0% found this document useful (0 votes)

162 views

1 25 PDF

F5 Networks was established in 1996 and launched its first product, BIG-IP, in 1997. It is an American company headquartered in Seattle, Washington that specializes in Application Delivery Networking (ADN) technology. ADN is a suite of technologies that, when deployed together, provide application availability, security, visibility, and acceleration. F5's Application Delivery Platform handles application services like load balancing, security controls, and traffic management to reliably and securely deliver applications to end users.

Uploaded by

Agus Herdiyana

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

162 views

1 25 PDF

Uploaded by

Agus Herdiyana

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 128

F5 Network:

o F5 name was originally take from the English move Twister F5 tornado related to storm.
o F5 Networks, was originally named the F5 Labs, was established in the Year of 1996.
o In the Year 1997, F5 Network launched its first product a load balancer called BIG-IP.
o F5 Networks, Inc. is an American-based company, headquartered in Seattle, Washington.
o Specializes in Application Delivery Networking (ADN) technology for delivery of web apps.
o Security, performance, availability of servers, data storage devices, and other network.
o Specializes in Application Delivery Networking (ADN) technology and cloud resources.
o Application Delivery Platform is a suite of technologies that handles application services.
o Like load balancing, security controls and traffic management in data centers and cloud.
o Application services platform role is to deliver applications reliably & securely to end users.
o ADN is suite of technologies that, when deployed together, provide application availability.
o ADN is a suite, when deployed together it is provide security, visibility, and acceleration.
o It provides products and services to help companies manage their Internet Protocol traffic.
o It provides products & services to help companies manage their file storage infrastructure.
o F5 products ensure that applications are always secure and perform the way they should.
o Ensure that applications are always secure anywhere, any time & on any device in Network.
o F5 develops software-based technology that helps companies manage their Internet traffic.
o F5 technologies focus on delivery, security, performance & availability of web applications.
o Availability of servers, cloud resources, data storage devices other networking components.
o F5 Networks is the global leader in Application Delivery Networking ADN & Load balancers.
o F5 Networks provide solutions that make applications secure, fast & available for everyone.
o F5 optimizes applications and allows them to work faster and consume the fewer resources.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Application Delivery Network ADN:
An Application Delivery Network (ADN) is a suite of technologies that, when deployed together,
provide availability, security, visibility, & acceleration for Internet applications such as websites.
An Application Delivery Network (ADN) ensures the speediness, security & availability of
applications. Application delivery is a mechanism to deliver application functionality quickly and
efficiently to users. The ADN delivers a suite of technologies over a network designed to
maximize application performance. Load balancing is often included. An application delivery
network platform helps data centers speed up load times and the application delivery process.
They also help IT teams solve problems faster and provide a better user experience. Application
delivery networks bundle and deploy the technologies that improve network latency and
security. The ADC includes a load balancer that distributes web traffic over many servers. ADCs
also handle caching, compression and offloading of Security Socket Layer (SSL) encryption.
Application delivery networking offers the benefits of security, visibility and acceleration.
Moves data through the network at increased speed by using compression technologies.
Improved network security with IP filtering, delayed binding, application firewalls and SSL
encryption. More efficient traffic management with load balancers that also provide health
checks and can automatically reroute traffic when needed.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717
F5 Networks Certification:
The F5 Networks Certification program is small and focused. It offers IT credentials that help
prepare folks to develop, deploy and support the company's products and solutions.

https://www.f5.com/services/certification

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

All F5 exams are scored on a scaled-score basis, where your score will range from a possible 100
to 350 points; all F5 exams will be calibrated for a passing score of 245 on that scale.
Exam 101–Application Delivery Fundamentals
Exam 201–TMOS Administration
Exam 202–Pre-Sales Fundamentals
Exam 301a–BIG-IP LTM Specialist: Architect, Setup, and Deploy
Exam 301b–BIG-IP LTM Specialist: Maintain and Troubleshoot
Exam 302–BIG-IP DNS Specialist
Exam 303–BIG-IP ASM Specialist
Exam 304–BIG-IP APM Specialist
Exam 401–Security Solutions
Exam 402–Cloud Solutions

Exam 101–Application Delivery Fundamentals:

This is the first exam required to achieve F5 Certified BIG-IP Administrator status. All candidates
must take this exam to move forward in program. Exam 101 Application Delivery Fundamentals
this is a prerequisite to Exam 201. No certificate is issued when passing this exam.

Exam 201–TMOS Administration:

This is the second exam required to achieve Certified F5 BIG-IP Administrator status. Candidates
must have passed the 101–Application Delivery Fundamentals exam in order to be eligible for
the 201-TMOS Administration exam. Successful completion of the 201 exam identifies
candidates who can independently perform day-to-day operations and basic troubleshooting of
TMOS-based devices in various application environments after it has been installed, configured,
and implemented. After passing this will be awarded certificate of F5 Certified Administrator.

Once you have passed Exam 101 and 201 you can then move onto becoming a technology
specialist in your chosen area. There are four main specialisms which include Local Traffic
Manager (LTM), Global Traffic Manager (GTM), Application Security Manager (ASM) and Access
Policy Manager (APM).

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

LTM Technology Specialist:
To become a Local Traffic Manager Technology Specialist, you need to pass two exams Exam
301a and 301b.

Exam 301a–BIG-IP LTM Specialist: Architect, Setup, and Deploy:

This is one of two exams required to achieve F5 Certified Technology Specialist, Local Traffic
Manager status. Individuals who pass this exam possess an understanding of underlying
principles—from Secure Sockets Layer-based (SSL) Virtual Private Network (VPN)
implementation to symmetric and asymmetric acceleration—and can draw on that insight to
integrate BIG-IP LTM into existing networks as well as new implementations.

Exam 301b–BIG-IP LTM Specialist: Maintain and Troubleshoot:

This exam identifies individuals qualified to design, implement, maintain, and troubleshoot
advanced F5 product features to enhance the effectiveness of an application delivery network.
They possess an understanding of underlying principles—from SSL-based VPN implementation
to symmetric and asymmetric acceleration—and can draw on that insight to integrate BIG-IP
LTM into existing networks as well as new implementations.

GTM Technology Specialist:

To become a Global Traffic Manager Technology Specialist, you only need to pass one exam –
Exam 302.

ASM Technology Specialist:

To become an Application Security Manager Technology Specialist, you only need to pass one
exam – Exam 303.

APM Technology Specialist:

To become an Access Policy Manager Technology Specialist, you only need to pass one exam –
exam 304.

Exam 401–Security Solutions:

Individuals who pass Exam 401 receive the F5 Certified! Solutions Expert, Security certification.

Exam 402–Cloud Solutions Exam:

Candidates who pass Exam 402 receive the F5 Certified! Solutions Expert, Cloud certification.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Basic Terminologies:

Load Balancer:
o Simple words load balancer is a network device that distributes traffic to other devices.
o A load balancer is a network device that distributing traffic to other network devices.
o Efficiently distributing incoming network traffic across a group of backend servers.
o Distributes client requests or network load efficiently across the multiple servers.
o A load balancer is a device that acts as a reverse proxy and distributes network traffic.
o In other words, clients connect to load balancer believing to connect to an actual server.
o Then, the load balancer contact the backend server providing the required resource.
o Load balancers are used to increase capacity concurrent users & reliability of applications.
o Solution responsible for distributing incoming HTTP requests across multiple servers.
o Hardware or software solution helps to move packets efficiently across multiple servers.
o Load balancers optimizes the use of network resources and prevents network overloads.
o Found in the network and transport layer (IP, TCP, FTP, UDP) and application layer (HTTP).
o The Load balancers are most commonly deployed when a site needs multiple servers.
o Because the volume of requests is too much for a single server to handle efficiently.
o Deploying multiple servers eliminates a single point of failure, making it more reliable.
o However, a load balancer performs advanced checks even at the application layer.
o It performs three interrelated functions; monitoring hosts, acting as proxy & load balancing.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Proxy Server:
o The term ‘Proxy’ is a contraction that comes from the middle English word procuracy.
o Proxy meaning to act on behalf of another, sits between two entities & performs service.
o In networking and web traffic, proxy is a device or server that acts on behalf of other.
o It is serves as a mediator for requests from clients asking resources from other servers.
o There no direct communication occurs between the client and the destination server.
o Proxy Server takes the requests from a client, puts that client on hold for a moment.
o Makes the requests as if it is its own request out to the final destination servers.
o Proxy Servers are memory & disk intensive and single point of failure in the network.
o Proxy server or application-level gateway acts as a gateway between client & internet.
o Proxy server acts as an intermediary between your devices and the internet as a whole.
o A proxy server basically creates a gateway between you as client and the internet.

Forward Proxy:
o Takes origin connections from intranet clients & connect to servers outside on internet.
o Forward proxy takes requests from an internal LAN network & forwards them Internet.
o Sometimes, forward proxy may even serve the requesting client with cached information.
o When end user web requests are forwarded to a proxy before going out to the internet.
o And responses go back through the proxy and then back to the user for privacy & control.
o Main purpose of forward proxy server is to help users access the servers over the internet.
o Forward Proxy Server is the most popular proxy mode and it present in almost all networks.
o FP, which forward the request from the intranet clients (browser) to the internet servers.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Reverse Proxy:
o A Proxy Server which takes requests from external clients (web browsers) or Internet.
o And forwards them to servers in an internal network is called as Reverse Proxy Server.
o Acts as a front-end server accept the requests and forward to Application servers web.
o Reverse proxy servers & load balancers are components in a client-server architecture.
o Both act as intermediaries in the communication between the clients and the servers.
o A reverse proxy accepts a request from a client, forwards it to a server that can fulfill it.
o And a reverse proxy returns the server’s response to the requested internet client back.
o With a reverse proxy the clients believe you are contacting the external server directly.
o In reality, contacting the reverse proxy server, that pretends to be the external server.
o The reverse proxy will then make another request to the real server on the client behalf.

Half Proxy:
With a Half-Proxy, a client will connect to the proxy and the proxy will establish the session with
the servers. The proxy will then respond back to the client with the information. After that
initial connection is set up, the rest of the traffic with go right through the proxy to the back-
end resources. The proxy may do things like L4 port switching, routing or NAT’ing but at this
point it is not doing anything intelligent other than passing traffic. Basically, the half-proxy sets
up a call and then the client and server does their thing. For protocols like streaming protocols,
you’ll have the initial set up but instead of going through the proxy for the rest of connections,
the server will bypass the proxy and go straight to the client. This is so don’t waste resources on
the proxy for something that can be done directly server to client.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Full Proxy:
o Full proxy creates client connection along with separate server connection with little gap.
o Client connects to proxy on one end & proxy establishes separate, connection to the server.
o A full Proxy establishes separate connection, means this is bi-directionally on both sides.
o Maintains two separate connections, one between the proxy server device and the client.
o Another connection one between the proxy server device and the destination server.
o In Full proxy there is never any blending of connections from the client side to server side.
o Full proxy can manipulate, inspect, drop, do what need to traffic on both sides & directions.
o When clients make request from internet, terminate on reverse proxy sitting front of server.
o Reverse proxies are good for traditional load balancing, optimization and SSL offloading etc.
o Full proxies are named because of they completely proxy connections incoming & outgoing.

