button appears to acknowledge the restore has started. It will take a minute, but watch this screen and you should see messages that your restore completed successfully. You might receive one error message but that is ok and is due to the F5 Training Lab environment only. 12. Because of the state of BIG-IP, we need to reboot so that our Licensing and Provisioning takes effect. Select System / Configuration and click the Reboot box under Operations. 13. After Restore and Reboot, your configuration should be as if you had just finished all Module 2 labs. Please verify this is the case. Your configuration should include two pools named http_pool and https_pool and two virtual servers named vs_http and vs_https. None of the Pools or Pool Members should have Monitors assigned (blue square status).
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
3-20
Module 3 Lab – Load Balancing
Round Robin Load Balancing Lab If not zero, reset the Statistics for http_pool 1. From the Navigation pane, expand the Overview section and select Statistics. 2. From the Display options sections, change the Statistics Type to Pools. 3. Select the checkbox adjacent http_pool, and click Reset.
View Results using Round Robin Load Balancing 1. Open a browser session and access http://10.10.1.100. 2. Refresh the screen a few times by pressing Ctrl+F5 (Ctrl+R if using FireFox). 3. Navigate back to the pools statistics page. 4. What are the results? Were the connection requests distributed evenly? 5. Reset the statistics for http_pool.
Ratio member Load Balancing Lab Configure Member Ratios and Ratio (member) Load Balancing and test. 1. From the Navigation pane, expand the Local Traffic section. 2. Select Pools. 3. Select http_pool. 4. Select Members. 5. Within the Load Balancing section, change the Load Balancing Method to Ratio (member) and click Update. 6. Within the Configuration section of each member, set the ratio values as follows: Member 172.16.20.1:80 172.16.20.2:80 172.16.20.3:80
Ratio 1 2 3
7. Open a new browser session and connect to http://10.10.1.100. 8. Refresh the screen 5-10 times by pressing Ctrl-F5. 9. View the pool statistics. What are the results? 10. Reset the statistics for http_pool.
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
Module 3 Lab – Load Balancing
3-21
Expected Results and Troubleshooting
Expected result: Traffic will be distributed to the members with a 1:2:3 ratio.
Configuration reset if continuing to other Module Labs If you are not going to perform the Priority Group Activation Lab, but want to continue using your existing configuration with other Modules Labs, reset http_pool and members to the following settings:
Load Balancing: Round Robin
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
3-22
Module 3 Lab – Load Balancing
Priority Group Activation Lab Configure Priority Group Activation 1. From the Navigation pane, expand the Local Traffic section. 2. Select Pools. 3. Select http_pool. 4. Select Members. 5. In the Load Balancing section, change the Priority Group Activation setting to Less than …, the number of Available Members to 2, and click Update. 6. Within the Configuration section of each member, set the Priority values as follows: Member 172.16.20.1:80 172.16.20.2:80 172.16.20.3:80
Ratio 1 2 3
Priority Group 1 4 4
7. Open a new browser session and connect to http://10.10.1.100. 8. Refresh the screen 5-10 times by pressing Ctrl-F5. 9. View the pool statistics. What are the results? 10. Reset the statistics for http_pool. 11. Disable the member 172.16.20.2:80. 12. Open a new browser session and connect to http://10.10.1.100. 13. Refresh the screen 5-10 times by pressing Ctrl-F5. 14. View the pool statistics. What are the results? 15. Re-enable the member 172.16.20.2:80. 16. Reset the statistics for http_pool.
Expected Results and Troubleshooting
In step (9), 172.16.20.1:80 should receive no traffic. The traffic will be distributed to the other members with a 2:3 ratio
In step (14), 172.16.20.2:80 should receive no traffic. The traffic will be distributed to the other members with a 1:3 ratio
Configuration reset if continuing to other Module Labs If you want to continue using your existing configuration with other Modules Labs, reset http_pool and members to the following settings:
Load Balancing: Round Robin
Priority Group Activation: Disabled
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
Module 4 Lab – Monitors
4-23
Module 4 Lab – Monitors Objective:
Associate nodes with monitors
Create custom monitors
Estimated time for completion: 10 minutes
Lab Requirements:
Access to a BIG-IP LTM with at least one pool with two working members
Some knowledge of the traffic sent by the members
Restoring a Configuration from previous Lab 1. After connecting to F5 Training Lab, open a browser to https://192.168.1.245. 2. When prompted, login as admin with a password of admin. 3. If you have an existing lab environment, skip to step 10 below. 4. If starting with a new lab environment, on the Welcome / Setup Utility screen click Next. 5. On both the License and Resource Provisioning screens click Next. 6. On the Setup Utility / Platform screen enter a Host Name of bigip1.f5trn.com and change High Availability setting to Redundant Pair. 7. Enter a Root Account password of default twice and an Admin Account password of admin twice and then click Next. 8. You will be prompted to login again because of changing the Admin password. 9. After logging in, click the Finished button under Advanced Network Configuration. 10. From the Navigation pane, expand the System section, then select Archives. 11. Click the Module4_Lab_begin.ucs archive and then click the Restore button. An Ok button appears to acknowledge the restore has started. It will take a minute, but watch this screen and you should see messages that your restore completed successfully. You might receive one error message but that is ok and is due to the F5 Training Lab environment only. 12. Because of the state of BIG-IP, we need to reboot so that our Licensing and Provisioning takes effect. Select System / Configuration and click the Reboot box under Operations. 13. Your configuration should be as if you had just finished all Module 3 labs. Please verify this is the case. Your configuration should be licensed and include two Pools named http_pool and https_pool and two Virtual Servers named vs_http and vs_https. None of the Pools or Pool Members should have Monitors assigned (blue square status).
BIG-IP® LTM Essentials Web based Training Lab Guide – © 2010 F5 Networks, Inc.
4-24
Module 4 Lab – Monitors
Monitor for Nodes Lab Check Current Node States 1. From the Navigation pane, select the Local Traffic section. 2. Select Nodes. 3. What are the nodes’ statuses? 4. Will BIG-IP LTM distribute traffic to nodes that are Unknown?
Assign a Default Monitor to all Nodes 1. From the Navigation pane, expand the Local Traffic section. 2. Select Nodes. 3. Above the list of nodes, select Default Monitor. 4. From the list of Available monitors, select icmp, press the move to the left button (