LTM Fundamentals Exercise Guide - Partners - V13.0.K
LTM Fundamentals Exercise Guide - Partners - V13.0.K
LTM Fundamentals Exercise Guide - Partners - V13.0.K
Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or
affiliation, express or implied, claimed by F5.
These training materials and documentation are F5 Confidential Information and are subject to the F5 Networks Reseller Agreement. You
may not share these training materials and documentation with any third party without the express written permission of F5.
The F5 vLab (virtual lab environment) is an F5-community supported tool. Please DO NOT contact F5 Support for assistance with the vLab.
For help with the setup of the vLab or running a demonstration, you should contact your F5 Channel Account Manager (CAM).
Table of Contents
Introduction .................................................................................................................................................. 6
Introduction
Welcome to the F5 LTM Fundamentals Exercise Guide.
This guide provides hands-on experience with F5 BIG-IP® Local Traffic Manager™ (LTM).
You can use these exercises and the virtual environment (vLab) – this includes VMware Workstation or
VMware Fusion and BIG-IP® Virtual Edition (VE) – as a learning tool or to give customer demonstrations.
Note, this guide is written for the following product and vLab version:
• TMOS architecture v13.0.0
• VMware Workstation 10.0.0 or VMware Fusion 6.0.3
• Virtual images:
BIGIP 13.0.0.0.0.1645.ALL-scsi-ova
LAMP v4
Windows 7 External
The F5 vLab (virtual lab environment) is an F5-community supported tool. Please DO NOT contact F5 Support
for assistance with the vLab. For help with the setup of the vLab or running a demonstration, you should
contact your F5 Channel Account Manager (CAM).
WINDOWS Task 1 – Install VMware Workstation and Install the Trial License
You can skip this step if you already have VMware Workstation 10, 11, or 12 installed on your laptop. If not,
download and install VMware Workstation 12.
→NOTE: These exercises are tested for VMware Workstation version 10. There may be issues
with previous versions.
You need to purchase a VMware Workstation license; however, you have 30 days to
use the trial version.
Launch VMware Workstation, and then select Edit > Virtual Network Editor.
→NOTE: You will use this network to access the BIG-IP management interface.
This configures your local workstation with a VMware Network Adapter VMnet1 IP address within the
10.1.1.0 network.
Select VMnet2 and configure as follows:
o Select the NAT (shared host’s IP address with VMs) option.
o Select the Connect a host virtual adapter to this network checkbox.
o Leave the Use local DHCP service to distribute IP address to VMs checkbox selected.
o In the Subnet IP field enter 10.1.10.0.
o In the Subnet mask field enter 255.255.255.0.
o Click the NAT Settings button.
o In the Gateway IP field enter 10.1.10.2, and then click OK.
→NOTE: These NAT settings enable the BIG-IP system reach the Internet through your
workstation’s network adapter.
This configures your local workstation with a VMware Network Adapter VMnet 2 IP address within
the 10.1.10.0 network.
→NOTE: Ensure that the “Connect a host virtual adapter to this network” checkbox is cleared.
This prevents your local PC from having direct access to the internal network.
Click OK.
Your local workstation should not receive a VMware Network Adapter VMnet3 IP address.
Open a command prompt and type:
ipconfig
Use the table below to note the IP addresses for your VMnet adapters.
Adapter IPv4 Address
VMnet1
VMnet2
→NOTE: Ensure the location of this directory has at least 6GB of free disk space.
→NOTE: You can use the Windows 7 image instead of your own workstation to prevent
installing agents on your own workstation. In addition, all browsers and utilities
needed for hands-on exercises or customer demonstrations have already been
configured on this image. In order to use the Windows 7 image it is expected that you
have a valid Microsoft license key.
Unzip each downloaded file in the local directory you created earlier in this task.
Select Hard Disk 2 (SCSI), and then on the right-side of the window go to Utilities > Expand.
ONLY IF the current value is less than 20, set the Maximum disk size (GB) to 20, and then click Expand.
Click OK.
Select LAMP_v4 from the Library menu, and then click Edit virtual machine settings.
Map the network adapters to the appropriate VMware networks using the following table:
Device Network connection Use
Network Adapter Custom: Used for direct access from your host workstation
VMnet1 (Host-only)
Network Adapter 2 Bridged (Automatic) Not used; clear the Connect at power on checkbox
Network Adapter 3 Custom: VMnet3 Used to communicate within the internal VLAN
Network Adapter 4 Bridged (Automatic) Not used; clear the Connect at power on checkbox
Click OK.
Select LAMP_v4 from the Library menu, and then click Power on this virtual machine.
If prompted, click “I copied it”.
After the image powers on, within the VMware window on the LAMP desktop, leave the Xubuntu user
account selected and click Log in.
Click the Applications Menu icon on the top-left of the screen and go to Settings > Settings Manager.
Click Save, and then repeat these steps for the following:
o Wired connection 2 eth1
o Wired connection 3 eth2
o Wired connection 4 eth3
Delete Wired connection 5 – Wired connection 8.
→NOTE: The wired connection entries will not be removed from the Network Connections list
until you reboot the image.
Right-click Windows_7 in the Library bar and select Snapshot > Take Snapshot.
Name the snapshot Windows_7_Clean, and then click Take Snapshot.
→NOTE: If you do receive the incompatibility message regarding 64-bit operation below, then
continue, otherwise skip to WINDOWS Task 1B.
This is an issue with the Intel virtualization. To resolve it, you must reconfigure your system BIOS
Access your system BIOS. To find the disabled virtualization features, perform the following, depending
on the model of your devices:
o Go to Configuration, and then enable Intel Virtual Technology.
o Go to Security > Virtualization, and then enable Intel (R) Virtualization Technology and Intel (R)
VT-d Feature.
Press F10 to save and exit the system BIOS. The system reboots and you can proceed.
After the BIG-IP system has powered on, you are presented with the localhost login screen.
→NOTE: You can generate up to 9 BIG-IP trial licenses each year. Each license is good for 90
days. However, you are only able to submit a request 3 times each year. Therefore, it
is recommended that each time you request a trial license you request the maximum
of 3 licenses per request.
Select and copy all the dossier text to your clipboard. (NOTE: Use Ctrl + A and then Ctrl + C.)
Select Click here to access F5 Licensing Server.
On the Activate F5 Product page, paste the dossier text in the field, and then click Next.
Select to accept the legal agreement, and then click Next.
Select and copy all the license key text to your clipboard (NOTE: Use Ctrl + A and then Ctrl + C.),
and then close the Activate F5 Product page.
On the Setup Utility > License page, paste the license key text into the Step 3: License field, and then
click Next.
The BIG-IP system configuration updates. This takes several seconds.
After the configuration changes complete, log in to the BIG-IP system.
On the Resource Provisioning page, ensure only Local Traffic (LTM) is set to Nominal and click Next.
On the Device Certificate page click Next.
On the Platform page, configure these settings using the following information, and then click Next.
Host Name bigipA.f5demo.com
Root Account (Password and Confirm) Default
Admin Account (Password and Confirm) Admin
You are prompted to log out and log back in to the BIG-IP system.
Click OK, and then log back in to the BIG-IP system.
Under Standard Network Configuration click Next.
On the Redundant Device Wizard Options page leave the default settings and click Next.
In the Internal Network Configuration and Internal VLAN Configuration sections, configure the settings
using the following information, and then click Next.
Self IP: Address 10.1.20.241
Self IP: Netmask 255.255.255.0
Self IP: Port Lockdown Allow Default
Floating IP: Address 10.1.20.240
Floating IP: Port Lockdown Allow Default
Interfaces 1.2 (untagged)
On the High Availability Network Configuration page, configure the highlighted settings using the
following information, and then click Next.
High Availability VLAN Select existing VLAN
Select VLAN internal
Self IP: Address 10.1.20.241
Self IP: Netmask 255.255.255.0
VLAN Interfaces 1.2 (untagged)
On the Network Time Protocol Configuration page, enter10.1.20.252, then click Add, and then
click Next.
On the Domain Name Server Configuration page, enter 4.2.2.2 and then click Add.
If listed, select the 10.1.1.1 entry, then click Delete, and then click Next.
On the ConfigSync Configuration page, leave 10.1.20.241 (internal) selected and click Next.
On the Failover Unicast Configuration page, leave the default settings and click Next.
On the Mirroring Configuration page, leave the default settings and click Next.
On the Active/Standby Pair page, under Advanced Device Management Configuration click Finished.
Name Resource
external_default_gateway 10.1.10.2
Use an SSH client (such as Putty) to connect to the external self IP address 10.1.10.241.
Question:
Did autocomplete display options? _____________________
Question:
What information is listed? ________________________________
Questions:
Did autocomplete display options? _______________________
Why did the tmos prompt replace “list net vl” with “list net vlan”?
_______________________________________________________________________
Question:
What information is listed? ________________________________
In the Configuration Utility, open the Local Traffic > Nodes > Node List page.
Use the SSH client again to connect to: 10.1.10.241, and then log in using the admin account.
Close the SSH session.
In the Configuration Utility, attempt to log back in to the BIG-IP system using the following credentials:
Username: root
Password: default
You cannot log in to the Configuration Utility using the root account. You can only use the root
account for CLI access.
Use the SSH client to access: 10.1.10.241, and then log in using your new user account.
Question:
Are you at the CLI prompt or the tmos prompt? _________________________
Log back into the Configuration Utility using your new user account.
Open the Local Traffic > Pools > Pool List page.
Question:
Why are the Create and Delete buttons greyed out? ________________________________
Question:
Can you modify the role assigned to your user account? _______________________
Log out, and then log back in using the admin account.
Open the System > Users > User List page and click your user account.
Select the Operator entry in the box, and then click Edit.
From the Role list select Resource Administrator, and then click Add.
From the Terminal Access list select Advanced shell, and then click Update.
Question:
Were you successful? _______________________
Log out, and then log in using your new user account with the WRONG password. (NOTE: You will view
this failed login attempt in the LTM audit log.)
Log in using your new user account with the correct password.
Open the Local Traffic > Pools > Pool List page.
You now have privileges to create and delete pools.
Open the System > Logs > Audit > List page.
Type fail in the search field, and then click Search.
Locate the log entry for the failed login attempt by your user account.
The vLab environment is intended for F5 Networks training and demonstration purposes only. You are
not authorized to distribute the vLab to any other parties.
Click Update, and then click Log out.
Change the URL to http://10.1.1.245.
You are redirected to the HTTPS site, and the Login page now displays the custom message.
Log in using your new user account.
The startup page is now the Statistics page.
Use an SSH client to connect to: 10.1.10.241, and then log in using your new user account.
At the CLI type:
tmsh
MAC Task 1 – Install VMware Fusion and Install the Trial License
You can skip this step if you already have VMware Fusion 8 installed on your laptop. If not, download and install
VMware Fusion 8.
→NOTE: These exercises are tested for VMware Fusion version 6 Professional. There may be
issues with previous versions.
You need to purchase a VMware Fusion Professional license; however, you have
30 days to use the trial version.
Launch VMware Fusion, and then select VMware Fusion > Preferences.
→NOTE: If you do not see a Network icon, you did not install VMware Fusion Professional. Go
back to the VMware web site and install VMware Fusion Pro.
→NOTE: You will use this network to access the BIG-IP management interface.
This configures your local workstation with a vmnet2 IP address within the 10.1.1.0 network.
→NOTE: The NAT option enables the BIG-IP system reach the Internet through your
workstation’s network adapter.
This configures your local workstation with a vmnet3 IP address within the 10.1.10.0 network.
Select vmnet4, and configure as follows:
o Leave the Allow virtual machines on this network to connect to external networks (using NAT)
checkbox cleared.
o Clear the Connect the host Mac to this network checkbox.
o Leave the Provide addresses on this network via DHCP checkbox selected.
o In the Subnet IP field enter 10.1.20.0.
o In the Subnet mask field enter 255.255.255.0.