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

TCP 3-Way Handshake:
o 3-Way Handshake is a process which is used in a TCP/IP network to make connection.
o It is 3-step process that requires both the client & server to exchange synchronization.
o And acknowledgment packets before the real data communication process starts.
o TCP is a connection-oriented protocol, connection needs to be established before.
o Connection needs to be established before two devices can communicate each other.
o TCP uses three-way handshake to negotiate sequence and acknowledgment fields.
o Allows to transfer multiple TCP socket connections in both directions at the same time.

Message Description
Syn Used to initiate and establish a connection. It also helps you to synchronize
sequence numbers between devices.
ACK Helps to confirm to the other side that it has received the SYN.
SYN-ACK SYN message from local device and ACK of the earlier packet.
FIN Used to terminate a connection.

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

SSL and TLS:
o SSL stands for Secure Socket Layer & TLS stand for Transport Layer Security.
o Both the protocols provide security between web server and web browser.
o Both SSL & TLS are protocols, which serve the same purpose for web server.
o However, there are minor differences between SSL & Transport Layer Security.
o SSL offers two basic security services which Authentication and confidentiality.
o It provides secure connection between the web browser and the web server.
o Both the SSL and TLS provide encryption and authentication of data in motion.
o Common applications of such protocols are web browsing, VOIP & electronic mail.
o SSL was developed by Netscape in 1994 with intention to protect web transactions.
o Transport Layer Security is IETF (Internet Engineering Task Force) standardization.
o Secure Socket Layer (SSL) and TLS both Protection of normal TCP/UDP connection.
o SSL/TLS can also be used for securing other protocols like FTP, SMTP and SNTP etc.
o TLS uses stronger encryption algorithms & has the ability to work on different ports.
o Secure Socket Layer works through using public and private key encryption on data.
o While the TLS has two layers of operations when its establishes the communication.
o First, one is Handshaking to authenticate server & second is actual message transfer.
o TLS Takes a little more time than the older SSL to establish connections and transfers.
o SSL, or Secure Sockets Layer, was the original encryption protocol developed for HTTP.
o SSL was replaced by TLS, some time ago; SSL handshakes are now called TLS handshake.
o SSL is the combination of Handshake, Change Cipher Spec, Alert and Record Protocols.

Protocol Published Status

SSL 1.0 1994 Unpublished only for their internal testing
SSL 2.0 1995 Deprecated in 2011
SSL 3.0 1996 Deprecated in 2015
TLS 1.0 1999 Deprecation planned in 2020
TLS 1.1 2006 Deprecation planned in 2020
TLS 1.2 2008
TLS 1.3 2018

6 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Cookies:
o Messages that web servers pass to your web browser when you visit Internet sites.
o Cookie is a small bit of information that travels from a browser to the web server.
o Cookie is just one or more pieces of information stored as text strings on your machine.
o Cookie is more formally known as an HTTP cookie, web cookie, Internet or browser cookie.
o The purpose of the cookie is to help the website keep track of your visits and activity.
o Website also use cookies to keep a record of your most recent visit or to record login info.
o Your computer or PC browser stores each message in a small file, which is called cookie.txt.
o When you request another page from server, browser sends the cookie back to the server.
o These files typically contain information about your visit to the web page, info name etc.

7 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

HTTP:
The Hypertext Transfer Protocol (HTTP) is designed to enable communications between clients
and servers. HTTP works as a request-response protocol between a client and server. A client
(browser) sends an HTTP request to the server; then the server returns a response to the client.
The response contains status information about the request and may also contain requested
content. An HTTP request is the way internet communications platforms such as web browsers
ask for the information, they need to load a website. two of the most common HTTP methods
are ‘GET’ and ‘POST’; a ‘GET’ request expects information back in return (usually in the form of
a website), while a ‘POST’ request typically indicates that the client is submitting information to
the web server (such as form information, e.g. a submitted username and password).
HTTP headers contain text information stored in key-value pairs, and they are included in every
HTTP request and response. These headers communicate core information, such as what
browser the client is using what data is being requested.

HTTPS (Secure HTTP)

Hyper Text Transfer Protocol Secure or HTTPS is just like HTTP except it is used together with
Secure Sockets Layer (SSL) and Transport Layer Security (TLS). It provides a security layer on
top of the HTTP protocol which encrypts data, ensures the identity of both devices and makes
sure, that data has not been modified during transit. HTTPS is a standard that is highly used by
online banking and online shopping. When you use HTTPS, instead of the original http:// it uses
the https:// prefix. It also operates on port 443 instead of port 80.

8 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

TCP and UDP:
TCP is the abbreviation of " Transmission Control Protocol" whereas UDP is the abbreviation of
"User Datagram Protocol". TCP and UDP are both the main protocols which are used during the
Transport layer of a TCP/IP Model. Both of these protocols are involved in the process of
transmission of data. While UDP is used in situations where the volume of data is large and
security of data is not of much significance, TCP is used in those situations where security of
data is one of the main issues. Both TCP and UDP are protocols used for sending bits of data
known as packets over the Internet. They both build on top of the Internet protocol. In other
words, whether you are sending a packet via TCP or UDP, that packet is sent to an IP address.
TCP and UDP are not the only protocols that work on top of IP. However, they are the most
widely used. The widely used term “TCP/IP” refers to TCP over IP.

TCP and UDP Ports:

As you know every computer or device on the Internet must have a unique number assigned to
it called the IP address. This IP address is used to recognize your particular computer out of the
millions of other computers connected to the Internet. When information is sent over the
Internet to your computer . It accepts that information by using TCP or UDP ports.
An easy way to understand ports is to imagine your IP address is a cable box and the ports are
the different channels on that cable box. The cable company knows how to send cable to your
cable box based upon a unique serial number associated with that box (IP Address), and then
you receive the individual shows on different channels (Ports).
Ports work the same way. You have an IP address, & then many ports on that IP address. You
can have a total of 65,535 TCP Ports and another 65,535 UDP ports. When a program on your
computer sends or receives data over the Internet it sends that data to an ip address and a
specific port on the remote computer and receives the data on a usually random port on its
own computer. If it uses the TCP protocol to send and receive the data, then it will connect &
bind itself to a TCP port. If it uses UDP protocol to send and receive data, it will use a UDP port.
<-------------------- 192.168.1.10 -------------------->
0 1 2 3 4 5 .. .. .. .. .. .. .. .. 65531 65532 65533 65534 65535
IP address with Ports

Port Range Groups Description

0 to 1023 Well Known Port Numbers
1024 to 49151 Registered Ports
49152 to 65536 Dynamic or Private Ports or Public Ports

Port Number Usage Port Number Usage Port Number Usage

20 & 21 FTP 23 Telnet 443 HTTPS, SSL/TLS
22 SSH 25 SMTP 161 SNMP
53 DNS 80 HTTP 123 NTP

9 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Basic Terminologies:

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

6 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

7 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

HTTPS (Secure HTTP)

8 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

TCP and UDP Ports:

Port Range Groups Description

0 to 1023 Well Known Port Numbers
1024 to 49151 Registered Ports
49152 to 65536 Dynamic or Private Ports or Public Ports

Port Number Usage Port Number Usage Port Number Usage

20 & 21 FTP 23 Telnet 443 HTTPS, SSL/TLS
22 SSH 25 SMTP 161 SNMP
53 DNS 80 HTTP 123 NTP

9 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

F5 BIG-IP:
o In 1997, F5 launched first product load balancer called BIG-IP, it was just a basic product.
o Which basically was load balancing module LTM that we know, without all fancy features.
o BIG-IP is platform, it was the hardware appliance, but know it is the hardware & software.
o BIG-IP as framework, where provision modules, which can be LTM or DNS (GTM), or others.
o Even with hardware, there are no special cards you can buy per module only sit logically.
o Can have a BIG-IP that is dedicated to ingle module, or can have that runs all of modules.
o F5 BIG-IP is family of products covering software & hardware designed around application.
o F5 BIG-IP is family of products covering availability, Access Control, and Security Solutions.
o BIG-IP name is interchangeable between F5's software Application Delivery Controller ADC.
o BIG-IP name is also interchangeable between F5's software & hardware Security Products.
o The BIG-IP software can run on hardware or can run in the Virtualized Environments etc.
o There are two primary variations of BIG-IP hardware, single chassis design, or the VIPRION.
o Actually, BIG-IP is just marketing shizz used by F5 Network to market their Load Balancers.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

TMOS Traffic Management:
F5 Network’s Traffic Management Operating System (TMOS) is the software foundation for all
of F5’s network or traffic (not data) products; physical or virtual. Traffic flowing through a BIG-
IP system passes through TMOS, an Operating System designed and built by F5 provide traffic
management functions. TMOS has its own dedicated CPU, memory, and system bus for access
to peripheral devices. When a TMOS-based device receives packets, everything from the wire
to the system bus, from the networking subsystem to the memory management subsystem are
completely self-contained within TMOS. TMOS is the software system which forms the
management, control, and dataplane of Big IP solutions. It gives you complete control of the
connections, packets, and payload for applications. It’s the Brain behind BIG-IP which is
developed as the foundation for all F5 products.

TMM:
TMM is an abbreviation for Traffic Management Microkernel. TMMs are real-time software
microkernels which form the overall L4-L7 intelligence for the data plane.

HMS:
HMS is a short form of Host Management Subsystem. HMS is responsible for system
management and administration functions and runs a version of CentOS (Community
Enterprise Operating System) Linux (which includes the SELinux feature).

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

LTM:
LTM and other ‘feature’ modules such as GTM and APM expose specific parts of TMM
functionality when licensed. They are typically focused on a particular type of service (load
balancing, authentication and so on).
AOM:
AOM or Always on Management provides additional ‘lights out’ management of the HMS via a
Management processor as well as layer 2 switch management and other supporting functions
for TMM. AOM also lights out system management accessible through the management
network interface and serial console.
IMPI:
IPMI or Intelligent Platform Management Interface is a hardware-level interface specification
and protocol supported on BIG-IP iSeries hardware. It allows for out of band monitoring and
management of a system independently of (or without) an operating system and when the
system is ‘off’.
MOS:
MOS or Maintenance Operating System is used for disk management, file system mounting and
related maintenance tasks. MOS runs in RAM and used for disk and file system maintenance
purposes such as drive reformatting, volume mounting, system re-imaging and file retrieval.
MOS also supports network access and file transfer.
EUD:
EUD or End User Diagnostics is a software program used to perform a series of BIG-IP hardware
tests – accessible via the serial console only on system boot. EUD is run from the boot menu or
via supported USB media.