→NOTE: Ensure that the “Connect the host Mac to this network” checkbox is cleared. This
prevents your local workstation from having direct access to the internal network.
→NOTE: In order to use the Windows 7 image it is expected that you have a valid Microsoft
license key. In addition, all hands-on exercise and customer demonstration documents
are written for a Windows workstation. You should use the Windows 7 VMware image
to perform the exercises and demos. If you choose to, you can use your Macintosh
workstation and Safari web browser, but it will be your responsibility to translate the
steps (written for a Windows environment) into the Mac environment.
Click Show All, then click Network Adapter 2, and then click the vmnet3 option.
Click Show All, then click Network Adapter 3, and then click the vmnet4 option.
Click Show All, then click Network Adapter 4, and then modify the Enable Network Adapter option
to OFF.
Select LAMP_v4 from the Virtual Machine Library, and then click Settings.
Click Network Adapter, and then click the vmnet2 option. (NOTE: Ensure you have selected the option
button.).
Select LAMP_v4 from the Virtual Machine Library, and then click Start Up.
After the image powers on, within the VMware window on the LAMP desktop, leave the Xubuntu user
account selected and click Login.
Click the Applications Menu icon on the top-left of the screen and go to Settings > Settings Manager.
Click Save, and then repeat these steps for the following:
o Wired connection 2 eth1
o Wired connection 3 eth2
o Wired connection 4 eth3
Delete Wired connection 5 – Wired connection 8.
→NOTE: The wired connection entries will not be removed from the Network Connections list
until you reboot the image.
Click Take, and then name the snapshot LAMP_v4_Clean, and then click Take.
Close the LAMP_v4: Snapshots window.
Click BIGIP-13.0_LTMFund from the Virtual Machine Library, and then click Start Up.
After the BIG-IP system has powered on, you are presented with the localhost login screen.
→NOTE: You can generate up to 9 BIG-IP trial licenses each year. Each license is good for 90
days. However, you are only able to submit a request 3 times each year. Therefore, it
is recommended that each time you request a trial license you request the maximum
of 3 licenses per request.
Select and copy all the dossier text to your clipboard. (NOTE: Use ⌘ + A and ⌘+ C)
On the Activate F5 Product page, paste the dossier text in the field (NOTE: Use ⌘ + V), and then
click Next.
Select to accept the legal agreement, and then click Next.
Select and copy all the license key text to your clipboard (NOTE: Use ⌘ + A and ⌘+ C), and then close
the Activate F5 Product page.
On the Setup Utility > License page, paste the license key text into the Step 3: License field, and then
click Next.
The BIG-IP system configuration updates. This takes several seconds.
After the configuration changes complete, log in to the BIG-IP system.
On the Resource Provisioning page, ensure only Local Traffic (LTM) is set to Nominal and click Next.
On the Device Certificate page click Next.
On the Platform page, configure these settings using the following information, and then click Next.
Host Name bigipA.f5demo.com
Root Account (Password and Confirm) default
Admin Account (Password and Confirm) admin
You are prompted to log out and log back in to the BIG-IP system.
Click OK, and then log back in to the BIG-IP system.
Under Standard Network Configuration click Next.
On the Redundant Device Wizard Options page leave the default settings and click Next.
In the External Network Configuration and External VLAN Configuration sections, configure the settings
using the following information, and then click Finished.
External VLAN Create VLAN external
Self IP: Address 10.1.10.241
Self IP: Netmask 255.255.255.0
Self IP: Port Lockdown Allow 443
Default Gateway 10.1.10.2
Floating IP: Address 10.1.10.240
Floating IP: Port Lockdown Allow 443
VLAN Interfaces 1.1 (untagged)
On the High Availability Network Configuration page, configure the highlighted settings using the
following information, and then click Next.
High Availability VLAN Select existing VLAN
Select VLAN Internal
Self IP: Address 10.1.20.241
Self IP: Netmask 255.255.255.0
VLAN Interfaces 1.2 (untagged)
On the Network Time Protocol Configuration page, enter10.1.20.252, then click Add, and then
click Next.
On the Domain Name Server Configuration page, enter 4.2.2.2 and then click Add.
Select the 10.1.1.1 entry, then click Delete, and then click Next.
On the ConfigSync Configuration page, leave 10.1.20.241 (internal) selected and click Next.
On the Failover Unicast Configuration page, leave the default settings and click Next.
On the Mirroring Configuration page, leave the default settings and click Next.
To find manuals and product information, click the User Documentation link to go to AskF5.com.
The AskF5 knowledge base web site displays. You can use this site to view knowledge base articles and
download product manuals.
Close the Ask F5 web page.
Click the Run the Setup Utility link.
You can run the Setup Utility at any time. However, you can also make changes manually using the
Network option on the left navigation menu.
Name Resource
external_default_gateway 10.1.10.2
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 40
Mac Exercise 1.2 – Initial BIG-IP Configuration
Question:
Did autocomplete display options? _____________________
Question:
What information is listed? ________________________________
Questions:
Did autocomplete display options? _______________________
_______________________________________________________________________
Question:
What information is listed? ________________________________
In the Configuration Utility, open the Local Traffic > Nodes > Node List page.
Use the SSH session again to connect to: 10.1.10.241 using the admin account.
Exit the SSH session.
In the Configuration Utility, attempt to log back in to the BIG-IP system using the following credentials:
Username: root
Password: default
You cannot log in to the Configuration Utility using the root account. You can only use the root
account for CLI access.
Use the SSH session to access: 10.1.10.241 using your new user account.
Question:
Are you at the CLI prompt or the tmos prompt? _________________________
Log back into the Configuration Utility using your new user account.
Open the Local Traffic > Pools > Pool List page.
Question:
Why are the Create and Delete buttons greyed out? ________________________________
Open the System > Users > User List page and click your user account.
Question:
Can you modify the role assigned to your user account? _______________________
Log out, and then log back in using the admin account.
Open the System > Users > User List page and click your user account.
From the Role list select Resource Administrator, and then click Add.
From the Terminal Access list select Advanced shell, and then click Update.
Question:
Were you successful? _______________________
Log out, and then log in using your new user account with the WRONG password. (NOTE: You will view
this failed login attempt in the LTM audit log.)
Log in using your new user account with the correct password.
Open the Local Traffic > Pools > Pool List page.
You now have privileges to create and delete pools.
Open the System > Logs > Audit > List page.
Type fail in the search field, and then click Search.
Locate the log entry for the failed login attempt by your user account.
The vLab environment is intended for F5 Networks training and demonstration purposes only. You are
not authorized to distribute the vLab to any other parties.
Click Update, and then click Log out.
Change the URL to http://10.1.1.245.
You are redirected to the HTTPS site, and the Login page now displays the custom message.
Log in using your new user account.
The startup page is now the Statistics page.
Use the SSH session to connect to: 10.1.10.241 using your new user account.
At the CLI, type:
tmsh
Open the Local Traffic > Nodes > Node List page.
The BIG-IP system automatically creates a node for each pool member, using the node IP address as
the node name.
Open the Local Traffic > Virtual Servers > Virtual Server List page and click Create.
Create a virtual server using the following information, and then click Finished.
Name http_virtual
Type Standard
Destination Address 10.1.10.20
Service Port 80 (HTTP)
State Enabled
Default Pool http_pool
Windows users: On your host workstation, open a command prompt and type:
ipconfig
Mac users: On your host workstation, open a terminal window and type:
ifconfig
Identify the IP address issued in the external VLAN (in the 10.1.10.0 subnet) and document it in the
diagram on the next page.
Identify the IP address issued in the Management network (in the 10.1.1.0 subnet) and document it in
the diagram on the next page.
In the Windows 7 VMware image, open a command prompt and type:
ipconfig
Identify the IP address issued in the external VLAN (in the 10.1.10.0 subnet) and document it in the
diagram on the next page.
In VMware, access the LAMP desktop, then open a terminal window and type:
ip address list
Each IP address represents a different web server on the internal VLAN. Document the IP addresses for
each different LAMP server in the diagram on the next page.
Document the virtual server IP address you created in Task 2 in the diagram.
Draw arrows from the virtual server IP address to each pool member you configured in Task 1.
Host workstation
external IP:
Windows 7 image
http_virtual
IP:
VLAN: external Management network
Self IP: 10.1.10.240 IP: 10.1.1.245
VLAN: internal
Self IP: 10.1.20.240
LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
In the Configuration Utility, open the Statistics > Module Statistics > Local Traffic page.
From the Statistics Type list select Virtual Servers.
Question:
How many connections were opened to create the web page? ___________
In the F5 vLab Test web page, type Ctrl+F5 several times to force the web browser to refresh without
using its cache.
In the Configuration Utility, from the Statistics Type list select Pools, and then expand http_pool.
Questions:
Did traffic go to each pool member? _____________
Did each member manage approximately the same number of connections? __________
In the F5 vLab Test web page, review the Request Details and examine the Client IP address/port
Questions:
What is the client IP address? ________________________
In the Configuration Utility, open the Local Traffic > Virtual Servers > Virtual Server List page and
click http_virtual.
In the Configuration section, from the Source Address Translation list select Auto Map,
and then click Update.
In the F5 vLab Test web page, use Ctrl+F5 to refresh the page.
Question:
What is the client IP address? ________________________
In the Configuration Utility, open the Local Traffic > Network Map page.
Use the mouse to hover over the virtual server and pool objects and notice the information displayed for
each object.
Hover over the pool member objects and notice the information displayed.
Click the 10.1.20.11:80 pool member.
The pool member properties page displays.
In the Parent Node row, click 10.1.20.11.
The node properties page displays.
Open the Local Traffic > Pools > Pool List page and click http_pool.
Open the Members page.
Open the Statistics > Module Statistics > Local Traffic page, and from the Statistics Type list
select Virtual Servers.
Select the http_virtual checkbox, and then click Reset.
Open the Local Traffic > Nodes > Node List page.
Questions:
Did BIG-IP LTM create new nodes for this pool? _________________
Open the Local Traffic > Virtual Servers > Virtual Server List page and click Create.
Create a virtual server using the following information, and then click Finished.
Name open_virtual
Type Standard
Destination Address 10.1.10.20
Service Port * All Ports
Default Pool open_pool
There are now two virtual servers listening on the same IP address, one on port 80 only, the other on
all ports.
Open the Statistics > Module Statistics > Local Traffic page, and then select to view Virtual Servers
statistics.
Ensure the statistics for both virtual servers are reset.
Use a new tab to access http://10.1.10.20.
In the Configuration Utility, on the Virtual Servers statistics page, click Refresh.
Question:
Which virtual server processed this request? _________________________
→NOTE: It’s not necessary to log into the CLI to complete this task.
Question:
Which virtual server processed this request? _________________________
In the Configuration Utility, on the Virtual Servers statistics page, click Refresh.
Question:
Which virtual server processed this request? _________________________
The HTTP request was processed by http_virtual, as this virtual server is more specific than
open_virtual. The SSH and HTTPS requests were processed by open_virtual.
Open the Local Traffic > Virtual Servers > Virtual Server List page.
Select the open_virtual checkbox, and then click Delete twice.
Open the Local Traffic > Pools > Pool List page.
Select the open_pool checkbox, and then click Delete twice.
→NOTE: You cannot run the route add command while connected to an F5 VPN.
Notice this adds a route to the 10.1.20.0 network through 10.1.10.240 which is the external floating
self IP address of the BIG-IP system.
Use a new tab to attempt to access a pool member directly at http://10.1.20.13. The request fails again,
because the BIG-IP system is a default deny device and does not have a listener to match this request.
→NOTE: Notice there is no option to configure a pool for a Forwarding (IP) virtual.
→NOTE: It’s not necessary to log into the CLI to complete this task.
Close the SSH session and the F5 vLab Test Web tab.
You now have access to all ports and all protocols on the 10.1.20.0 network.
In the Configuration Utility, on the Virtual Server List page, create a virtual server using the following
information, and then click Finished.
Name reject_ssh_virtual
Type Reject
Destination Address 10.1.20.0/24
Service Port 22 (SSH)
In the Configuration Utility, on the Virtual Server List page, create a virtual server using the following
information, and then click Finished.
Name forward_virtual_20.11
Type Forwarding (IP)
Destination Address 10.1.20.11
Service Port * All Ports
→NOTE: It’s not necessary to log into the CLI to complete this task.
To setup for future labs, open Virtual Servers page, select the forward_virtual, reject_ssh_virtual, and
forward_virtual_20.11 checkboxes, and then click Delete twice.
In the command prompt window, type:
route delete 10.1.20.0
→NOTE: JMeter is already installed in the Windows 7 image. If you are using the Windows 7
image you can skip to exercise 4.2.
Open the Start menu, and then type environment in the search bar.
Click Edit environment variables for your account.
NOTE: If you do not have JMeter installed, return and complete Exercise 4.1.
NOTE: If you are using the Windows 7 image you can open JMeter from the desktop.
In the navigation panel, right-click Test Plan, and then select Add > Threads (Users) >
Thread Group.
Question:
Were the connections distributed evenly between the three pool members? ________
Reset the statistics for the pool and all pool members.
Open the Local Traffic > Pools > Pool List page and click http_pool.
Open the Members page.
In the Load Balancing section, from the Load Balancing Method list select Ratio (member), and then
click Update.
In JMeter, select Summary Report, and then go to Run > Clear, and then go to Run > Start.
Use the Summary Report to monitor the results.
When the total # Samples value reaches 600, the test is complete.
In the Configuration Utility, view the Pools statistics.
Questions:
Were the connections distributed evenly? _____________
Reset the statistics for the pool and all pool members.
Click to edit the http_pool object, and then open the Members page.
Update the pool members using the following information:
Member Connection Limit
10.1.20.11: 80 1200
10.1.20.12: 80 250
10.1.20.13: 80 50
Return to the Members page, then from the Load Balancing Method list
select Weighted Least Connections (member), and then click Update.
In JMeter, select Summary Report, and then go to Run > Clear, and then go to Run > Start.
Use the Summary Report to monitor the results.
When the total # Samples value reaches 600, the test is complete.
Close JMeter.
In the Configuration Utility, view the Pools statistics.
Question:
Were the pool members utilized properly based on the configured connection limits?
_________
Reset the statistics for the pool and all pool members.
Click to edit the http_pool object, and then open the Members page.
Change the Load Balancing Method back to Ratio (Member).
From the Priority Group Activation list select Less than.
In the Available Member(s) field, enter 2, and then click Update.
From the Members page, add new pool members using the following information:
Address Service Port Ratio Priority Group Connection Limit
10.1.20.14 80 2 4 10
10.1.20.15 80 1 3 10
Use a new tab to access http://10.1.10.20, and then use Ctrl+F5 several times to refresh the page.
Question:
Which members are supplying content for the request? _____________________________
With priority group activation set to 2 members, why are there now three members
supplying content?
___________________________________________________________________________
Question:
Which members are supplying content for the request? _____________________________
Select icmp from the Available list box, then click <<, and then click Update.
Open the Node List page, and examine the Status of the listed nodes.
Open the Local Traffic > Monitors page and click Create.
Create a new monitor using the following information, and then click Finished.
Name custom_icmp_monitor
Type ICMP
Parent Monitor icmp
Interval 4
Timeout 13
Transparent No
Open the Local Traffic > Nodes > Node List page and click 10.1.20.12.
From the Health Monitors list select Node Specific.
From the Available list select custom_icmp_monitor, then click <<, and then click Update
This is not a recommended configuration. This set up is only to demonstrate three methods to assign
monitors to nodes.
Open the Local Traffic > Pools > Pool List page, then click http_pool, and then open the Members page.
Examine the Status of the listed members.
Question:
Will BIG-IP LTM distribute traffic to pool members that are unknown? _____________
Open the Local Traffic > Monitors page and click Create.
Create a monitor using the following information, and then click Finished.
Name custom_http_monitor
Type HTTP
Interval 3
Timeout 10
Send String GET /HealthCheck.html\r\n
Receive String SERVER_UP
Open the Local Traffic > Pools > Pool List page and click http_pool.
For Health Monitors, select custom_http_monitor, then click <<, and then click Update.
Question:
Why is the status of node 10.1.20.13 different from the other nodes?
___________________________________________________________________
→NOTE: You can use the Tab key to autocomplete the web page name.
Use the ↓ key to move the cursor to the SERVER_UP paragraph, and use the → key to move the cursor
after the word UP.
Type X twice to delete UP.
To save and quit visual editor, type:
:wq (followed by the Enter key)
The text string SERVER_UP will no longer be found in HealthCheck.html on pool member
10.1.20.12:80.
Wait 10 seconds, and then in the Configuration Utility on the Network Map page, click Update Map
several times.
The virtual server and pool still display available.
Pool members 10.1.20.11:80 and 10.1.20.12:80 display offline. These pool members display available:
o 10.1.20.13:80
o 10.1.20.14:80
o 10.1.20.15:80
In the SSH session, to delete the IP address from 10.1.20.14:80, type:
ip addr del 10.1.20.14/24 dev eth1
This removes the IP address from node 4. The BIG-IP system will not receive an ICMP response from
the node.
Wait 10 seconds, and then in the Configuration Utility on the Network Map page, click Update Map
several times.
Eventually pool member 10.1.20.15:80 displays unavailable because it reaches the configured
connection limit.
Use a new tab to access http://10.1.10.20.
The page will be slow to load, and there should only be page elements supplied by pool member
10.1.20.13:80.
In the Configuration Utility, go to node 10.1.20.13, select Forced Offline, and then click Update.
Open the Network Map page and click Update Map.
In the F5 vLab Test Web Site tab, use Ctrl+F5 several times to refresh the page.
Eventually you’ll receive a page error, as there will be no pool members left to fulfill the request.
In the F5 vLab Test Web Site tab, use Ctrl+F5 several times to refresh the page.
There are now page elements coming from both 10.1.20.12:80 and 10.1.20.15:80.
In the Configuration Utility on the Network Map page, click Update Map.
The virtual server and pool display available.
Pool members 10.1.20.11:80 and 10.1.20.14:80 display offline.
Pool member 10.1.20.13:80 displays forced offline.
Pool members 10.1.20.12:80 and 10.1.20.15:80 display available.
Open the Local Traffic > Monitors page and click Create.
Create a monitor using the following information, and then click Finished.
Name custom_inband_monitor
Type Inband
Retry Time 0 seconds
With this configuration, BIG-IP LTM determines if a pool member is available based on it’s responses to
actual user requests. If the pool member responds BIG-IP LTM considers the pool member available. If
the pool member has 3 failures (no response within 10 seconds) within 30 seconds,
BIG-IP LTM considers the pool member down.
With this configuration, BIG-IP LTM uses the up interval setting for the active monitor (60 seconds) if
the inband monitor identifies the pool member available. If the inband monitor identifies the pool
member as suspect or offline, the regular interval is used for the active monitor (3 seconds).
In the F5 vLab Test Web Site tab, use Ctrl+F5 several times to refresh the page.
There are now page elements provided by 10.1.20.11:80, 10.1.20.12:80, and 10.1.20.15:80.
In the Configuration Utility, open the Network Map page.
Click 10.1.20.11:80 and examine the Availability and Health Monitors statuses.
In the SSH session, to replace the HealthCheck.html web page on 10.1.20.11:80, type:
cd ..
cd 1
mv HealthCheck.html.down HealthCheck.html
When a monitor is set for manual resume, a BIG-IP system administrator must manually enable the
pool member after the monitor is again identified as available
Select Enabled (All traffic allowed), and then click Update.
Open the Network Map page.
The pool member 10.1.20.11:80 is available.
Questions:
Did the custom profile inherit the Maximum Requests setting? _______________
Did the custom profile inherit the Maximum Header Size setting? ________________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 83
Exercise 6.1 – Using an HTTP Profile
Use a new tab to access http://10.1.10.20, and then click the Request and Response Headers link.
Using both tabs, examine the different Response Headers delivered to the Client sections.
Questions:
Why are there less response headers in the second version of this web page?
_______________________________________________________________
Which response headers that were exposed in the first version of this web page could be
exploited by a hacker?
________________________________________________________________
Using both tabs, examine the different Request Headers Received at the Server section.
Question:
On the second version, what is the X-Forwarded-For value? _________________________
Questions:
What was the result of this request? ________________
In the Configuration Utility, open the Local Traffic > Profiles > Services > HTTP page and
click custom_http_profile.
Edit the profile using the following information, and then click Update.
Request Header Erase User-Agent
Request Header Insert Bigip-Http-Virtual:10.1.10.20
Response Headers Allowed Content-Type Set-Cookie Location X-Injected
In the F5 vLab Test Web Site tab, type Ctrl+F5 to refresh the Request and Response Headers page.
Questions:
Is the new Bigip-Http-Virtual request header displaying? ________________
In the Configuration Utility, open the Local Traffic > Profiles > Other > Stream page and click Create.
Create a stream profile using the following information, and then click Finished.
Name custom_stream
Source Lorax Bank
Target Lorax Investments
In the Acceleration section, from the HTTP Compression Profile list select httpcompression, and then
click Update.
In the F5 vLab Test Web Site tab, type Ctrl+F5 to refresh the Welcome to Lorax Bank page.
The stream profile replaced all occurrences of the string Lorax Bank with Lorax Investments, including
the page title that displays on the tab.
Close the F5 vLab Test Web Site tab.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 86
Exercise 6.2 – Using a Stream Profile
Question:
Why did we need to add an http compression profile also? ________________
→NOTE: For Mac users, iMacros for Firefox is already installed in the Windows 7 image. If you
are using the Windows 7 image you can skip to task 2.
Open the Acceleration > Profiles > HTTP Compression page and click Create.
Create an HTTP Compression profile using the following information, and then click Finished.
Name custom_compression
Parent Profile wan-optimized-compression
Minimum Content Length 10 bytes
gzip Compression Level 6 – Optimal Compression
Browser Workarounds Enabled
Open the Acceleration > Profiles > Web Acceleration page and click Create.
Create a Web Acceleration profile using the following information, and then click Finished.
Name custom_caching
Parent Profile optimized-acceleration
Cache Size 500 megabytes
Open the Local Traffic > Profiles > Protocol > TCP page and click Create.
Create a TCP profile using the following information, and then click Repeat.
Name custom_tcp_server_profile
Parent Profile tcp_lan_optimized
Create another TCP profile using the following information, and then click Finished.
Name custom_tcp_client_profile
Parent Profile tcp_wan_optimized
Memory Management: 196608
Proxy Buffer High
Data Transfer: Disabled
Delayed Acks
Data Transfer: Disabled
Nagle’s Algorithm
Loss Detection and Recovery: Enabled
Selective NACK
Open the Local Traffic > Profiles > Other > OneConnect page and click Create.
Create a OneConnect profile using the following information, and then click Finished.
Name custom_oneconnect
Source Prefix Length Specify: IPv4 :16
Maximum Size 12000
Create a pool using the following information, and then click Finished.
Name http_pool2
Health Monitors custom_http_monitor
Members Node Service Port
(Use the Node List option) 10.1.20.11 80
10.1.20.12 80
10.1.20.13 80
10.1.20.14 80
10.1.20.15 80
Document the new virtual server IP address in the diagram on the next page.