Administration:
Operational management is a separate component of the BIG-IP system that uses off the shelf
components & software, starting with Linux operating system. The operational management
side of BIG-IP system does not manage traffic, it provides administrative functionality through
the Linux Shell(bash), TMOS Shell (TMSH) and the BIG-IP system's graphical user interface called
the BIG-IP Configuration utility. The Linux system is used for management tasks, such as the
command line or the web GUI only. The reason for this is simple: an operating system which is
ideal for high speed traffic management operations is not ideal as a general-purpose operating
system. So, it makes sense to use a general-purpose operating system for general purpose
tasks, like management, and leave the traffic management to the operating system designed
for that purpose—TMOS.
The BIG-IP system includes the TMOS Shell (tmsh) that can be used to manage the system from
the command line. You can enter tmsh to configure the BIG-IP system and view statistics and
performance data. tmsh is the shell replacement for BIG-IP’s bigpipe command. TMOS Shell or
TMSH is very nice CLI. It is easy to configure and navigate.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Modules Overview:

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

BIG-IP Hardware Platforms:

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

BIG-IP LTM:
o F5 Networks started with their flagship product now is known as Local Traffic Manager.
o The Local Traffic Manager, aka LTM, is the most popular module offered on F5 Networks.
o It provides load balancing services between two or more servers in event of system failure.
o Local Traffic Manager is the product that people usually refers when they mean “the F5”.
o When the company started their named their product BIG/IP without all the fancy features.
o In 1997, F5 launched its first product load balancer called BIG-IP. it was just a basic product.
o Real power of LTM is its Full Proxy, allowing to augment client and server-side connections.
o While making informed load balancing decisions on availability, performance & persistence.
o Load balancers are used to increase capacity (concurrent users) & reliability of applications.
o LTM load balances servers as well as does caching, compression, persistence, many more.
o When you need a load balancer, F5 Local Traffic Manager (LTM) is one of the best choices.
o In fact, F5 is the market leader of segment, and offers a variety of load-balancing products.
o Among them, Local Traffic Manager LTM, is one that distribute traffic to servers within DC.
o Local Traffic Manager modul manages and optimize traffic for network apps and clients.
o F5 LTM uses Virtual Servers & Virtual IPs to configure a load balancing setup for a service.
o LTM doesn’t do any name resolution and assumes a DNS decision has already been made.
o When traffic is directed to LTM traffic flows directly through its’ full proxy architecture.
o LTM is full proxy listen on one port but direct traffic to multiple hosts listening on any port.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

BIG-IP LTM Hardware Details:

Management Ports (MGMT):

This is the BIG-IP management port. It has default IP address of 192.168.1.245 although you can
change the address. This port is also known as Eth0. Initial and ongoing administrative access.
USB Ports :
There are two USB ports. use this port to connect other devices to BIG-IP. Typically used for
external booting from a CD-ROM or USB memory stick.
Console Port :
This is the BIG-IP console ports. Use this DB9 connector for connecting a serial console.
Failover Port :
This is the failover port. Use this DB9 connector for connecting a redundant system. Serial
(hard-wired) failover port. Not DB9! Can be used in redundant pair configuration only.
Ethernet Ports :
Use these Ethernet ports to connect the BIG-IP to the network as well as to connect both clients
and servers to the BIG-IP. The Ethernet ports are numbered top to bottom and left to right. for
example, the top left port is 1.1 while the port below it is 1.2
Gigabit SFP :
Optical fiber or copper.
Fan Ports :
These are the BIG-IP fan ports.
LCD Panel :
While displaying massages about the status of BIG-IP. For managing the BIG-IP platform without
attaching a console or network cable. For example, can change the management interface
information, set baud rate of the serial port, and reboot. Also displays certain error messages.
Controls of LCD Panel :
These are the controls for the LCD panel using these controls, you can configure a number of
BIG-IP settings. For navigating through the LCD Panel including but not limited to powering
on/off the unit, resetting the unit, clearing alerts.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717
Trail License & Download Image:
Click on this link https://www.f5.com/trials it will take your to F5 Trail main page, after that
click on Get the free trail>. It will take you to next page.

On this page you require 4 steps to get Key and download F5 LTM Image
https://www.f5.com/trials/big-ip-virtual-edition

Click on First Step 1. Login or register, if you don’t have account in next page you can create a
new account if you already have account login with username and password.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp:00966564303717

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp:00966564303717
3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp:00966564303717
4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp:00966564303717
5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp:00966564303717
6 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp:00966564303717
7 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp:00966564303717
8 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp:00966564303717
9 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp:00966564303717
10 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp:00966564303717
11 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp:00966564303717
F5 LTM Lab Setup in VMWare Workstation:
There are Three Types of Virtual Networks in VMware Workstation, By Default: Bridged =
VMnet0, NAT = VMnet8 and Host-only = VMnet1.
The virtual DHCP server serves NAT and host-only networks. You can create your own custom
VMnet networks. Virtual network adaptors are in each VM and you can add multiple, if needed.
Another option is LAN Segments, these LAN segments are similar to a custom network that you
would create if it didn’t have host connectivity and if it didn’t have DHCP services from
Workstation. The advantage of these LAN Segments is that you can create as many as you want.
LAN Segments are a great solution that allows you to create as many virtual private networks,
for a virtually unlimited number of uses.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

F5 Interface Adapter Name Configuration Subnet VLAN
Management Network Adapter Bridged 192.168.100.0/24 Management
1.1 Network Adapter 2 LAN Segment 192.168.1.0/24 Internal
1.2 Network Adapter 3 NAT 192.168.114.0/24 External
1.3 Network Adapter 4 Host-Only 192.168.145.0/24 HA

Servers Option:
For Servers use small Linux OS, which require less memory and much less degree disk space are
SliTaz4 and TTYLinux.

SliTaz4:
Size: 128MB RAM/IDE HD 256MB
Root Account Password: root
SSH account: vmware
SSH password: vmware

TTYLinux:
Size: 32MB RAM/IDE HD 32MB
ROOT Account Password: root

https://www.michellelaverick.com/download/
http://www.minimalinux.org/ttylinux/Documents/single/temp.html

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

F5 LTM Lab Setup in GNS3:

Toolbox Server Appliance:

Toolbox appliance contains Server-Side software for secondary management of network
devices: www, FTP, TFTP, Syslog, DHCP Server and SNMP Server. Root password: gns3

Webterm Client Appliance:

Webterm is a Debian based networking toolbox. It contains the Firefox web browser plus the
following utilities: net-tools, iproute2, ping, traceroute, curl, host, iperf3, mtr, socat, ssh client,
tcpdump, ab(apache benchmark) and the multicast testing tools msend/mreceive.

F5 LTM qcow2 Image:

QCOW2 stands for "QEMU Copy On Write 2" and uses a disk storage optimization strategy that
delays allocation of storage until it is actually needed. Files in qcow format can contain a variety
of disk images which are generally associated with specific guest operating systems.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

FT LTM Lab Setup in EVE-NG:

F5 LTM qcow2 Image:

EVE-GUI-Server Dockers:
EVE-GUI-Server is Server-Side Docker which can be used as www, FTP, TFTP sever. It contains
the Firefox web browser and other many tools to used default username: root password: eve

Cisco IOU/IOL Images:

Cisco IOU/IOL images are L2/L3 images of Switches and routers which helps you to practice for
L2/L3 devices with same features and functions which original devices has. Cisco IOU/IOL
images were released for Architecture and testing purposes but today Cisco IOU/IOL images are
used for labs.

Tiny Core Linux:

Tiny Core, a unique and minimalist distribution of the Linux operating system and tools. Tiny
Core distribution is like a customized version of the Linux kernel and other tools.

TTYLinux:
ttylinux, a small GNU/Linux system available for several CPU architectures. This small system
has an 8 MB file system and runs on i486 computers within 28 MB of RAM, but provides a
complete command line environment and is ready for Internet access. To download
https://www.michellelaverick.com/download/

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Upload F5 BIG-IP LTM on EVE-NG:
Open WinSCP, once you connected to WinSCP type the IP address of EVE-NG in host name
choose the File Protocol: SFTP, Port number: 22, User names: root and Password: eve.

The column on the left represent file on local machine and the column on the right represent
files and folder on remote machine.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Go to the path opt->unetlab->addons->qemu on the remote machine.

Create a directory under /opt/unetlab/addons/qemu/ using the name: bigip-16.1.2-0.0.18

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Copy the file downloaded BIGIP-16.1.2-0.0.18.qcow2 to bigip-16.1.2-0.0.18 folder. Once the
process completed the file will be available immediately.

Rename the copy file BIGIP-16.1.2-0.0.18.qcow2 to virtioa.qcow2.

Save the configuration by fixing the permissions using the following command on EVE-NG.
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Open the EVE-NG in the browser then ‘Add an Object’ and select the Node.

Add an object’ and select the Network make Type Management(Cloud0) and press Save button.

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Connect Network Object to F5 LTM Mgmt Port.

At the login prompt type root and password default Enter.

It will get the IP address from DHCP server if available or you can set static IP address. Type the
command to see IP Address: ifconfig mgmt

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Now can manage the F5 BIG-IP LTM node via GUI, Use the computer that connected to
management network; then use web browser to navigate http://192.168.139.148/ Login using
admin/admin

You will be prompted to complete the Setup Utility .

6 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Web-Server in EVE-NG:

First download TTYLinux from this link https://www.michellelaverick.com/download/

Unzip the folder (TTYLinux.zip) there will be three files inside, we require TTYLinux-disk1.vmdk

Create a folder with the named: linux-ttylinux through CLI or GUI.

mkdir /opt/unetlab/addons/qemu/linux-ttylinux
graphically, navigate to /opt/unetlab/addons/qemu clink on New folder

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717

Copy the download file TTYLinux-disk1.vmdk to /opt/unetlab/addons/qemu/linux-ttylinux.

Now. Let’s convert the vmdk file to qcow2 extension through CLI command.
cd /opt/unetlab/addons/qemu/linux-ttylinux/
/opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 TTYLinux-disk1.vmdk hda.qcow2

You can delete TTYLinux-disk1.vmdk file now.

/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717

To edit the interface IP and other related configuration.
vi /etc/sysconfig/network-scripts/ifcfg-eth0

After, interface configuration restarts the services.

service network restart

To configure HTTP web page type below command and write the HTML tags.
vi /home/thttpd/index.html
<html>
<head>
<title>This is Server 1</title>
</head>
<body>
<h1 style="color:blue;">THIS IS SERVER 1</h1>

</body>
</html>

Step1: Create a Directory:

mkdir /opt/unetlab/addons/qemu/linux-ttylinux

Step2: Convert the Image to hda.qcow2 format:

/opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 TTYLinux-disk1.vmdk hda.qcow2

Step3: Fix Permissions:

/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

Step4: Editing Network Interface:

vi /etc/sysconfig/network-scripts/ifcfg-eth0

Step5: Restart the Network Service:

service network restart

Step6: Create HTML page:

vi /home/thttpd/index.html

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717

Web-Server in EVE-NG:
Open WinSCP, once you connected to WinSCP type the IP address of EVE-NG in host name
choose the File Protocol: SFTP, Port number: 22, User names: root and Password: eve.

The column on the left represent file on local machine and the column on the right represent
files and folder on remote machine.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Go to the path opt->unetlab->addons->qemu on the remote machine.

Copy the file downloaded linux-tinycore-6.4 to /opt/unetlab/addons/qemu/ location. Once the

process completed the file will be available immediately.

Save the configuration by fixing the permissions using the following command on EVE-NG.
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Open the EVE-NG in the browser then ‘Add an Object’ and select the Node choose linux-
tinycore-6.4, change the name and set the RAM to 512 MB.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Add an object’ and select the Network make Type Management(Cloud0) and press Save button.

Click on Control Panel click on Network set the IP address to Yes to get IP from DHCP server.

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Sudo stands for super user do allows a permitted user to execute a command as the superuser
sudo su

passwd command in Linux is used to change the user account passwords.

passwd

Tiny Core comes with an application called tce-load, which is utilized for loading Tiny Core repo
packages. If you have active Internet connection, you can use this to download and install any
package from the repo in this case we want to download openssh.
tce-load -w -i openssh
cd /usr/local/etc/init.d/
./openssh start

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

tce-load -wi busybox-httpd.tcz

sudo mkdir /mnt/sda1/wwwsite

Use ifconfig command to find out IP address of Tinycore Linux.

6 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Use WinSCP type Tinycore Linux IP, username root and password which is set previously, in my
case I set the password: password

Copy the index.html file to /mnt/sda1/wwwsite location

7 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Better to take SSH to Tinycore Linux, Edit bootloader to load everything whenever boot box.

sudo vi /opt/bootlocal.sh
# press Esc, i to Edit
# Copy index file to webserver directory
cp /mnt/sda1/wwwsite/index.html /usr/local/httpd/bin/index.html
cd usr/local/httpd/bin
./busybox httpd -p 80 -h /usr/local/httpd/bin/
cd /usr/local/etc/init.d/
./openssh start
cd /etc/init.d/services/
./tftpd start

# press Esc, :, w, q, enter "to save the change"

8 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

filetool.sh -b

Restart the Tinycore Linux using below command.

sudo reboot

after restart type Tinycore Linux IP in the browser http://192.168.114.173 it will open the page.

Now you can use Tinycore Linux as Web HTTP server and SSH Server.

9 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

F5 LTM Lab Setup:

Management Subnet 192.168.100.0/24

Internal Servers Subnets 192.168.1.0/24
Internal Default Gateway 192.168.1.254
External Clients Subnets 192.168.2.0/24
External Default Gateway 192.168.2.254
Virtual IPs 192.168.2.100
Virtual Servers Services 80, 443,21 and 22
F5 LTM Internal IP 192.168.1.254
F5 LTM External IP 192.168.2.254
SRV1 IP Address 192.168.1.1
SRV2 IP Address 192.168.1.2
SRV3 IP Address 192.168.1.3
SRV4 IP Address 192.168.1.4
Remote-PC1 192.168.2.1
Remote-PC2 192.168.2.2
Remote-PC3 192.168.3.3

Images Description
F5 BIG-IP LTM Bigip-16.0.1-0.0.3
Cisco Switches i86bi_linux_l2-ipbasek9-ms.high_iron_aug9_2017b.bin
Clients Linux-slax-9.11.0 and Windows 10 64 VL19
Web Servers Linux-ttylinux, Linux-tinycore-6.4 and Windows XP
Management Cloud Management Cloud0

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717

F5 LTM Initial Configuration:

Management Access Configuration:

Log in to the CLI using the default user account. Use root as username and default as password.
It will ask to change the password type old password default type new password Abc@Admin1

Issue the config command.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Once you get the prompt as shown below, click OK.

The next prompt will ask you if you want to use the automatic configuration, choose No.

Enter desired IP address for the management interface and click OK.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Enter desired subnet mask for the management interface and click OK.

To access the BIG-IP from any network, configure a default gateway, click Yes. You will be
prompted to enter the IP address of the default gateway and click OK

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Confirm the management IP address changes by clicking Yes.

With a browser on your PC, navigate to the IP address of the management interface in HTTPS
(HTTP wont’ work). Ignore the certificate warning, and the F5 LTM login page will appear. Type
username admin/Abc@admin1 the password which is set earlier through configuration.

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

It will prompt you to change the password type current password in our case Abc@admin1
while New password type the same Abc@admin1 and confirm Abc@admin1

Now login with new password Username Admin Password: Abc@admin1

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Configuring the License:
This is the first thing F5 will ask as part of the setup. All you need to start is your license code,
you should have received it via email. Here, click Next to launch the setup utility. BIG-IP Offers
two licensing methods : Automatic and Manual method. If your BIG-IP has internet access, you
can use the automatic method. If your BIG-IP does not have internet access or blocked by
firewall, you will need to use the manual method.

It is asking license, which is mandatory in F5. So, click “Activate” to put the license.

All you need to start is your license code, you should have received it via email. Insert your
license key here. Paste your registration key in the “Base Registration Key” method. Then, if
your F5 appliance has Internet connectivity you can use the Automatic Activation Method.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717
In case it doesn’t, proceed with Manual as we are doing and click Next.

If you are going manual, the F5 will generate a big text. You need to copy this text and paste it
on the F5 Licensing Server. To access it, simply click on the link mentioned on Step 2. The F5
website will generate a license text, and you will have to past in the box on the bottom
(“License”). Once done that, click Next to continue.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Resource Provisioning:
There are many different BIG-IP modules available including LTM or Local Traffic Manager, GTM
or Global Traffic Manager, LC or Link Controller, ASM or Application Security Controller, APM or
Application Policy Manager, PSM or Protocol Security Module, WAM or Web Accelerator, and
WOM or WAN Optimization Module. There are four settings available to configure for each of
the different BIG-IP Modules which includes dedicated, nominal, minimum, & none (disabled).
You can manage the provisioning of system memory, disk space, and CPU usage among licensed
modules on the BIG-IP system. BIG-IP is the device itself, the virtual appliance we have installed.
This BIG-IP can do several things, based on the modules it has. The module for load balancing is
LTM, and we need to allocate some resources of our BIG-IP Virtual Machine to LTM. This is
what the next do. The default settings are good for a lab.

Dedicated:
For example, if we select LTM with Dedicated provisioning means LTM will block its required
resources and not allow sharing with other modules, even LTM is not using the resources. BIG-
IP allocates all the resources to this module. You won’t be able to use other modules on this
BIG-IP appliance if you use this. This setting specifies that this is the only active module. If you
select the Dedicated setting for one module, the system resets other modules to the None
(Disabled) setting.

Nominal:
Specifies that, when first enabled, a module gets the least amount of resources required. Then,
after all modules are enabled, the module gets additional resources from the portion of
remaining resources. Nominal indicates that we launch LTM with the bare minimum and
increase the resources as we need them. This setting allocates CPU, memory, and disk space in
a way that is applicable for most typical configurations.

Minimum:
Specifies that when the module is enabled, it gets the least amount of resources required. No
additional resources are ever allocated to the module. BIG-IP allocates the minimum resources
the module needs to operate, and no more than that: resources will never increase. This setting
allocates the smallest amount of CPU, memory, and disk space to the corresponding module.

None(Disabled):
This setting indicates that there is no allocated CPU, memory, or disk space. When you select
the None (Disabled) setting, the system allocates no CPU, memory, or disk space to the module.
This is a typical setting for unlicensed modules. Depending on what you select or change, the
system might require a reboot after provisioning or deprovisioning a module

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

MGMT Module:
For the MGMT Module, we have three options Small, Medium and Large.
Small:
Used for LAB, testing environments, or very small deployments. With small no memory
allocation for MGMT Module.
Medium:
Can be used for deployments with up to 2000 configured objects. To identify the number of
objects configured on BIG IP use the command tmsh list one-line | wc -l .
Large:
Large is used for deployments with more the 2000 objects.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Certificate Provisioning:
Since the F5 management is available only in HTTPs, it needs a certificate. By default, this
certificate is self-signed, but you can use a custom certificate if you need to. In the Device
Certificates part of the configuration wizard, you can add one. By default, BIG IP will generate
self-signed certificate to be used with the GUI management. If we have certificate issued from
trusted CA, we can import it here.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Platform Settings:
At this point, we can configure the platform. Here we can change the hostname and the
password of the default users. On the platform page we can change the MGMT IP if needed
Specify the hostname of the device. You need to provide a Fully-Qualified Domain Name
(FQDN), and not just a name. Root Account Password (SSH Password). Select weather you want
to enable SSH access on the device or not. Specify what source addresses can access the device
via SSH Good Hardening Practice. The blue bar entry is must.

User Administration:
The BIG-IP system is preconfigured with two system accounts that are for use by BIG-IP system
administrators to perform the initial BIG-IP configuration. These are the root and admin
accounts. By default, the root account only has command line access means terminal access,
and the admin account only has GUI access. The admin user can also be configured to have
command line access, but the root user cannot be configured for GUI access. The passwords for
these users are default and admin, respectively, and should be changed either at this stage of
setup or later on.

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Network Wizard:
At this point you may enter the network wizard where you configure all networking stuff like
Redundancy or HA and other network parameters like NTP, DNS, Mirroring etc. Such config we
will do manually so we select Finish at this page.

Finally:
F5 BIG-IP appliance is ready to work as LTM device, and we can configure everything we need. If
you did things right, the management page will look something like the one below. You can see
on the left that we have the LTM Module configuration page (Local Traffic).

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

F5 BIG-IP Main Page:

Identification Area:
The identification area contains system identification information such as the host name, Fully
Qualified Domain Name ,management IP address, date and time. The current status of the
system and whether it is in active or standby state and Current Configuration Synchronization
State. All these are F5 BIG-IP System and User information.

F5 Logo:
Click on the logo to take you to Starting Page of F5 BIG-IP Local Traffic Manger.

Partition:
Partition is a logical container or storage area where you create a defined set of BIG-IP system
objects such as pools, nodes, profiles, and IRules. Partition is similar to local Disks C,D etc in
Windows Operating Systems. During BIG-IP system installation, the system automatically
creates a partition named Common. At a minimum, this partition contains all of the BIG-IP
objects that the system creates as part of the installation process. Until you create other
partitions on the system, all objects that you or other users create or manage automatically
reside in partition Common. Some users, such as those with the user role of Administrator, can
also create, update, and delete objects in partition Common. No user can delete partition
Common itself.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Navigation Pane:
The navigation pane, on the left side of the screen, contains the Main tab, the Help tab, and the
About tab. The Main tab provides links to the major configuration objects, and the Help tab
provides help screens. The About tab presents the content from the Welcome screen. The
Search tab allows you to select a list of objects to search.