Host workstation
external IP:
Windows 7 image
http_virtual2
IP:
http_virtual
IP: 10.1.10.20
VLAN: external Management network
Self IP: 10.1.10.240 IP: 10.1.1.245
VLAN: internal
Self IP: 10.1.20.240
LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.11 10.1.20.12 10.1.20.13 10.1.20.14 10.1.20.15
LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.16 10.1.20.17 10.1.20.18 10.1.20.19 10.1.20.252
Open a new private window in Mozilla Firefox, and then access http://10.1.10.21.
Questions:
What are the Bits In and Bits Out values for http_virtual? ___________________________
What are the Bits In and Bits Out values for http_virtual2? ___________________________
Did compression reduce the amount of data sent to the user (Bits Out)? _____________
Questions:
What are the Bits In and Bits Out values for http_pool? ______________________________
Did caching lower the data between BIG-IP LTM and pool members (Bits In)? _____________
Did OneConnect lower the number of connections required for http_pool2? _____________
Reset the statistics for both pools and all pool members.
From the Statistics Type list select Profiles Summary.
Click the View link for HTTP Compression.
Questions:
What is the pre and post compress values for HTML content? _________________________
What is the pre and post compress values for Plain content? _________________________
Click the Back button, and then click the View link for Web Acceleration.
Questions:
How many total items were cached? ___________________
How many bytes of data were served from the BIG-IP system cache (Hits)? ______________
Open the Local Traffic > Profiles > Persistence page and click Create.
Create a persistence profile using the following information, and then click Finished.
Name custom_source_address
Persistence Type Source Address Affinity
Timeout 15 seconds
Prefix Length Specify: IPv4 : 24
Questions:
Are responses coming from one or several pool members? ______________________
Which pool member is supplying the content for this request? ____________________
Wait over 20 seconds and then use Ctrl+F5 to refresh the page again.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 97
Exercise 8.1 – Using Source Address Persistence
Questions:
Was the same pool member used for this request? _______________
In the Configuration Utility, open the Local Traffic > Profiles > Persistence page and click
custom_source_address.
Modify the Timeout value to 45 seconds, and then click Update.
Open the Virtual Server List page and click http_virtual.
From the Source Address Translation list select Auto Map, and then then click Update.
Use Ctrl+F5 to refresh the F5 vLab Test Web Site tab.
In the VMware library, select LAMP_v4.
Within the VMware window on the LAMP desktop, leave the Xubuntu user account selected and
click Login.
Questions:
Did the two different browsers use the same pool member? _______________
Question:
What is the Node Addr value(s) in the persistence records? ________________________
Question:
How many persistence records are there? ________________________
In the Configuration Utility, open the Local Traffic > Profiles > Persistence page and click Create.
Create a persistence profile using the following information, and then click Finished.
Name custom_cookie
Persistence Type Cookie
Questions:
Was the update successful? _______________
Question:
Is there a persistence record on the BIG-IP system for this session? _______________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 100
Exercise 8.3 – View Persistence with Disabled and Offline Pool Members
Task 1 – Update the Source Address Profile and the Virtual Server
Update the timeout value in custom_source_address, and then update http_virtual to use
custom_source_address.
Open the Local Traffic > Profiles > Persistence page and click custom_source_address.
Modify the Timeout to 60 seconds, and then click Update.
Open the Virtual Server List page, then click http_virtual, and then open the Resources page.
From the Default Persistence Profile list select custom_source_address, and then click Update.
Task 2 – View the Effects of Disabled and Forced Offline Pool Members
Identify how persistence affects disabled and offline pool members.
Use a new tab to access http://10.1.10.20. Use Ctrl+F5 several times to refresh the page.
Question:
To which pool member are you persisting? ______________________
Questions:
Did you persist to the same pool member? _______________
Questions:
Did you persist to the same pool member? _______________
Question:
Did the persistence session go back to the original pool member? _______________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 102
Exercise 8.4 – Using Match Across Virtual Servers
Create a pool using the following information, and then click Finished.
Name https_pool
Health Monitors https_443
Members Node Service Port
(Use the Node List option) 10.1.20.11 443
10.1.20.12 443
10.1.20.13 443
10.1.20.14 443
10.1.20.15 443
Create a virtual server using the following information, and then click Finished.
Name https_virtual
Destination Address 10.1.10.20
Service Port 443 (HTTPS)
Default Pool https_pool
Open the Statistics > Module Statistics > Local Traffic page.
Reset the statistics for both virtual servers, both pools, and all pool members.
Use a new tab to access http://10.1.10.20 .
Type Ctrl+F5 exactly three times.
Use a second tab to access https://10.1.10.20 .
Type Ctrl+F5 exactly three times.
Close both F5 vLab Test Web Site tabs.
In the Configuration Utility, on the pools Statistics page, click Refresh, and then expand both pools.
Questions:
Are requests for http_pool persisting to one pool member? _______________
Reset the statistics for both pools and all pool members.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 103
Exercise 8.4 – Using Match Across Virtual Servers
Open the Virtual Servers page, then click https_virtual, and then open the Resources page.
From the Default Persistence Profile list select custom_source_address, and then click Update.
Use a new tab to access http://10.1.10.20.
Type Ctrl+F5 exactly three times.
Use a second tab to access https://10.1.10.20.
Type Ctrl+F5 exactly three times.
Close both F5 vLab Test Web Site tabs.
In the SSH session re-issue the following command:
tmsh show /ltm persistence persist-records all-properties
Questions:
Are requests for http_pool persisting to one pool member? _______________
Are requests for each different pool persisting to the same pool member? ___________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 104
Exercise 8.4 – Using Match Across Virtual Servers
In the SSH session re-issue the following command:
tmsh show /ltm persistence persist-records all-properties
Question:
Are requests for each different pool persisting to the same pool member? ___________
For both http_virtual and https_virtual, change the persistence to None, and then click Update.
Reset the statistics for both pools.
Create an archive file named ltmfund_mod08_persistence_profiles_v13.0.0.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 105
Exercise 9.1 – Supporting SSL Traffic
Open the Local Traffic > Profiles > SSL > Client page, and then click Create.
Name the profile custom_client.ssl.
For Certificate Key Chain select the Custom checkbox, and then click Add.
Use following information: (NOTE: Copy and paste the pass phrase.)
Certificate custom_ssl_cert
Key custom_ssl_cert
Click Add for Certificate Key Chain, and then click Finished.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 107
Exercise 9.1 – Supporting SSL Traffic
Open the Local Traffic > Monitors page and click Create.
Create a monitor using the following information, and then click Finished.
Name custom_https_monitor
Type HTTPS
Send String GET /index.php\r\n
Receive String FSE vLab Test Web Site
Open https_pool, and change the Monitor to custom_https_monitor, and then click Update.
→ NOTE: Both https_pool and https_virtual were created in Exercise 8.4 Task 1. If you skipped
that exercise then go back and configure those two objects because they are used in
this module’s exercises and beyond.
Document the https virtual server IP address and port in the diagram on the next page.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 108
Exercise 9.1 – Supporting SSL Traffic
external IP:
Host workstation
external IP:
Windows 7 image
https_virtual
IP/port:
http_virtual2
IP/port: 10.1.10.21:80
VLAN: internal
Self IP: 10.1.20.240
LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.11 10.1.20.12 10.1.20.13 10.1.20.14 10.1.20.15
LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.16 10.1.20.17 10.1.20.18 10.1.20.19 10.1.20.252
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 109
Exercise 9.1 – Supporting SSL Traffic
Use a new tab to access https://10.1.10.20.
Questions:
What is listed in your browser’s URL box? ________________________________
In the Request Details, what information is listed after Pool member address/port?
_____________________________________
Is the connection between the client and BIG-IP LTM secure? _____________
Is the connection between BIG-IP LTM and the pool member secure? _____________
In the F5 vLab Test Web Site tab, use Ctrl+F5 several times to refresh the page.
Each request is load balanced to different pool members.
Close the F5 vLab Test Web Site tab.
In the Configuration Utility, on the Virtual Server List page click https_virtual.
From the HTTP Profile list select custom_http_profile, and then click Update.
Open the Resources page.
From the Default Persistence Profile list select custom_cookie, and then click Update.
Use a new tab to access https://10.1.10.20.
Questions:
Did the web page display? _____________
In the Configuration Utility, on the https_virtual page, open the Properties page.
From the SSL Profile (Client) list select custom_client_ssl, and then click <<.
From the SSL Profile (Server) list select serverssl, then click <<, and then click Update.
Use a new tab to access https://10.1.10.20.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 110
Exercise 9.1 – Supporting SSL Traffic
Use Ctrl+F5 several times to refresh F5 vLab Test Web Site tab.
Questions:
Did the web page display? _____________
Is the connection between the client and BIG-IP LTM secured? _____________
Is the connection between BIG-IP LTM and the pool member secured? _____________
Question:
Is BIG-IP LTM processing the custom HTTP profile? _____________
Question:
How can you identify that this is a self-signed certificate? _________________________
Click OK, and then close the F5 vLab Test Web Site tab.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 111
Exercise 10.1 – Using a NAT
In the Configuration Utility, open the System > Certificate Management > Traffic Certificate
Management > SSL Certificate List page and click Import.
From the Import Type list select Certificate.
In the Certificate Name field, type f5demo_2017, and then click Browse.
Navigate to the Documents\Exercise_Files folder, select the vlab.f5demo.com.2017.pem file, and then
click Open.
Click Import.
Click the Import button again, and then from the Import Type list select Key.
In the Key Name box, type f5demo_2017, and then click the Browse button.
Select the vlab.f5demo.com.2017.key file, and then click Open.
Click Import.
Click the Import button again, and then from the Import Type list select Certificate.
In the Certificate Name box, type chain_2017, and then click the Browse button.
Select the entrust-chain.txt file, and then click Open.
Click Import.
Click chain_2017.
Notice there are two certificate subjects contained in this certificate bundle.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 112
Exercise 10.1 – Using a NAT
Open the Local Traffic > Profiles > SSL > Client page, and then click Create.
Name the profile f5demo_client.ssl.
For Certificate Key Chain select the Custom checkbox, and then click Add.
Use following information: (NOTE: Copy and paste the pass phrase.)
Certificate f5demo_2017
Key f5demo_2017
Chain chain_2017
Pass Phrase IamFfive2Day
Click Add.
Click Finished.
→NOTE: For Mac users, the hosts file entries have already been created on the Windows 7
image.
Right-click on Notepad in the Start menu, and then select to Run as Administrator.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 113
Exercise 10.1 – Using a NAT
In the Configuration Utility, open the Virtual Server List page and click Create.
Create a virtual server using the following information, and then click Finished.
Name offload_virtual
Destination Address 10.1.10.30
Service Port 443 (HTTPS)
Configuration Advanced
HTTP Profile custom_http_profile
Stream Profile custom_stream
SSL Profile (Client) f5demo_client_ssl
HTTP Compression Profile httpcompression
Default Pool http_pool
Default Persistence Profile custom_cookie
Document the new virtual server IP address and port in the diagram on the next page.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 114
Exercise 10.1 – Using a NAT
external IP:
Host workstation
external IP:
offload_virtual
IP/port: Windows 7 image
https_virtual
IP/port: 10.1.10.20:443
http_virtual2
IP/port: 10.1.10.21:80
VLAN: internal
Self IP: 10.1.20.240
LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.11 10.1.20.12 10.1.20.13 10.1.20.14 10.1.20.15
LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.16 10.1.20.17 10.1.20.18 10.1.20.19 10.1.20.252
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 115
Exercise 10.1 – Using a NAT
Use a new tab to access https://offload.vlab.f5demo.com.
Use Ctrl+F5 several times to refresh the page.