Body Area:
The body is the screen area where the configuration settings display. On right side the whole
body of the page is called Body Area which show much information of clicked menu item or list.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Breadcrumb Trail:
A breadcrumb is a small text path, which located at the top of a page indicating where the user
is on the main page of F5 BIG-IP Local Traffic Manager (LTM).

Menu Bar:
The menu bar, which is below the identification area, and above the body, provides links to the
additional configuration objects within each major object.

Log Out:
If you want to Log Out from the F5 BIG-IP System click on the Right-Side top Corner green
button with white link written Log out.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Backup and Restore:
o User Configuration Set (UCS) is a backup file that contains BIG-IP configuration data.
o User Configuration Set can be used to fully restore BIG-IP system in the event of failure.
o Create a UCS archive before and after making significant changes to your BIG-IP system.
o Always, Create a User Configuration Set (UCS) archive before BIG-IP System upgrades.
o Store Create a User Configuration Set, archive files on a secure remote backup server.
o Restore UCS archive on same unit in which the archive was created, or same platform.
o Create, delete, upload, or download an archive, you must have administrator privileges.
o It contains BIG-IP configuration data that can fully restore BIG-IP system in event of failure.
o Each time you back up configuration data, the BIG-IP system creates a new UCS archive file.
o The BIG-IP system creates new UCS archive file in the /var/local/ucs directory in the system.
o To identify file easily, include a BIG-IP host name & current time stamp as part of file name.
o By default, the BIG-IP system will save the UCS archive file with a .ucs extension in system.

Web GUI Backup:

Open a browser window to https://192.168.100.76 and create a backup of your current
Configuration. In the menu options go to System> Archives > then click Create

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

To Download your new UCS backup to your workstation. System> Archives then click First-
backup-Basic.ucs file which created earlier.

Click Download: First-backup-Basic.ucs, then save to download folder.

Web GUI Restore:

Go to System > Archives. Select the UCS archive you want to restore. To initiate the UCS archive
restore process, select Restore. When the system completes the restore process, examine the
status page for any reported errors before proceeding to the next step. To return to the Archive
List page, select OK.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Click the name of the UCS archive that you want to restore. Click the Restore button to initiate
the UCS archive restore process. When the restore process is completed, examine the status
page for any errors reported before proceeding to the next step. Click the OK button to return
to the Archive List page.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Servers Configuration:
First let’s assign IP addresses to Servers click on Control Panel icon, it will open new windows
click on Network, it will open Interface configuration setting.

Assign IP Address Network Mask, Broadcast, Gateway and Name Servers click Apply.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Now let’s open terminal to modify the web server file.

cd /mnt/sda1/wwwsite/
sudo vi index.html

<html>
<head>
<title>This is Server 1</title>
</head>
<body style="background-color:red;">
<h1 style="color:yellow;">THIS IS SERVER 1</h1>
</body>
</html>

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

sudo cp /mnt/sda1/wwwsite/index.html /usr/local/httpd/bin/index.html

Apply to save the configuration permanently even after reboot.

filetool.sh -b

Finally, its configured let’s check and verify.

Similarly configure rest of two other server2 and server3.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Initial Working Lab:

Management Access Configuration:

Log in to the CLI using the default user account. Use root as username and default as password.
It will ask to change the password type old password default type new password Abc@Admin1

Issue the config command.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Once you get the prompt as shown below, click OK.

The next prompt will ask you if you want to use the automatic configuration, choose No.

Enter desired IP address for the management interface and click OK.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Enter desired subnet mask for the management interface and click OK.

To access the BIG-IP from any network, configure a default gateway, click Yes. You will be
prompted to enter the IP address of the default gateway and click OK

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Confirm the management IP address changes by clicking Yes.

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

It will prompt you to change the password type current password in our case Abc@admin1
while New password type the same Abc@admin1 and confirm Abc@admin1

Now login with new password Username Admin Password: Abc@admin1

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Internal VLAN Configuration:
On the Main tab, click Network > VLANs. The VLAN List screen opens. Click Create. The New
VLAN screen opens. In the Name field, type a unique Name for the VLAN. In the Tag field, type a
numeric tag, between 1-4094, for the VLAN, or leave the field blank if you want the BIG-IP
system to automatically assign a VLAN tag. The VLAN tag identifies the traffic from hosts in the
associated VLAN. From the Interface list, select an interface number. From the Tagging list,
select Tagged or Untagged. Select Tagged when you want traffic for that interface to be tagged
with a VLAN ID. If you specified a numeric value for the Customer Tag setting and from the
Tagging list you selected Tagged, then from the Tag Mode list, select a value. Click Add. Click
Finished.

6 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

External VLAN Configuration:
On the Main tab, click Network > VLANs . The VLAN List screen opens. Click Create. The New
VLAN screen opens. In the Name field, type a unique Name for the VLAN. In the Tag field, type a
numeric tag, between 1-4094, for the VLAN, or leave the field blank if you want the BIG-IP
system to automatically assign a VLAN tag. The VLAN tag identifies the traffic from hosts in the
associated VLAN. From the Interface list, select an interface number. From the Tagging list,
select Tagged or Untagged. Select Tagged when you want traffic for that interface to be tagged
with a VLAN ID. If you specified a numeric value for the Customer Tag setting and from the
Tagging list you selected Tagged, then from the Tag Mode list, select a value. Click Add. Click
Finished.

7 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Creating Static Self IP Addresses:
Static Self IP Address for Internal VLAN.
On the Main tab, click Network > Self IPs. Click Create. The New Self IP screen opens. In the
Name field, type a unique name for the self IP address. In the IP Address field, type an IP. This IP
address should represent the address space of the VLAN that you specify with the VLAN setting.
In the Netmask field, type the full network mask for the specified IP address. From the VLAN
list, select the VLAN to associate with this self IP address. From the Port Lockdown list, select
Allow Default. From the Traffic Group list, retain the default value or select a traffic group. Click
Finished. The screen refreshes and displays the new self IP address.

Static Self IP Address for External VLAN.

On the Main tab, click Network > Self IPs. Click Create. The New Self IP screen opens. In the
Name field, type a unique name for the self IP address. In the IP Address field, type an IP. This IP
address should represent the address space of the VLAN that you specify with the VLAN setting.
In the Netmask field, type the full network mask for the specified IP address. From the VLAN
list, select the VLAN to associate with this self IP address. From the Port Lockdown list, select
Allow Default. From the Traffic Group list, retain the default value or select a traffic group. Click
Finished. The screen refreshes and displays the new self IP address.

8 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Interfaces Status:
After configured VLAN go to the Main tab, click Network > Interfaces > Interface List. The
Interface List screen displays the list of interfaces on the system. In the Name column, click an
interface number. This displays the properties of the interface. For the State setting, verify that
the interface is set to Enabled.

9 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Creating Node:
Create 1st Node Server-1:
From the F5 home page, click Local Traffic > Nodes > Node List. Click Create. In the New Node
page, enter the following information: In the Name field, enter a name for the node. In the
Address field, enter the IP address of the node. Optionally, in the Description field, enter a brief
description for the node. In the Configuration area, keep the default configurations. Click
Finished. The new node is created.

Create 2nd Node Server-2 and 3rd Node Server-3:

From the F5 home page, click Local Traffic > Nodes > Node List. Click Create. In the New Node
page, enter the following information: In the Name field, enter a name for the node. In the
Address field, enter the IP address of the node. Optionally, in the Description field, enter a brief
description for the node. In the Configuration area, keep the default configurations. Click
Finished. The new node is created.

10 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

11 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717
Finally, all three Nodes Server-1, Server-2 and Server-3 look like below in screenshot.

Creating Pool:
From the F5 home page, click Local Traffic > Pools > Pool list. From the Pool List page, click
Create. Enter the following information in the New Pool page. From the Configuration drop-
down list, select Basic. In the Name field, enter a name for the pool. Optionally, in the
Description field, enter a brief description for your pool. For Health Monitors, select the
appropriate health monitor from the Available list, and move it to the Active list. You need
health monitors to ping the defined URLs at a defined interval and check whether the node is
alive. In the Resources area, select the appropriate load balancing method from the Load
Balancing Method drop-down list default Round Robin. Click the Members Tab. Click Add. Click
Node List. From the Address drop-down list, click to select the node that you want to add to the
pool. Enter the service port number. Keep the default configurations. Click Finished.

12 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Finally, the Pool is look like below in the screenshot.

13 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Create Virtual Server:
From the F5 home page, click Local Traffic > Virtual Servers > Virtual Server List. Click Create.
Click the Properties tab. In the General Properties area, enter the information: In the Name
field, enter a name for the virtual server. In the Destination field, enter the appropriate IP
address that has been allocated for your virtual server. Enter the service port number.

Click the Resources tab, from the Default Pool drop-down list select the pool you have created.
Click Finished.

14 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Local Servers Configuration:
Internal Server-1 IP Address 192.168.1.1
Internal Server-2 IP Address 192.168.1.2
Internal Server-3 IP Address 192.168.1.3

15 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Navigate to Server-1 Docker desktop click on WWW folder inside open html folder right click on
index.html file open with Pluma copy past below html click Save.
<html>
<head>
<title>This is Server 1</title>
</head>
<body>
<h1 style="color:red;">THIS IS SERVER 1</h1>
</body>
</html>

Navigate to Server-2 Docker desktop click on WWW folder inside open html folder right click on
index.html file open with Pluma copy past below html click Save.
<html>
<head>
<title>This is Server 2</title>
</head>
<body>
<h1 style="color:blue;">THIS IS SERVER 2</h1>
</body>
</html>

Navigate to Server-3 Docker desktop click on WWW folder inside open html folder right click on
index.html file open with Pluma copy past below html click Save.
<html>
<head>
<title>This is Server 3</title>
</head>
<body>
<h1 style="color:green;">THIS IS SERVER 3</h1>
</body>
</html>

16 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

External PCs Configuration:
External PC1 IP Address 192.168.2.1
External PC2 IP Address 192.168.2.2
External PC3 IP Address 192.168.2.3

17 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

Verification and Testing:
Open a new browser session on the external client and enter the address of the virtual
server at http://192.168.2.100

Refresh the web page it will change the server.

18 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

From the F5 home page, click Statistics > Dashboard> > Module Statistics > Local Traffic. In
Statistics Type in dropdown select Pools to see the traffic in and out.

From the F5 home page, click Statistics > Dashboard> > Module Statistics > Local Traffic. In
Statistics Type in dropdown select Nodes to see the traffic in and out.