Questions:
What is listed in your browser’s URL box? ________________________________
In the Request Details, what information is listed after Pool member address/port?
_____________________________________
Is the connection between the client and BIG-IP LTM secure? _____________
Is the connection between BIG-IP LTM and the pool member secure? _____________
Scroll down to the HTTP Request and Response section, and click Request and Response Headers.
Question:
Is BIG-IP LTM processing the custom HTTP profile? _____________
Click the banner at the top of the page, scroll down to the Content Examples on This Host section, and
then click Stream Profile Example.
Question:
Is BIG-IP LTM processing the stream profile? _____________
Question:
Who issued this certificate? _____________________________
Click OK, and then close the F5 vLab Test Web Site tab.
In the Configuration Utility, create an archive file named ltmfund_mod09_ssl_traffic_v13.0.0.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 116
Exercise 10.1 – Using a NAT
Document the new NAT IP address in the diagram on the next page.
Draw an arrow from the NAT IP address to the pool member to which it directs requests.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 117
Exercise 10.1 – Using a NAT
external IP:
Host workstation
custom_NAT
IP: external IP:
offload_virtual
IP/port: 10.1.10.30:443 Windows 7 image
https_virtual
IP/port: 10.1.10.20:443
http_virtual2
IP/port: 10.1.10.21:80
VLAN: internal
Self IP: 10.1.20.240
LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.11 10.1.20.12 10.1.20.13 10.1.20.14 10.1.20.15
LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.16 10.1.20.17 10.1.20.18 10.1.20.19 10.1.20.252
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 118
Exercise 10.1 – Using a NAT
→NOTE: It’s not necessary to log into the CLI to complete this task.
You can connect to multiple services using the NAT and always connect to 10.1.20.13.
Close the F5 vLab Test Web Site tab and the SSH session.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 119
Exercise 10.2 – Using SNATs
Questions:
What is the client IP address? __________________________
Task 2 – Use SNAT Auto Map with the HTTP Virtual Server
Update http_virtual by enabling SNAT Automap.
In the Configuration Utility, open the Virtual Server List page and click http_virtual.
In the Configuration section, from the Source Address Translation list select Auto Map. and then click
Update.
Questions:
What is the client IP Address? __________________________
When using SNAT, how can you ensure the pool member can identify the true
client IP address?
_________________________________________________________________________
In the Configuration Utility, on the http_virtual page, from the HTTP Profile list select
custom_http_profile, and then click Update.
In the F5 vLab Test Web Site tab, click the Request and Response Headers link.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 120
Exercise 10.2 – Using SNATs
Question:
What is the X-Forwarded-For value? _________________________
In the Configuration Utility, open the Local Traffic > Address Translation > SNAT List page and
click Create.
Create a SNAT using the following information, and then click Finished.
Name custom_SNAT
Translation IP Address: 10.1.20.201
Origin Address List
Address /Prefix Length 10.1.10.0/24 (Click Add)
Document the new SNAT IP address in the diagram on the next page.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 121
Exercise 10.2 – Using SNATs
external IP:
Host workstation
external IP:
offload_virtual
IP/port: 10.1.10.30:443 Windows 7 image
https_virtual
IP/port: 10.1.10.20:443
http_virtual2
IP/port: 10.1.10.21:80
VLAN: internal
Self IP: 10.1.20.240
custom_SNAT
IP:
LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.11 10.1.20.12 10.1.20.13 10.1.20.14 10.1.20.15
LAMP IP: LAMP IP: LAMP IP: LAMP IP: LAMP IP:
10.1.20.16 10.1.20.17 10.1.20.18 10.1.20.19 10.1.20.252
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 122
Exercise 10.2 – Using SNATs
Use a new tab to access the following URLs. For each URL document the Client IP address:
o http://10.1.10.20 Client IP address:
o http://10.1.10.21 Client IP address:
o https://10.1.10.20 Client IP address:
Close the F5 vLab Test Web Site tab.
Questions:
Did every connection use the new SNAT? __________________
____________________________________________________________________________
In the Configuration Utility, update http_virtual by selecting None for Source Address Translation.
Use a new tab to access http://10.1.10.20.
Change the URL to http://10.1.10.21.
Question:
Are these connections using the new SNAT? __________________
In the Configuration Utility, open the Local Traffic > Address Translation > SNAT Pool List page and
click Create.
Create a SNAT pool using the following information, and then click Finished.
Name custom_SNAT_pool
Member List 10.1.20.222
10.1.20.223
10.1.20.224
(Click Add between each entry)
Question:
Which IP address was used for the SNAT address? _____________________________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 123
Exercise 10.2 – Using SNATs
Close the F5 vLab Test Web Site tab.
Open the Local Traffic > Address Translation > SNAT List page.
Select the checkbox for both custom_SNAT and internal_SNAT, and then click Delete twice.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 124
Exercise 11.1 – Setting Up iRule Development
→NOTE: For Mac users, the iRule Editor is already installed on the Windows 7 image.
For Mac users, start up the Windows_7 image, and then log in as vLab User.
Use a web browser to access https://devcentral.f5.com/d/ .
Login using your DevCentral user account, or create a DevCentral user account.
Find the iRule Editor Download and then run the iRulerSetup.exe file.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 125
Exercise 11.1 – Setting Up iRule Development
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 126
Exercise 11.1 – Setting Up iRule Development
In the left navigation pane of the iRules Editor, select Local Traffic.
Go to File > New.
Name the new iRule exercise_iRule.
Click the Custom tab, then click the CLIENT_ACCEPTED event, and then click OK.
Select the View menu, and then select both Whitespace and End of Line.
The iRule Editor can display several annotations to help you write iRules.
Click the Save button.
The iRule Editor validates the code syntax when you save.
View the error at the bottom of the iRule Editor.
Question:
What caused this error? __________________________________________________
Save the iRule and verify that you do not receive a syntax error.
Access https://10.1.1.245 and log in to the BIG-IP system.
Open the Local Traffic > iRules > iRules List page.
The iRule has been saved on BIG-IP LTM.
Click exercise_iRule.
Change the iRule definition by removing the closing double-quotes after the log statement, and then
click Update.
BIG-IP LTM also checks iRules syntax within the Configuration Utility.
Fix the iRule definition by adding the closing double-quotes, and then click Update.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 127
Exercise 11.1 – Setting Up iRule Development
→NOTE: We are removing persistence in order to use iRules for all BIG-IP LTM load balancing
decisions.
→NOTE: For easier viewing of log entries resize the SSH session, making it bigger both
horizontally and vertically.
Press the Enter key several times to move the existing log entries to the top of the window.
Use a new tab to access http://10.1.10.20.
View the SSH session.
Questions:
Was the iRule triggered? _______________
How many client connections were required for this request? _________________
In the iRule Editor, select Local Traffic, and then go to File > New.
Name the new iRule exercise11.1A_iRule, select the Blank template, and then click OK.
Copy the code from exercise_iRule and paste into exercise11.1A_iRule.
Save exercise11.1A_iRule.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 128
Exercise 11.1 – Setting Up iRule Development
Right-click exercise11.1A_iRule and select Copy Offline.
The new iRules is saved under Offline iRules, which is stored on your local workstation. This will enable
you use this iRule on any BIG-IP system that you connect to.
→NOTE: In the iRules exercises, we will continue to make modifications to the exercise_iRule,
and then save the iRule from each exercise to your Offline iRules. This will enable you
to continue to make updates to the same iRule without needing to update the virtual
server.
In the F5 vLab Test Web Site, in the Content Examples on This Host section, select
the Mask Sensitive Content Example link.
This page contains confidential information that should not be sent in an HTTP response.
In the iRule Editor, click the iRules Reference button to access DevCentral, and then log in with your
DevCentral user ID.
Go to Code > Check out the Repository.
Search to find an iRule that performs a credit card scrub from HTTP traffic and then click the iRule.
Under Code, click Copy Code, and then copy the code to your clipboard (NOTE: Use Ctrl + C.), and then
close the source page and the DevCentral page.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 129
Exercise 11.1 – Setting Up iRule Development
Use Ctrl+F5 to refresh the F5 vLab Test Web Site page.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 130
Exercise 11.2 – Using iRule Events
Launch the iRule Editor, and go to File > Connect to access 10.1.10.241.
Select exercise11.1A_iRule and copy all the code.
Select exercise_iRule and then select all the existing code, and then paste the copied text.
In Exercise 11.1 you used the View menu to enable Whitespace and End of Line annotations in the iRule
Editor. If you prefer, use the View menu to deselect one or both annotations.
Place the cursor at the beginning of line 1, and then press the Enter key twice.
Place the cursor at the beginning of line 1, and then start typing the word when.
When the iRule Editor prompts for the word, press the Enter key.
The iRule Editor auto-completes the word when.
After when, start typing RULE_ and then press the Enter key to accept the RULE_INIT event.
After RULE_INIT, type {, press the Enter key twice, and then type }.
This is a best practice for ensuring that you have a closing curly brace for every opening curly brace.
Move the cursor after the indent in line 2.
Type the following command and arguments:
log local0. "iRule created or updated"
→NOTE: For easier viewing of log entries resize the SSH session, making it bigger both
horizontally and vertically.
Press the Enter key several times to move the existing log entries to the top of the window.
In the iRule Editor, save the exercise_iRule, and then view the SSH session.
Questions:
Was the RULE_INIT event triggered? ________________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 131
Exercise 11.2 – Using iRule Events
Press the Enter key several times to move the existing log entries to the top of the window.
Use a new tab to access http://10.1.10.20, and then view the SSH session.
Questions:
Was the RULE_INIT event triggered? ________________
Press the Enter key several times to move the existing log entries to the top of the window.
In the iRule Editor, add the following after closing curly brace of the CLIENT_ACCEPTED event, and then
save the iRule.
when HTTP_REQUEST {
log local0. "Client made an HTTP request"
}
Question:
How many HTTP requests occurred for this web page? ________________
Press the Enter key several times to move the existing log entries to the top of the window.
In the iRule Editor, add the following after closing curly brace of the HTTP_REQUEST event, and then
save the iRule.
when LB_SELECTED {
log local0. "Pool member selected"
}
Use Ctrl+F5 to refresh the F5 vLab Test Web Site tab, and then view the SSH session.
Question:
Was a new LB_SELECTED event triggered for each HTTP request? ________________
Press the Enter key several times to move the existing log entries to the top of the window.
In the iRule Editor, add the following after closing curly brace of the LB_SELECTED event, and then save
the iRule.
when SERVER_CONNECTED {
log local0. "Connection made with pool member"
}
Use Ctrl+F5 to refresh the F5 vLab Test Web Site tab, and then view the SSH session.
Press the Enter key several times to move the existing log entries to the top of the window.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 132
Exercise 11.2 – Using iRule Events
In the iRule Editor, add the following after closing curly brace of the SERVER_CONNECTED event, and
then save the iRule.
when HTTP_RESPONSE {
log local0. "Pool member made an HTTP response."
}
Use Ctrl+F5 to refresh the F5 vLab Test Web Site tab, and then view the SSH session.
In the Configuration Utility, open the Virtual Servers page and click http_virtual.
Update the virtual server using the following information, and then click Update.
HTTP Profile custom_http_profile
OneConnect Profile custom_oneconnect
HTTP Compression Profile custom_compression
Web Acceleration Profile custom_caching
In the SSH session, press the Enter key several times to move the existing log entries to the top of the
window.
Use Ctrl+F5 to refresh the F5 vLab Test Web Site tab.
In the SSH session, press the Enter key five times.
Use Ctrl+F5 to refresh the F5 vLab Test Web Site tab, and then close the tab.
View the SSH session.
Questions:
Which iRule events are no longer triggered? __________________________________
_______________________________________________________________________
_______________________________________________________________________
In the Configuration Utility, on the http_virtual page, update the virtual server using the following
information, and then click Update.
HTTP Profile http
OneConnect Profile None
HTTP Compression Profile None
Web Acceleration Profile None
→NOTE: You are removing these profiles to ensure that BIG-IP LTM makes load balancing
decisions for each request and doesn’t serve up content from its cache.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 133
Exercise 11.2 – Using iRule Events
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 134
Exercise 11.3 – Using Variables
Launch the iRule Editor, and go to File > Connect to access 10.1.10.241.
Select exercise_iRule and then delete all the existing events except for the HTTP_REQUEST event.
In the line directly after the when HTTP_REQUEST { line, type:
Change the log local0. message to the following, and then save the iRule.
log local0. "$name $last_name made an HTTP request"
→NOTE: For easier viewing of log entries resize the SSH session, making it bigger both
horizontally and vertically.
Press the Enter key several times to move the existing log entries to the top of the window.
Use a web browser to access http://10.1.10.20/httprequest.php, and then view the SSH session.
Press the Enter key several times to move the existing log entries to the top of the window.
In the iRule Editor, create a second log entry, and then save the iRule.
log local0. "Order made for $quantity items at $$price each"
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 135
Exercise 11.3 – Using Variables
Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
Notice that the iRule could identify that $price was referencing a variable, and the dollar sign before
that was interpreted as a regular text string.
Press the Enter key several times to move the existing log entries to the top of the window.
Edit the first log local0. message to the following, and then save the iRule.
"$name made an HTTP request"
Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
Press the Enter key several times to move the existing log entries to the top of the window.
Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
Press the Enter key several times to move the existing log entries to the top of the window.
In the line after the final log local0. message, type the following, and then save the iRule.
log local0. "Total: $$total, tax: $$tax, for a grand total of $$grand_total"
Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
Close the Simple HTTP Request tab.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 136
Exercise 11.4 – Using TCL and iRules Commands
Launch the iRule Editor, and go to File > Connect to access 10.1.10.241.
Select exercise11.2_iRule and copy all the iRule code.
Select exercise_iRule and then select all the existing code, and then paste the copied text.
Update the CLIENT_ACCEPTED event using the following information:
set clientip [IP::client_addr]
set clientport [TCP::client_port]
set client $clientip:$clientport
log local0. "Connection accepted from $client"
Save the iRule and ensure you don’t receive any syntax errors.
Use an SSH client to access the BIG-IP system at 10.1.10.241.
→NOTE: For easier viewing of log entries resize the SSH session, making it bigger both
horizontally and vertically.
Press the Enter key several times to move the existing log entries to the top of the window.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 137
Exercise 11.4 – Using TCL and iRules Commands
Use a new tab to access http://10.1.10.20/httprequest.php, and then view the SSH session.
In the next section we will be discussing using conditional statements. Start thinking about the traffic
management decisions you could make on the BIG-IP system using any of the information you queried
about the client to BIG-IP LTM and the BIG-IP LTM to pool member connections.
Press the Enter key several times to move the existing log entries to the top of the window.
Select exercise_iRule, and then delete all the existing events except for the HTTP_REQUEST event.
Update the HTTP_REQUEST event using the following information, and then save the iRule.
set httphost [HTTP::host]
set httppath [HTTP::path]
set httpuri [HTTP::uri]
set useragent [HTTP::header "User-Agent"]
log local0. "Client's browser: $useragent"
log local0. "Client requested the $httppath page on $httphost"
log local0. "Full URI: $httpuri"
Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
Change the URL to http://10.1.10.20/httprequest.php?user=bob.
Question:
Which variable changed between the two requests? _________________________________
Press the Enter key several times to move the existing log entries to the top of the window.
In the iRules Editor, after the HTTP_REQUEST event, add the following HTTP_RESPONSE event, and then
save the iRule.
when HTTP_RESPONSE {
HTTP::respond 200 content {
<html><title>Application Unavailable</title>
<body>
Sorry, this application is current unavailable.<br><br>
Please try again shortly.
</body></html>
}
}
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 138
Exercise 11.4 – Using TCL and iRules Commands
Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
Questions:
Did the HTTP request events trigger? _______________
In the next lesson we’ll cover using conditional statements. Be thinking about what information you
could use to determine whether or not to display this error page for user requests.
Close the web page.
In the Configuration Utility, open the Virtual Servers page, and then select http_virtual.
Update the virtual server using the following information, and then click Update.
Stream Profile stream
HTTP Compression Profile custom_compression
→NOTE: Even when you use the stream command in an iRule, you still need to include the
default stream profile, and in addition you need to ensure that the web servers aren’t
compressing content (which is achieved by using an HTTP compression profile).
In the iRules Editor, select exercise_iRule, and then delete all the lines contained within the
HTTP_RESPONSE event (do not delete the actual event), and then save the iRule.
Use a new tab to access http://10.1.10.20/lorax.php.
There are references to Lorax Bank, Lorax Finances, and savings accounts.
In the iRule Editor, update the HTTP_RESPONSE event using the following, and then save the iRule.
when HTTP_RESPONSE {
STREAM::expression {@Lorax Bank@Lorax Investments@}
STREAM::enable
}
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 139
Exercise 11.4 – Using TCL and iRules Commands
In the iRule Editor, change the STREAM::expression using the following, and then save the iRule.
{@Lorax Bank@Lorax Investments@ @Lorax Finances@Lorax Investments@ @savings
accounts@investment accounts@}
NOTE: The graphics in the second column on this page are broken links.
Question:
What are the URLs that the broken image links are pointing to?
____________________________________________________________________
Question:
Why did the first two pictures display properly, but the third picture still doesn’t display?
_________________________________________________________________
Update the STREAM::expression so that all three graphics display on the page.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 140
Exercise 11.4 – Using TCL and iRules Commands
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 141
Exercise 11.5 – Using Conditional Statements
Launch the iRule Editor, and go to File > Connect to access 10.1.10.241.
Select exercise11.4B_iRule and copy all the iRule code.
Select exercise_iRule and then select all the existing code, and then paste the copied text.
Update the HTTP_RESPONSE event using the following, and then save the iRule.
when HTTP_RESPONSE {
set status [HTTP::status]
→NOTE: The indenting within the if command isn’t required; however it makes the iRule easier
to read.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 142
Exercise 11.5 – Using Conditional Statements
In the Configuration Utility, open the Pool List page and click Create.
Create a pool using the following information, and then click Repeat.
Name iRules_pool1
Health Monitors gateway_icmp
Members Node Service Port
Use the Node List. 10.1.20.11 * (All Services)
Create another pool using the following information, and then click Repeat.
Name iRules_pool2
Health Monitors gateway_icmp
Members Node Service Port
Use the Node List. 10.1.20.12 * (All Services)
Create another pool using the following information, and then click Repeat.
Name iRules_pool3
Health Monitors gateway_icmp
Members Node Service Port
Use the Node List. 10.1.20.13 * (All Services)
Create another pool using the following information, and then click Finished.
Name iRules_pool4
Health Monitors gateway_icmp
Members Node Service Port
Use the Node List. 10.1.20.14 * (All Services)
In the iRule Editor, update the HTTP_REQUEST event using the following, and then save the iRule.
when HTTP_REQUEST {
set httppath [HTTP::path]
log local0. "Client requested $httppath"
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 143
Exercise 11.5 – Using Conditional Statements
From the Default Pool list select None, and then click Update.
Use a new tab to access http://10.1.10.20/welcome.php.
Questions:
Did the page display properly? ___________________
In the iRule Editor, update the HTTP_REQUEST using the following, and then save the iRule.
when HTTP_REQUEST {
set httppath [HTTP::path]
log local0. "Client requested $httppath"
Questions:
Did the page display properly? ___________________
Questions:
Did the page display properly? ___________________
In the iRule Editor, update the HTTP_REQUEST using the following, and then save the iRule
when HTTP_REQUEST {
set httppath [HTTP::path]
log local0. "Client requested $httppath"
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 144
Exercise 11.5 – Using Conditional Statements
Use Ctrl+F5 to refresh F5 vLab Test Web Site tab.
Questions:
Did the page display properly? ___________________
Which pool supplied the F5 logo at the bottom of the page? _________________________
In the iRule Editor, create a new iRule using the blank template named open_virtual_iRule.
Configure the iRule using the following, and then save the iRule.
when CLIENT_ACCEPTED {
set requestport [TCP::local_port]
log local0. "Client accessing port $requestport"
In the Configuration Utility, create a virtual server using the following information, and then
click Finished.
Name open_virtual
Destination Address 10.1.10.40
Service Port * ( * All Ports)
iRules open_virtual_iRule
Default Pool None
Question:
Which pool supplied the content for this request? ___________________
Question:
Which pool supplied the content for this request? ___________________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 145
Exercise 11.5 – Using Conditional Statements
Change the URL to http://10.1.10.40:8081.
Question:
Which pool supplied the content for this request? ___________________
How was BIG-IP LTM able to view the iRule and made traffic management decisions when
there’s no HTTP profile configured on the virtual server?
___________________________________________________________________________
In the iRules Editor, change wildcard_iRule using the following, and then save the iRule.
when CLIENT_ACCEPTED {
set requestport [TCP::local_port]
log local0. "Client accessing port $requestport"
→NOTE: It’s not necessary to log into the CLI to complete this task.
Question:
Which pool supplied the content for this request? ___________________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 146
Exercise 11.5 – Using Conditional Statements
Close the SSH session.
Copy the open_virtual_iRule to the Offline iRules.
Task 7 – Use the Switch Operator to Manage Traffic Based on the File Type
Create an iRule to determine the requested file type. If the request is for an unauthorized file type we’ll present
a custom error page for the user. Otherwise route all requests for graphic files to one pool, PHP pages to
another pool, and all other requests to a third pool.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 147
Exercise 11.5 – Using Conditional Statements
send an entry to the log file. If the variable ends with jpg, gif, or png, the request is sent to
iRules_pool1. If the variable ends with php the request is sent to iRules_pool2 and we send an entry to
the log file. The default statement is for all requests that don’t match any of the listed file types.
Use an SSH client to access 10.1.10.241.
→NOTE: For easier viewing of log entries resize the SSH session, making it bigger both
horizontally and vertically.
Press the Enter key several times to move the existing log entries to the top of the window.
Use a new tab to access http://10.1.10.20.
Questions:
Which pool supplied the index.php page? ____________________
Questions:
Which pool supplied the index.php page? ____________________
Question:
Were you able to open these sensitive files? _______________
Questions:
Did requests for images generate a log entry? ________________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 148
Exercise 11.5 – Using Conditional Statements
Did requests for html pages generate a log entry? _______________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 149
Exercise 11.6 – Working with Lists
In the Configuration Utility, open the Virtual Server List page, then click http_virtual, and then open the
Resources page.
From the Default Pool list select http_pool, and then click Update.
Launch the iRule Editor, and go to File > Connect to access 10.1.10.241.
Select exercise_iRule and then delete all the existing code.
Create a new static list using the following, and then save the iRule.
when HTTP_REQUEST {
set mylist [list "def" "lmo" "xyz" 1 "abc"]
log local0. "List: $mylist"
}
→NOTE: For easier viewing of log entries resize the SSH session, making it bigger both
horizontally and vertically.
Press the Enter key several times to move the existing log entries to the top of the window.
Use a new tab to access http://10.1.10.20/httprequest.php, and then view the SSH session.
Sort the list by adding the following lines at the end of the HTTP_REQUEST, and then save the iRule.
set mylist [lsort $mylist]
log local0. "Sorted first list: $mylist"
Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
Add items to the list by adding the following lines at the end of the HTTP_REQUEST, and then save the
iRule.
lappend mylist "rst" 222
log local0. "Second list: $mylist"
Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 150
Exercise 11.6 – Working with Lists
Question:
Were the new items added within the sorted order? ___________________
Add two more lines to the iRule that accomplish the following, and then save the iRule.
o Sort the list after the items have been added.
o Add an entry to the log file with the sorted list.
Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session. The log entry should
contain the following entries:
Insert an item to the new list by adding the following lines at the end of the HTTP_REQUEST, and then
save the iRule.
set mylist [linsert $mylist 1 "f5"]
log local0. "Third list: $mylist"
Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
Questions:
How are the lappend and linsert commands different? _____________________________
In what position in the list was the new entry added? ________________
Once again, add two more lines to sort the updated list and add an entry to the log file.
Identify the number of items in a list by adding the following line at the end of the HTTP_REQUEST, and
then save the iRule.
log local0. "Third list length: [llength $mylist]"
Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
Question:
What are a couple of advantages of knowing the number of items in a list?
________________________________________________________________________
Set an item into a list by adding the following lines at the end of the HTTP_REQUEST, and then save
the iRule.
lset mylist 3 "456"
log local0. "Fourth list: $mylist"
Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 151
Exercise 11.6 – Working with Lists
Questions:
How is the lset command different from the lappend and linsert commands?
__________________________________________________________________________
In what position in the list was the new entry added? ________________
Identify the value of an item in the list by adding the following lines at the end of the HTTP_REQUEST,
and then save the iRule.
set item [lindex $mylist 3]
log local0. "Item #4: '$item'"
Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
Identify the index value of three different items in the list by adding the following lines at the end of the
HTTP_REQUEST, and then save the iRule.
set find1 [lsearch $mylist "rst"]
set find2 [lsearch $mylist 222]
set find3 [lsearch $mylist "deflmo"]
log local0. "List item 'rst' at index # $find1"
log local0. "List item '222' at index # $find2"
log local0. "List item 'deflmo' at index # $find3"
Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
Questions:
What index number is “222” at? __________________
In the iRule Editor, add the following lines at the end of the HTTP_REQUEST, and then save the iRule.
Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
Question:
Without using iteration, how would you create separate log messages for each list entry?
__________________________________________________________________________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 152
Exercise 11.6 – Working with Lists
Replace the previous log local0 command using the following, and then save the iRule.
set myaddress "351 Elliott Ave S, Seattle, WA 98119 USA"
set mylist [split $myaddress " "]
foreach item $mylist {
set itemnumber [lsearch $mylist $item]
log local0. "Index #$itemnumber: '$item'"
}
Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
In the iRule Editor, select exercise_iRule and update the HTTP_REQUEST using the following, and then
save the iRule.
when HTTP_REQUEST {
set mylist [split [HTTP::header names] " "]
log local0. "List: $mylist"
Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 153
Exercise 11.6 – Working with Lists
Questions:
How many HTTP headers are in the HTTP request? _________________
In the Configuration Utility, open the Virtual Server List page and click http_virtual.
From the HTTP Profile list select custom_http_profile, and then click Update.
Use Ctrl+F5 to refresh the Simple HTTP Request tab, and then view the SSH session.
Question:
What changes occurred using this HTTP profile? _____________________________________
____________________________________________________________________________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 154
Exercise 11.7 – Using iRules Best Practices
Launch the iRule Editor, and go to File > Connect to access 10.1.10.241.
Select exercise11.5_iRule and copy all the iRule code
Select exercise_iRule and then select all the existing code, and then paste the copied text.
In the line directly after the when HTTP_REQUEST line, add the following comment:
#Identify the requested page and store in a variable
Continue to add the following comments, and then save the iRule.
when HTTP_REQUEST {
#Identify the requested page and store in a variableset httppath [HTTP::path]
set httppath [HTTP::path]
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 155
Exercise 11.7 – Using iRules Best Practices
In the line directly after the when HTTP_REQUEST line, add the following command:
set debug 1
Add the exact statement above for the default statement, and then save the iRule.
Use an SSH client to access the BIG-IP system at 10.1.10.241.
→NOTE: For easier viewing of log entries resize the SSH session, making it bigger both
horizontally and vertically.
Press the Enter key several times to move the existing log entries to the top of the window.
Use a new tab to access http://10.1.10.20.
Click the Welcome link, and then click the banner at the top of the page to return to the home page.
Click the Mask Sensitive Content Example link, and then view the SSH session.
For debugging purposes, you can see that requests are made for the root page “/”, php pages, and
html pages.
Press the Enter key several times to move the existing log entries to the top of the window.
In the iRule Editor, edit the debug statement using the following, and then save the iRule.
set debug 0
In the F5 vLab Test Web Site tab, click the banner at the top of the page to return to the home page.
Click the Welcome link, and then click the banner at the top of the page to return to the home page.
Click the Mask Sensitive Content Example link.
Change the URL to http://10.1.10.20/calc.exe.
Change the URL to http://10.1.10.20/basic.css, and then view the SSH session.
You’ve eliminated unnecessary logging, but continue to log critical messages.
Close the tab and the SSH session.
Create an Application Service using the following information, and then click Finished.
Name app_web
Template f5.http
Network Yes, use the new profiles
Use the latest TCP profiles? (recommended)
Virtual Servers and Pools: 10.1.10.40
IP address for virtual server
Virtual Servers and Pools: iapp.f5demo.com
FQDN
Virtual Servers and Pools: Create a new pool
Create a new pool or use an
existing one?
Virtual Servers and Pools: Node/IP address Port
web servers 10.1.20.11 80 (Click Add)
10.1.20.12 80 (Click Add)
10.1.20.13 80
Application Health: Create new health monitor
Health monitor
Application Health: /index.php
HTTP URL to send
Application Health: Welcome
Expected response
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 157
Exercise 12.1 – Working with iApp Application Services
→NOTE: For Mac users, the hosts file entries have already been created on the Windows 7
image.
Right-click on Notepad in the Start menu, and then select to Run as Administrator.
Open the C:\Windows\System32\drivers\etc\hosts file.
Add entries for:
10.1.10.40 iapp.f5demo.com
10.1.10.40 iapp.vlab.f5demo.com
Questions:
Which pool member(s) supplied content? __________________________________
Question:
Is the X-Forwarded-For request header present? ________________
Click the banner at the top of the page to return to the home page.
In the Configuration Utility, open the Statistics > Module Statistics > Local Traffic page, and then select
the Pools statistics.
Reset the statistics for all pools and pool members.
In F5 vLab Test Web Site tab, click the HTTP Compress Example link.
In the Configuration Utility, on the pools Statistics page, click Refresh, and view the app_web_pool
statistics.
Questions:
How many Bits Out were needed to create this page? ____________________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 158
Exercise 12.1 – Working with iApp Application Services
How many total requests were needed to generate this web page? __________________
Questions:
How many Bits Out were needed to create this page? ____________________
How many total requests were needed to generate this web page? __________________
Open the iApp > Application Services > Applications page and click app_web.
On the Components page, click app_web_vs.
The app_web_vs virtual server properties page displays.
Attempt to change the Destination Address to 10.1.10.41, and then click Update.
Question:
Why couldn’t you update the virtual server IP address? __________________________
Open the iApp > Application Services > Applications page, then click app_web, and then open
the Properties page.
From the Application Service list select Advanced.
Clear the Strict Updates checkbox, and then click Update.
Open the Virtual Servers List page and click app_web_vs.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 159
Exercise 12.1 – Working with iApp Application Services
Update the virtual server using the following information, and then click Update.
Destination Address 10.1.10.41
Source Address Translation None
OneConnect Profile None
HTTP Compression Profile None
Web Acceleration Profile None
Open the Resources page, and then update the virtual server using the following information, and then
click Update.
Default Persistence Profile None
Fallback Persistence Profile None
Questions:
Is persistence taking place? ____________________
Question:
What is the virtual server IP address? __________________________
Questions:
Are the changes you made still configured? ____________________
Open the Local Traffic > Profiles > Protocol > TCP page.
Question:
How many TCP profiles were created for the app_web application? ___________
Open the Application Services >Applications page, then click app_web, and then open the
Properties page.
Select the Strict Updates checkbox, and then click Update.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 160
Exercise 12.1 – Working with iApp Application Services
Open the Reconfigure page.
In the Network section, specify the following, and then click Finished.
Network: Local area network (LAN)
What type of network connects
clients to the BIG-IP system?
Open the Local Traffic > Profiles > Protocol > TCP page.
Question:
Why is there now only one TCP profile? _________________________________________
Question:
Were you able to delete this application? ____________________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 161
Exercise 12.1 – Working with iApp Application Services
On the Application Services >Applications page, click app_web_backup, and then review the
Components page.
iApp created several objects for this application: a virtual server, persistence profiles, an http profile,
and several optimization profiles.
Open the Properties page.
Click Delete, and then click OK.
View the following Configuration Utility pages and verify that the app_web_backup application objects
are deleted:
o Virtual Server List
o HTTP Profile
o HTTP Compression Profile
o Web Acceleration Profile
o Persistence Profile
o TCP Profile
Questions:
Which profiles did iApp create for app_web? _________________________________
___________________________________________________________________________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 162
Exercise 12.1 – Working with iApp Application Services
In the Network section, specify the following:
What type of network connects Wide area network (WAN)
clients to the BIG-IP system?
How have you configured routing Servers have a route to clients through the BIG-IP
on your web servers? system
In the Application Health section, specify the following, and then click Finished.
How many seconds should pass 10
between health checks?
Questions:
Which pool member(s) supplied content? __________________________________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 163
Exercise 12.1 – Working with iApp Application Services
Question:
Is the X-Forwarded-For request header present? ________________
In the Configuration Utility, for the app_web application, open the Reconfigure page.
In the iRules section, specify the following, and then click Finished.
Do you want to add any custom exercise11.7_iRule
iRules to this configuration?
Question:
Did app_web process the iRule? _________________
Question:
Is the connection using HTTP or HTTPS? _________________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 164
Exercise 12.2 – Working with iApp Templates
In the Configuration Utility, open the iApps > Templates > Templates page.
Questions:
How many templates are currently being used for applications? ________________
How can you tell that these are BIG-IP system default templates? ______________________
Questions:
What are the required BIG-IP modules? _______________________
View the contents of the Implementation, Presentation, and HTML Help sections.
Change the first line of the HTML Help section to the following, and then save the change.
<p><strong>web server iApp Template</strong></p>
Questions:
Can you save this change? ________________
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 165
Exercise 12.2 – Working with iApp Templates
In the Configuration Utility, log out of the BIG=IP system and then log back in as admin / admin.
Open the iApp > Templates > Templates page and click Import.
Click Browse.
Navigate to the location that you unzipped the downloaded template files.
Open the Microsoft directory, then open the Exchange_2010_2013 directory.
Select f5.microsoft_exchange_2010_2013_cas.v1.6.2.tmpl, and then click Open.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 166
Exercise 12.2 – Working with iApp Templates
Leave the Overwrite Existing Templates checkbox cleared and click Upload.
The new iApp Template is available to use for new application services.
Repeat the steps above to import mysql_proxy.2011-12-02.tmpl.
→NOTE: This template will display on page 2 on the Template List page.
Open the Application Services > Applications page and click Create.
From the Template list select f5.microsoft_exchange_2010-2013_cas.v1.6.2.
You could now use this iApp Template for an application deployment.
Create an archive file named ltmfund_mod12_iApps_v13.0.0.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 167
Exercise 13 – Reconfigure the BIG-IP System
Final Project
Exercise 13 – Reconfigure the BIG-IP System
Reset the BIG-IP system for the Technical Boot Camp hands-on exercises.