19 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 00966564303717

VLAN:
o The VLANs represent a logical collection of hosts that can share network resources.
o It represent logical collection of hosts regardless of their physical location on network.
o You create a Virtual Local Area Network to associate physical interfaces with that VLAN.
o The F5 Networks recommends that you create three VLANs on each BIG-IP LTM device.
o VLAN for the external network, a VLAN for the internal network, and a VLAN for HA.
o Examples of Virtual Local Area Network (VLAN) names are External, Internal, and HA.
o A VLAN is a logical subset of hosts on a LAN that reside in the same IP address space.
o Reduce the size of broadcast domains, thereby enhancing overall network performance.
o Virtual Local Area Network reduce system and network maintenance tasks substantially.
o Enhance security on your network by segmenting hosts that must transmit sensitive data.
o VLANs are directly associated with the physical interfaces on the F5 BIG-IP LTM system.
o For each VLAN that create, must assign one or more BIG-IP system interfaces to that VLAN.
o You can assign not only individual interfaces to the VLAN, but also can assign trunks as well.
o MAC address of VLAN is the same MAC address of the lowest-numbered interface assigned.
o You can also create a VLAN and assign interfaces to the VLAN as a untagged interfaces.
o When assign interfaces as untagged, cannot associate other VLANs with those interfaces.
o When you assign interfaces as tagged, can associate multiple VLANs with those interfaces.
o VLAN tag is unique ID no. assign to VLAN, to identify VLAN to which each packet belongs.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Objects Description
Name Specifies the name of the VLAN.
Description Specifies descriptive text that identifies the VLAN.
Tag Type a tag number for the VLAN. The number between 1 and 4094.
Interface Specifies which interfaces this VLAN uses for traffic management.
Tagging Specifies whether the interface is tagged or untagged.
Add Click the Add button to add the interface you selected to the list.
Edit Select interface and click Edit button to modify the selected interface.
Delete Select interface and click the Delete button to remove the selected
interface from the list.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Objects Description
Create Click to create New VLAN in the System.
Name Displays the name of the VLAN. Click a name to view or modify.
Application Displays name of application associated with object. When use iApp.
Tag Displays the tag for the Virtual Local Area Network (VLAN).
Untagged Interfaces Lists the untagged interfaces associated with this VLAN.
Tagged Interfaces Lists the tagged interfaces associated with this VLAN.
Partition/Path Specifies the partition or path to which the VLAN belongs.
Delete Ticket the VLAN to Delete from the system.

Tagged:
Tagged means the VLAN dot1q header is going to be added to the frame and sent to the
downstream device. This is normally done to trunk interfaces (Cisco terminology "Trunk") on a
switch so it knows what VLAN the frame belongs to. Tagged = 802.1q tagging means multiple
VLANS on an interface. it is possible to configure an interface as both Tagged and Untagged.
The port is tagged meaning, it is a trunk port.

Untagged:
Untagged means the frame gets sent out the port with no VLAN information. You would do this
on an access port (Cisco terminology). Untagged = 1 VLAN per interface. The ports is untagged
in this case, you are configuring an access port.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Self IP (Internet Protocol):
o A self IP address is an IP address on the BIG-IP system that you associate with a VLAN.
o Self IP address is IP address that you associate with VLAN to access hosts in that VLAN.
o In Cisco Terms switches, Self IP is similar to SVI, where we assign IP address to the VLAN.
o You can associate self IP addresses not only with VLANs, but also with the VLAN groups.
o Self IP address is the IP address that is used to perform the monitoring in F5 BIG-IP LTM.
o Once enable Monitors for Pool Members in F5 then source IP address is F5 self IP address.
o For every VLAN you need to create a separate Self IP address in each of the F5 Device.
o Self IP address will be different for each F5 device if you are using active/passive HA.
o Each & every Self IP address create on F5 automatically gets MAC Address from Pool.
o When sending message to destination server, F5 system uses self IP addresses of VLANs.
o Static Self IP address is IP address that BIG-IP System does not share with another system.
o Any self IP address assign to default traffic group traffic-group-local-only is a static self IP.
o In F5 BIG-IP LTM platform, the “Self IP” term is associated with VLAN for each device.
o Self IP Address can also be used as the Default gateway for systems on an internal VLAN.

Floating Self IP:

o The Floating Self IP is the IP address, that is assigned to the Multiple F5 LTM devices.
o A Floating Self IP address is an IP address that two F5 BIG-IP LTM systems share.
o In Cisco terms, Floating IP Address is similar to Virtual IP address use in redundancy.
o Floating Self IP Address is used for configuration synchronization between F5 LTM.
o For every VLAN in F5 LTM, you need to create both Self IP Address & Floating Self IP.
o Any self IP address assign to default traffic group traffic-group-1 is a floating self IP.
o Floating Self IP is like HSRP virtual IP, it will float to active unit when failover occurs.
o A Floating Self IP address is used to support failover in a high-availability cluster.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Name Specifies the name of the self IP address definition.
Partition/Path Specifies partition or path to which the self IP address definition belongs.
IP Address Specifies the Internet Protocol (IP) address.
Netmask Specifies the full netmask.
VLAN/Tunnel Specifies the VLAN associated with this self IP address.
Port Lockdown Specifies protocols & services from which this self IP can accept traffic.
Traffic Group Specifies the traffic group to associate with the self IP.
Service Policy Specifies a service policy to associate with the self IP

Name Displays the self IP address definition name.

Application Displays the name of the application associated with the object.
IP Address Displays the Internet Protocol (IP) address.
Netmask Displays the full netmask or subnetmask.
VLAN/Tunnel Displays the VLAN associated with this self IP address.
Traffic Group Displays the traffic group to associate with the self IP.
Partition/Path Displays the partition or path to which the self IP address.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Interfaces:
o Key task of BIG-IP system configuration is configuration of BIG-IP system interfaces.
o Interfaces are physical ports use to connect BIG-IP system to other devices on network.
o These other devices can be next-hop routers, Layer 2 devices, destination servers etc.
o Through its interfaces, BIG-IP system can forward traffic to or from other network devices.
o Term interface refers to physical ports on BIG-IP system, every system includes multiple.
o Exact number of interfaces that you have on BIG-IP system depends on the platform type.
o management interface is special interface dedicated to performing management functions.

Configure Interface:
o To Configure Interfaces in F5 BIG-IP LTM with IP Addresses first need to create VLAN.
o After create VLAN in F5 BIG-IP LTM associate this VLAN with the physical interface.
o Second Create Self IP (which is an IP Address) and Associate this Self IP with the VLAN.
o Self IP is IP Addresses to be associated with VLAN which is then associated with Interface.

Interface Naming Conventions:

o By convention, the names of the interfaces on the BIG-IP system use the format <s>.<p>.
o Where s is the slot number of the network interface card (NIC), and p is the port number.
o The names of interfaces on the BIG-IP system examples are 1.1, 1.2, and 2.1 and so on.
o BIG-IP system interfaces already have names assigned to, do not explicitly assign them.
o Exception to interface convention is management interface, it has special name, MGMT.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Objects Description
Status Displays the current status of the interface.
Name Specifies the name of the interface. Click a name to open properties.
Description Displays Description of the Interface.
MAC Address Displays the media access control (MAC) address for the interface.
Media Speed Displays actual media speed at which interface is processing traffic.
VLAN Count Displays the number of VLANS with which this interface is associated.
Trunk Displays, if the interface is a member, the name of the trunk.
Forwarding Mode Displays the forwarding mode for the interface.
Enable Select the interface or interfaces to enable them.
Disable Select the interface or interfaces to disable them.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Nodes:
o A configuration object represented by the IP address of a device on the network.
o Nodes define the IP address of a physical resource like Linux Server with IP address.
o Node is the physical server that will receive traffic from the Load balancer 1.1.1.1.
o In simple word in BIG-IP Local Traffic Manager, Node is recognized by an IP address.
o In F5 BIG-IP LTM, a Device which represented by an IP (Internet Protocol) address.
o In F5 BIG-IP Local Traffic Manger (LTM) the nodes maybe associated to multiple pools.
o Can be Member of Multiple Pools at the same time as FTP & HTTP run on same node.
o Node or server is the idea of the physical or virtual server itself that will receive traffic.
o It can be created manually going to node tab or automatically when create pool member.

New Node:

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Objects Description
Name Specifies the name of the node.
Description Specifies descriptive text that identifies the node.
Address Specifies the IP address for the node.
Health Monitors Specifies health monitors that the system uses to monitor this node
Select Monitors Specifies the health monitors that monitor this node.
Availability Specifies, if you activate more than one health monitor, the number of
Requirement health monitors that must receive successful responses in order for
the node to be considered available.
All Specifies that all active health monitors must be successful before the
node is considered up.
At Least Specifies that the number of monitors you specify in Health
Monitor(s) must be successful before the node is considered up.
Ratio Specifies the ratio weight to assign to the node. Valid values range
from 1 through 65535.
Connection Limit Specifies a maximum established connection limit for a pool member
or node. The default is 0, meaning that there is no limit.
Connection Rate Specifies the maximum number of connections-per-second allowed
Limit for a node.

Node List:

Objects Description
Status Displays the current status of the node.
Name Displays the node name. Click a name to open properties.
Description Displays descriptive text that identifies the node.
Application Displays the name of the application associated with the object.
Address Displays the IP address of the node.
FQDN Displays the fully-qualified domain name of the node.
Ephemeral Displays whether the node is an ephemeral node.
Partition/Path Specifies the partition or path to which the node belongs

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Default Monitor:

Objects Description
Health Monitors Specifies the health monitors that monitor this node. Use the Move
buttons (<< and >>) to adjust monitor use.
Active Specifies health monitors that system currently uses to monitor node.
Available Specifies the health monitors that are configured on the system, and that
you can use to monitor this node.
Availability Specifies, if you activate more than one health monitor.
Requirement
All Specifies that all active health monitors must be successful before the
node is considered up.
At Least Specifies that the number of monitors you specify in Health Monitor(s)
must be successful before the node is considered up.

Node Statistics:

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Objects Description
Statistics Type Specifies the object for which screen displays statistics information.
Data Format Specifies how the system presents the statistics information.
Normalized Rounds values to the nearest whole number.
Unformatted Presents the actual value, including all decimal places.
Auto Refresh Automatically updates screen information at the interval you specify.
Stop Click Stop to halt the automatic update and disable Auto Refresh.
Refresh Click Refresh to update information on the screen
Status Displays the current status of the node.
Node Name Displays a list of currently defined nodes.
Bits Represents the cumulative number of bits that have been received from
(In) or sent to (Out) the node.
Packets Represents the cumulative number of Ethernet packets that have been
received from (In) or sent to (Out) the node.
Current Represents the number of currently open connections to the node.
Maximum Represents the maximum number of concurrent connections to the node.
Total Represents the cumulative number of connections to the node.
Requests Displays cumulative number of requests that have been made to node.

Node Status Signs:

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Status Sign Description
Green Circle The object is available. This icon indicates that the BIG-IP system
services traffic destined for this object.
Blue Square The availability of the object is unknown. For example, this status can
occur when the object is not configured for service checking, the IP
address of the object is misconfigured, or the object is disconnected
from the network. For BIG-IP APM sessions, this icon indicates that
the session is pending and not yet established.
Yellow The object is not currently available but might become available later
Triangle with no user intervention. For example, an object that has reached its
configured connection limit might show a yellow status and then
switch to a green status when the number of connections falls below
the configured limit.
Red The object is unavailable. This icon indicates that the BIG-IP system
Diamond cannot service traffic destined for this object. For example, this status
can occur when a node fails service checking because it has become
unavailable. This status requires user intervention to restore the
object status to green.
Black Circle A user has actively disabled an available object.
Black A user has actively disabled an unavailable object.
Diamond
Gray Icons A parent object has disabled the object, or the object is enabled but
unavailable because of another disabled object.
Black Square The availability of the object is unknown, and the object is disabled.

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Pool Members:
o Pool Member is IP address plus Service of Physical Server Example like 192.168.1.1:80.
o In F5 BIG-IP Local Traffic Manager Pool Members are added to Pools for load balancing.
o In F5 BIG-IP Local Traffic Manager we can add a same pool member in different pools.
o A pool member is a node and service port to which BIG-IP LTM can load balance traffic.
o Load Balancing is performed across Pool Members depends upon algorithm being used.

Pools:
o In F5 BIG-IP Local Traffic Manger Pools define logical groups of devices to send traffic to.
o Pool is logical set of devices, such as web servers, that group together to receive & process.
o Configuration object groups pool members together to receive & process network traffic.
o In F5 BIG-IP Local Traffic Manger When create pool, you assign pool members to the pool.
o Pool is a logical group of pool members which received and process traffic for Virtual Server.
o Pool can be added to virtual server using two methods, default pool options & using IRules.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

New Pool:

Objects Description
Name Specifies the name of the pool.
Description Specifies descriptive text that identifies the pool.
Health Monitors Specifies an association between a health or performance monitor
and an entire pool rather than with individual pool members.
Active Lists the health monitors that are already assigned to the pool.
Available Lists the health monitors that are available to add to the pool.
Load Balancing Specifies the load balancing method. The default is Round Robin.
Method
Priority Group Specifies whether the system load balances traffic according to the
Activation priority number assigned to the pool member.
New Members For each pool, specifies servers that are to be members of that pool.
Node List Presents a list of existing nodes that are each defined by an IP
address, where you can choose the new member.
Service Port Specifies the service port number of the member or click Select to
select a service port from a list of available service ports.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Pools Statistics:

Objects Description
Statistics Type Specifies object for which the screen displays statistics information.
Data Format Specifies how the system presents the statistics information.
Normalized Rounds values to the nearest whole number.
Unformatted Presents the actual value, including all decimal places.
Auto Refresh Automatically updates screen information at the interval you specify.
Stop Click Stop to halt the automatic update and disable Auto Refresh.
Refresh Click Refresh to update information on the screen.
Status Displays the current status of the pool or pool member.
Pool/Pool Displays a list of currently defined pool or pool members.
Member
Partition/Path Specifies partition or path to which the pool or pool member belongs
Bits Represents the cumulative number of bits that have been received from
(In) or sent to (Out) the pool or pool member.
Packets Represents the cumulative number of Ethernet packets that have been
received from (In) or sent to (Out) the pool or pool member.
Connections Represents info about connections using this pool or pool member.
Requests Displays cumulative number of requests that have been made to node.
Requests Queue Displays the depth and maximum age of the requests in the queue.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Pool Status:
o Shape of the icon indicates status that monitor has reported for that pool or pool member.
o Circle-shaped icon indicates that the monitor has reported the pool member as being up.
o Diamond-shaped icon indicates that monitor has reported the pool member as being down.
o In F5 BIG-IP LTM Pool, the color of the icon indicates the actual status of the node itself.
o Green shape indicates that the node is up, whereas red shape indicates that node is down.
o In F5 BIG-IP LTM Pool, A black shape indicates that the user intervention is required.
o Any time determine the status of a pool, which is based solely on status of its members.

Status Indicator Explanation

At least one pool member is available for processing the traffic.

No pool members are currently available but any one of them could
become available later, with no user action required. An example of an
unavailable pool member becoming available automatically is when the
number of concurrent connections to the pool member no longer exceeds
the value defined in the pool members Connection Limit setting.
All pool members are unavailable and therefore cannot accept traffic. A
reason for a pool member being unavailable is that an associated EAV
monitor has detected that the pool member is unavailable. When pool
status is red, user action is usually required.
The status of at least one pool member is unknown, and no other pool
members are available. Sample reasons for unknown pool-member status
are: One or more pool members has no associated monitor. Monitor
results are not available yet. The pool members IP address is
misconfigured. The parent node has been disconnected from the network.

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Virtual Server:
o The Virtual Servers define a Virtual IP Address and Service that LTM listens on it.
o Virtual Server allows BIG-IP systems to send, receive process & relay network traffic.
o Virtual Servers call Pools to NAT translate and load balance traffic to Pool Members.
o A Virtual Server is basically a proxy of the actual server physical, virtual, or container.
o The Virtual Server is the application endpoint that is presented to the outside world.
o Virtual Server points to a cluster of services that reside on one or more physical hosts.
o The Clients on an external network can send application traffic to a Virtual Server only.
o Which then Virtual Server directs the traffic according to your configuration instructions.
o Virtual Server is often to balance traffic load across pool of servers on internal network.
o Virtual Servers increase the availability of resources for processing the client requests.
o Virtual Servers distribute client requests across multiple servers to balance server load.
o In F5 each Virtual Server is uniquely identified by using an IP address and Port Number.
o Virtual Servers receive incoming traffic, perform basic destination IP address translation.
o Virtual Servers basically direct traffic to server nodes, which are grouped together in pools.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717
Objects Description
Name Specifies the name of the virtual server.
Description Specifies descriptive text that identifies the virtual server.
Type Specifies network service provided by virtual server. default is Standard.
Source Address Specifies IP address or network from which virtual server accepts traffic.
Destination Specifies destination IP address information to which the virtual server
Address /Mask sends traffic.
Service Port Type a service port or select a type from the list. When you select a type
from the list, the value in the Service Port box changes.
Notify Status to When enabled, specifies that the status of the virtual server contributes
Virtual Address to the associated virtual address status.
Status Specifies whether the virtual server and its resources are available for
load balancing.
Protocol Specifies a network protocol name you want the system to use to direct
traffic on this virtual server.
VLAN and Specifies the VLANs and tunnels for which the virtual server is enabled or
Tunnel Traffic disabled.
Source Address Specifies the type of address translation pool, used for implementing
Translation selective and intelligent source address translation.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

iRules Specifies the iRules you want run on this virtual server.
Policies Specifies the policies for the virtual server
Default Pool Specifies pool name that want virtual server to use as the default pool.
Default Specifies the persistence profile you want the system to use as the
Persistence Profile default for this virtual server.
Fallback Specifies the persistence profile you want the system to use if it cannot
Persistence Profile use the specified default persistence profile
Cancel Cancel all the setting
Repeat Repeat open new fresh windows and save already filled window.
Finished Finished the setting and save the setting.

Status Displays the current status of the virtual server.

Name Displays the virtual server name.
Description Display Description of the Virtual Server.
Application Displays the name of the application associated with the object.
Destination Displays IP address that is the destination of traffic for the virtual server.
Service Port Displays service for which virtual server is load balancing connections.
Type Displays the type of virtual server.
Resources For host virtual servers, presents a link for specifying resources for the
virtual server.
Partition/Path Specifies the partition or path to which the virtual server belongs.

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Virtual Addresses:
o Virtual Address is specific node or network IP address with which associate virtual server.
o For Example, if a virtual server's destination address & service port are 192.168.2.10:80.
o Then in this example the IP (Internet Protocol) address 192.168.20.10 is a virtual address.
o You can create a many-to-one relationship between virtual servers and a virtual address.
o For example, you can create the three virtual servers 192.168.2.10:80, 192.168.2.10:443.
o And 192.168.2.10:161 for the same virtual address, which is only one address 192.168.2.10.
o Cannot explicitly create virtual address; creates virtual address whenever create a Virtual S.
o Can modify the properties of virtual address and can enable and disable a virtual address.
o When disable virtual address, none of virtual servers associated can receive network traffic.
o Create virtual address indirectly when create first virtual server with destination address.

Status Displays the current status of the virtual address definition.

State Displays current state (Enabled or Disabled) of virtual address definition.
Name Displays the virtual address definition name.
Application Displays the name of the application associated with the object.
Address Displays the IP address of the virtual address definition.
Traffic Group The traffic group that contains this virtual IP address.
Partition/Path Displays partition or path to which the virtual address definition belongs.