• Estimated completion time: 40 minutes
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 169
Exercise 13 – Reconfigure the BIG-IP System
Name p443_pool
Monitors https
Load Balancing Least Connections (member)
PGA Less than 2
Members 10.1.20.11:443, Priority: 8
10.1.20.12 443, Priority: 8
10.1.20.13: 443, Priority: 4
10.1.20.14: 443, Priority: 2
10.1.20.15: 443, Priority: 2
Import the vlab.f5demo.com.2017.pem certificate and the vlab.f5demo.com.2017.key key and name
them both f5demo.
Import the entrust-chain.txt certificate and name it chain.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 170
Exercise 13 – Reconfigure the BIG-IP System
Type SSL > Client
Name f5demo_client_ssl
Configuration Certificate: f5demo
Key: f5demo
Chain: chain
Passphrase: IamFfive2Day
Name p443_to_p443_virtual
Destination 10.1.10.20:443
Configuration SSL Profile (Client): lorax_client_ssl
SSL Profile (Server): serverssl
Resources Pool: p443_pool
Name p443_to_p80_virtual
Destination 10.1.10.30:443
Configuration HTTP Profile: http
SSL Profile (Client): f5demo_client_ssl
Source Address Translation: lorax_snat_pool
Resources Pool: p80_pool
Persistence: lorax_source_addr
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 171
Exercise 13 – Reconfigure the BIG-IP System
Task 7 – Verification
Test One
Use a new tab to access http://10.1.10.20 and examine the Client IP address.
Because this virtual server uses SNAT Auto Map, the Client IP address should be 10.1.20.240, which is
the internal floating self IP address on the BIG-IP system.
Use Ctrl+F5 to refresh the tab 10 times, and then close the tab.
In the Configuration Utility, view the Pools statistics.
All five pool members should be receiving requests, however they should be receiving requests
using a 1 > 2 > 4 > 5 > 8 ratio.
Reset the statistics for all pools and pool members.
Test Two
Use a new tab to access https://10.1.10.20, and examine the Client IP address.
Because this virtual server does not use SNAT, the Client IP address should be 10.1.10.1 (or the IP
address of your Windows 7 image), which is the IP address assigned to your workstation.
Examine the URL and the Pool member address/port value.
The client requests to the BIG-IP system are using https (port 443), and the BIG-IP system requests to
the pool members are also using port 443.
Use Ctrl+F5 to refresh the page 5 times.
In the Configuration Utility, refresh the Pools statistics.
Because the pool is configured with priority group activation set to two members, only two pool
members (10.1.20.11:443 and 10.1.20.12:443) receive requests. These two pool members have a
priority of 8. The requests are distributed evenly between the two members.
Reset the statistics for all pools and pool members.
Disable node 10.1.20.12, and then use Ctrl+F5 to refresh the F5 vLab Test Web Site tab 5 times.
In the Configuration Utility, view the Pools statistics.
The BIG-IP system should immediately begin using pool member 10.1.20.13:443 (along with
10.1.20.11:443).
Reset the statistics for all pools and pool members.
Disable node 10.1.20.11, and then use Ctrl+F5 to refresh the F5 vLab Test Web Site tab 5 times.
In the Configuration Utility, view the Pools statistics.
The BIG-IP system should immediately begin using both pool members 10.1.20.14:443 and
10.1.20.15:443 (along with 10.1.20.13:443). BIG-IP LTM uses both pool members because they are
both configured with a priority of 2.
Reset the statistics for all pools and pool members.
In the F5 vLab Test Web Site tab, right-click inside the window and select Properties, and then click
Certificates.
This certificate is currently not trusted by your web browser. It was issued by the same entity that it
was issued to, identifying it as a self-signed certificate.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 172
Exercise 13 – Reconfigure the BIG-IP System
Close the tab.
Test Three
Use a new tab to access https://offload.vlab.f5demo.com, and examine the Client IP address.
Because this virtual server is configured with a SNAT pool, the Client IP address should be either
10.1.20.180 , 10.1.20.185, or 10.1.20.190 (the three members of the SNAT pool).
Examine the URL and the Pool member address/port value.
The client requests to the BIG-IP system are using https (port 443). Because BIG-IP LTM is performing
SSL offload, the BIG-IP system requests to the pool members are using port 80.
Use Ctrl+F5 to refresh the tab 5 times. Leave this tab open until the end of this test.
In the Configuration Utility, view the Pools statistics.
Because this virtual server is configured with a source address persistence profile, only one pool
member should be receiving all requests from this client.
Reset the statistics for all pools and pool members.
In the F5 vLab Test Web Site tab, right-click inside the window and select Properties, and then click
Certificates.
This is a trusted certificate that ensures the identity of the remote computer. It was issued by Entrust
Certification Authority and is valid through 2019.
Refresh the F5 vLab Test Web Site tab.
Due to the source address persistence timeout value, all page elements should come from a new pool
member.
Test Four
View the properties of node 10.1.20.11.
This node uses the lorax_icmp_monitor health monitor, which is currently identifying the node
available. However, the node has been disabled by an administrator.
View the properties of node 10.1.20.13.
This node also uses the lorax_icmp_monitor health monitor, and is currently available and enabled.
View the properties of pool member 10.1.20.11:80.
This pool member uses three health monitors: lorax_http_monitor (currently identifying the member
offline), and lorax_inband_monitor and lorax_tcp_monitor (both identifying the member available).
Because its parent node is disabled, the pool member is currently disabled.
View the properties of pool member 10.1.20.14:80.
This pool member uses three health monitors: lorax_http_monitor (currently identifying the member
offline), and lorax_inband_monitor and lorax_tcp_monitor (both identifying the member available).
Because its parent node is available and at least one monitor is identifying it as available, this pool
member is currently available.
View the properties of pool member 10.1.20.15:443.
This pool member uses the system-supplied https health monitor, which is currently identifying the
member available.
Create an archive file named ltmfund_mod13_v13.0.0.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 173
Appendix A – Exercise Question and Answer Key
Appendices
Appendix A – Exercise Question and Answer Key
Q: Why did the tmos prompt replace “list net vl” with list net vlan”?
A: It assumes we want to type either “vlan” or “vlan-group”, so it filled in the characters that
both options share.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 175
Appendix A – Exercise Question and Answer Key
Exercise 2.1– Create an HTTP Pool and Virtual Server
Task 4 – Verify the Virtual Server and Pool Functionality
Q: How many connections were opened to create the web page?
A: 12
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 176
Appendix A – Exercise Question and Answer Key
Exercise 4.2– Create a Web Load Test
Task 3 – Verify Virtual Server and Pool Statistics
Q: Were the connections distributed evenly between the three pool members?
A: Yes
Q: With priority group activation set to 2 members, why are there now three members
supplying content?
A: BIG-IP LTM enables all of the members of the next highest priority group. There are two
members in priority group 4.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 177
Appendix A – Exercise Question and Answer Key
Exercise 6.1– Using an HTTP Profile
Task 1 – Modify the Default HTTP Profile
Q: Did the custom profile inherit the Maximum Header Size setting?
A: Yes
Q: Which response headers that were exposed in the first version of this web page could be
exploited by a hacker?
A: Server, X-Powered-By, X-Injected, X-Sensitive-Data
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 178
Appendix A – Exercise Question and Answer Key
Exercise 7.1– Using Compression and Acceleration
Task 7 – Record BIG-IP LTM Performance with Optimization
Q: What are the Bits In and Bits Out values for http_virtual?
A: Answers will vary
Q: What are the Bits In and Bits Out values for http_virtual2?
A: Answers will vary
Q: Did compression significantly reduce the amount of data sent to the user?
A: Yes
Q: What are the Bits In and Bits Out values for http_pool?
A: Answers will vary
Q: What are the Bits In and Bits Out values for http_poo2?
A: Answers will vary
Q: Did caching lower the data between BIG-IP LTM and pool members?
A: Yes
Q: What is the pre and post compress values for HTML content?
A: Answers will vary
Q: What is the pre and post compress values for Plain content?
A: Answers will vary
Q: How many bytes of data were served from the BIG-IP system cache?
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 179
Appendix A – Exercise Question and Answer Key
A: Answers will vary
Q: Did the two different browsers use the same pool member?
A: Yes
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 180
Appendix A – Exercise Question and Answer Key
Exercise 8.2– Using Cookie Persistence
Task 1 – Create a Cookie Persistence Profile
Q: Was the update successful?
A: No
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 181
Appendix A – Exercise Question and Answer Key
Exercise 8.3– View Persistence with Disabled and Offline Pool Members
Task 2 – View the Effects of Disabled and Offline Pool Members
Q: To which pool member are you persisting?
A: Answers will vary
Q: Are requests for each different pool persisting to the same pool member?
A: No
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 182
Appendix A – Exercise Question and Answer Key
Exercise 9.1– Supporting SSL Traffic
Task 4 – Create an HTTPS Pool and Virtual Server
Q: What is listed in your browser’s URL box?
A: https://10.1.10.20
Q: In the Request Details, what information is listed after Pool member address/port?
A: Pool member answer will vary, but the port is 443.
Q: Is the connection between BIG-IP LTM and the pool member secure?
A: Yes
Q: Is the connection between BIG-IP LTM and the pool member secured?
A: Yes
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 183
Appendix A – Exercise Question and Answer Key
Exercise 9.2– Enabling SSL Offload
Task 4 – Create an Offload Virtual Server
Q: What is listed in your browser’s URL box?
A: https://10.1.10.20
Q: In the Request Details, what information is listed after Pool member address/port?
A: Pool member answer will vary, but the port is 80.
Q: Is the connection between BIG-IP LTM and the pool member secure?
A: No
Task 2 – Use SNAT Auto Map with the HTTP Virtual Server
Q: What is the client IP address?
A: 10.1.20.240
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 184
Appendix A – Exercise Question and Answer Key
Q: When using SNAT, how can you ensure the pool member can identify the true
client IP address?
A: Use the X-Forwarded-For HTTP request header
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 185
Appendix A – Exercise Question and Answer Key
Q: Was the RULE_INIT event triggered?
A: No
Q: Why did the first two pictures display properly, but the third picture still doesn’t display?
A: The stream command wasn’t updated for http://server2.hostingsite.com/images.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 187
Appendix A – Exercise Question and Answer Key
Q: How was BIG-IP LTM able to view the iRule and made traffic management decisions when
there’s no HTTP profile configured on the virtual server?
A: An HTTP profile is only necessary to process HTTP request and response events. An HTTP
profile isn’t necessary to process the CLIENT::ACCEPTED event.
Task 7 – Use the Switch Operator to Manage Traffic Based on the File Type
Q: Which pool supplied the index.php page?
A: iRules_pool3
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 188
Appendix A – Exercise Question and Answer Key
Exercise 11.6– Working with Lists
Task 2 – Use a Static List
Q: Were the new items added into the sorted order?
A: No
Q: How is the lset command different from the lappend and linsert commands?
A: lset replaces an existing item in a list with a new item.
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 189
Appendix A – Exercise Question and Answer Key
Q: What changes occurred using this HTTP profile?
A: The Bigip-Httvs and X-Forwarded-For headers are now present, while the User-Agent
header is no longer present.
Q: How many total requests were needed to generate this web page?
A: 12
Q: How many total requests were needed to generate this web page?
A: None
Q: How many TCP profiles were created for the app_web application?
A: 2
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 191
Appendix A – Exercise Question and Answer Key
Q: Which pool member(s) supplied content?
A: 10.1.20.14:80 and 10.1.20.15:80
Q: How can you tell that these are BIG-IP system default Templates?
A: View the System-supplied column
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 192
Appendix B – Virtual Environment Diagram
Host workstation
Windows 7 image
BIG-IP
VLAN: internal
Self IP: 10.1.20.241
Self IP: 10.1.20.240
LAMP Servers
WWFE vLab Guides – LTM Fundamentals Exercise Guide; v13.0.K Page | 193