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Harmony Endpoint Vs Mcafee Buyers Brief
No ratings yet
Harmony Endpoint Vs Mcafee Buyers Brief
6 pages
Refer To The Exhibit.: Ape3: Key Server - Customer 2 Ces: Group Members
No ratings yet
Refer To The Exhibit.: Ape3: Key Server - Customer 2 Ces: Group Members
57 pages
Web Application Firewalls For Dummies
No ratings yet
Web Application Firewalls For Dummies
35 pages
F5 Big-Ip Dns (Or GTM) : Rakesh
100% (1)
F5 Big-Ip Dns (Or GTM) : Rakesh
26 pages
ComputerNetworks LabManual PDF
No ratings yet
ComputerNetworks LabManual PDF
56 pages
Cisco Umbrella: First Line of Defense For Threats On The Internet
No ratings yet
Cisco Umbrella: First Line of Defense For Threats On The Internet
149 pages
Westcon BYOD 2012 F5
No ratings yet
Westcon BYOD 2012 F5
23 pages
Untitled
No ratings yet
Untitled
730 pages
Forwarding (IP) Lab:: Server1 Configuration
No ratings yet
Forwarding (IP) Lab:: Server1 Configuration
77 pages
Vendor Pam Datasheet
No ratings yet
Vendor Pam Datasheet
4 pages
Monitor Instances:: Created by Ahmad Ali E-Mail:, Mobile: 00966564303717
No ratings yet
Monitor Instances:: Created by Ahmad Ali E-Mail:, Mobile: 00966564303717
95 pages
Transit Routing in The ACI Fabric
No ratings yet
Transit Routing in The ACI Fabric
24 pages
f5 Asm Operations Guide
No ratings yet
f5 Asm Operations Guide
121 pages
BIG-IP Access Policy Manager and Edge Gateway v11.2 Customer Presentation
No ratings yet
BIG-IP Access Policy Manager and Edge Gateway v11.2 Customer Presentation
83 pages
fortiadc
No ratings yet
fortiadc
317 pages
CPPM Load-Balancing TechNote v1.0 PDF
No ratings yet
CPPM Load-Balancing TechNote v1.0 PDF
81 pages
F5 Rseries Introduction For Channel 2022
No ratings yet
F5 Rseries Introduction For Channel 2022
40 pages
Big Ip Asm V12 Ddos Profile: Global Service Tech Summit, Seattle
No ratings yet
Big Ip Asm V12 Ddos Profile: Global Service Tech Summit, Seattle
118 pages
AX Training v1.12
No ratings yet
AX Training v1.12
242 pages
Aruba Wlans and Advanced Design Fundamentals: #Atm15Anz - @arubaanz
No ratings yet
Aruba Wlans and Advanced Design Fundamentals: #Atm15Anz - @arubaanz
65 pages
FW2535 19.0v1 Getting Started With Security Heartbeat On Sophos Firewall
No ratings yet
FW2535 19.0v1 Getting Started With Security Heartbeat On Sophos Firewall
16 pages
SG 007 SD Wan SD Lan Design Arch Guide
No ratings yet
SG 007 SD Wan SD Lan Design Arch Guide
120 pages
Managing Sophos Firewall in Sophos Central
No ratings yet
Managing Sophos Firewall in Sophos Central
32 pages
CE4515 4.0v1 Getting Started With Sophos Central XDR Data Lake
No ratings yet
CE4515 4.0v1 Getting Started With Sophos Central XDR Data Lake
15 pages
Sonicwall VPN Strategy
No ratings yet
Sonicwall VPN Strategy
19 pages
What Is Endpoint Security
No ratings yet
What Is Endpoint Security
52 pages
Application Delivery Fundamentals: F5 101 Version Demo
No ratings yet
Application Delivery Fundamentals: F5 101 Version Demo
12 pages
FortiOS-7.2-VMware ESXi Administration Guide
No ratings yet
FortiOS-7.2-VMware ESXi Administration Guide
107 pages
Sonicwall Workshopv2.3
No ratings yet
Sonicwall Workshopv2.3
35 pages
MY k8s Day2 Chapter 7 f5 XC Lab
No ratings yet
MY k8s Day2 Chapter 7 f5 XC Lab
23 pages
FW3010 19.0v1 Configuring SSL Site-To-Site VPNs On Sophos Firewall
No ratings yet
FW3010 19.0v1 Configuring SSL Site-To-Site VPNs On Sophos Firewall
15 pages
FW9915 19.0v1 How To Find Help From Sophos
No ratings yet
FW9915 19.0v1 How To Find Help From Sophos
19 pages
Field Call Dynamic and Intelligent Security BIG-IP v11.2 (Slides)
No ratings yet
Field Call Dynamic and Intelligent Security BIG-IP v11.2 (Slides)
50 pages
FW3510 19.0v1 Configuring Authentication Servers and Services On Sophos Firewall
No ratings yet
FW3510 19.0v1 Configuring Authentication Servers and Services On Sophos Firewall
28 pages
Sophos Central Endpoint - Sophos AutoUpdate Service Is Missing
No ratings yet
Sophos Central Endpoint - Sophos AutoUpdate Service Is Missing
2 pages
HPE FlexNetwork MSR95x Router Series PDF
No ratings yet
HPE FlexNetwork MSR95x Router Series PDF
25 pages
LTM Fundamentals ExGuide - v12.0.0.08
No ratings yet
LTM Fundamentals ExGuide - v12.0.0.08
191 pages
Zta Nist SP 1800 35b Preliminary Draft
No ratings yet
Zta Nist SP 1800 35b Preliminary Draft
127 pages
Fortiweb Trouble Shooting
No ratings yet
Fortiweb Trouble Shooting
239 pages
Traffic MGMT QFX
No ratings yet
Traffic MGMT QFX
1,196 pages
Basic F5 LTM Troubleshooting SSL Ciphersuits - Using Httpwatch and Long Run Tcpdumps
No ratings yet
Basic F5 LTM Troubleshooting SSL Ciphersuits - Using Httpwatch and Long Run Tcpdumps
25 pages
Sophos Intercept X DS
No ratings yet
Sophos Intercept X DS
2 pages
Barracuda NextGen Firewall F WAN Track-Student Guide Rev1
No ratings yet
Barracuda NextGen Firewall F WAN Track-Student Guide Rev1
92 pages
f5 Distributed Cloud Ddos Mitigation Managed Service
No ratings yet
f5 Distributed Cloud Ddos Mitigation Managed Service
8 pages
Adm c1 Sd01 Actstbypair
No ratings yet
Adm c1 Sd01 Actstbypair
18 pages
Thunder ADC: Agile Application Delivery & Security
No ratings yet
Thunder ADC: Agile Application Delivery & Security
20 pages
VMW VCP NV Exam Preparation Guide
No ratings yet
VMW VCP NV Exam Preparation Guide
7 pages
CyberArk UseCase 3
No ratings yet
CyberArk UseCase 3
1 page
F5 Configuring BIG-IP GTM v11 Student Guide
No ratings yet
F5 Configuring BIG-IP GTM v11 Student Guide
328 pages
Devnet 2204
No ratings yet
Devnet 2204
35 pages
Forticlient Ios 7.0 Admin Guide
No ratings yet
Forticlient Ios 7.0 Admin Guide
38 pages
Vsphere Esxi Vcenter Server 601 Networking Guide
No ratings yet
Vsphere Esxi Vcenter Server 601 Networking Guide
244 pages
Tripwire Industrial Platform Support 2017Q2
No ratings yet
Tripwire Industrial Platform Support 2017Q2
4 pages
Fortiadc-V5 2 0-Handbook PDF
No ratings yet
Fortiadc-V5 2 0-Handbook PDF
669 pages
AOS-CX Switch Simulator - Loop Protect Lab Guide
No ratings yet
AOS-CX Switch Simulator - Loop Protect Lab Guide
9 pages
Ccse 2013 Study Guide
No ratings yet
Ccse 2013 Study Guide
52 pages
Firewalls Buyer's Guide and Reviews February 2021
No ratings yet
Firewalls Buyer's Guide and Reviews February 2021
41 pages
Web Security Appliance Virtual
No ratings yet
Web Security Appliance Virtual
2 pages
Dns 1
No ratings yet
Dns 1
110 pages
Virtual AED 7.1.0.0 Installation Guide
No ratings yet
Virtual AED 7.1.0.0 Installation Guide
68 pages
Network operating system A Complete Guide
From Everand
Network operating system A Complete Guide
Gerardus Blokdyk
No ratings yet
F5 Network
No ratings yet
F5 Network
4 pages
F5101 5 PDF
No ratings yet
F5101 5 PDF
39 pages
301 B
No ratings yet
301 B
1 page
F5101 7 PDF
No ratings yet
F5101 7 PDF
30 pages
F5 101 - Application Delivery Fundamentals: Part 1: Networking Basics
No ratings yet
F5 101 - Application Delivery Fundamentals: Part 1: Networking Basics
26 pages
F5101 2
No ratings yet
F5101 2
5 pages
Big Ip Access Policy Manager Ds PDF
No ratings yet
Big Ip Access Policy Manager Ds PDF
17 pages
Static Load-Balancing Methods
No ratings yet
Static Load-Balancing Methods
61 pages
Asm Note
No ratings yet
Asm Note
1 page
GTM Advanced Topics - v5
No ratings yet
GTM Advanced Topics - v5
11 pages
BRKCRS 2637
No ratings yet
BRKCRS 2637
56 pages
Basic Packet Injection (Capturing Network Traffic) Using Wire Shark.
No ratings yet
Basic Packet Injection (Capturing Network Traffic) Using Wire Shark.
4 pages
585348 Dasar Dasar Jaringan Komputer 4953d189
No ratings yet
585348 Dasar Dasar Jaringan Komputer 4953d189
49 pages
Networking Devices, Media and Connector
No ratings yet
Networking Devices, Media and Connector
12 pages
unit 3
No ratings yet
unit 3
45 pages
HPE Storage Switch M-Series SN3700M-a00067749enw
No ratings yet
HPE Storage Switch M-Series SN3700M-a00067749enw
29 pages
Ethernet-Lab Manual
No ratings yet
Ethernet-Lab Manual
14 pages
CCNA Training Automation Questions
No ratings yet
CCNA Training Automation Questions
8 pages
Muhammad Fawad
No ratings yet
Muhammad Fawad
5 pages
CONFIG CMFA CFA EXP Sematinya Sampai Juni V10.yaml (SFILE
No ratings yet
CONFIG CMFA CFA EXP Sematinya Sampai Juni V10.yaml (SFILE
12 pages
DCN Unit 3
No ratings yet
DCN Unit 3
27 pages
TC2873en-Ed01 SIP Trunk SIPProvider NET4YOU ConfigurationGuideline R12.4
No ratings yet
TC2873en-Ed01 SIP Trunk SIPProvider NET4YOU ConfigurationGuideline R12.4
99 pages
2015 Winter Model Answer Paper
No ratings yet
2015 Winter Model Answer Paper
31 pages
Unit-7 Socket Options
No ratings yet
Unit-7 Socket Options
103 pages
Kishan CN 1
No ratings yet
Kishan CN 1
16 pages
CCN Q Ba
No ratings yet
CCN Q Ba
5 pages
Unit-3 CN
No ratings yet
Unit-3 CN
70 pages
All Units
No ratings yet
All Units
310 pages
LTRT 31617 Mediant MSBR Basic System Setup Cli Configuration Guide Ver 72
No ratings yet
LTRT 31617 Mediant MSBR Basic System Setup Cli Configuration Guide Ver 72
86 pages
Prelim Quiz 2 - UGRD-IT6304A Data Communication and Networking 4
No ratings yet
Prelim Quiz 2 - UGRD-IT6304A Data Communication and Networking 4
8 pages
Adobe Scan 08 Nov 2023
No ratings yet
Adobe Scan 08 Nov 2023
20 pages
Grundfosliterature 6226670
No ratings yet
Grundfosliterature 6226670
48 pages
33-OSPF-Configuration
No ratings yet
33-OSPF-Configuration
8 pages
54-SNAT+Lab
No ratings yet
54-SNAT+Lab
6 pages
Dokumen - Tips - Jncia Lab Guide
No ratings yet
Dokumen - Tips - Jncia Lab Guide
19 pages
Ch10. Security in Network Design (PPT Slides)
No ratings yet
Ch10. Security in Network Design (PPT Slides)
17 pages
Lab 10 Using Packet Tracer in Simulation Mode
No ratings yet
Lab 10 Using Packet Tracer in Simulation Mode
7 pages
Red Hat Enterprise Linux 9 Configuring and managing networking
No ratings yet
Red Hat Enterprise Linux 9 Configuring and managing networking
373 pages
Comparison of VLAN Vs Subnet in TCP
No ratings yet
Comparison of VLAN Vs Subnet in TCP
8 pages