PBC - LTM - v13.0 - E
PBC - LTM - v13.0 - E
PBC - LTM - v13.0 - E
(LTM) Fundamentals
F5 Partner Technical Boot Camp
Written for TMOS v13.0
• Lesson 1: BIG-IP Installation
• Lesson 2: Processing Traffic
• Lesson 3: Using SNAT
• Lesson 4: Priority Group Activation
• Lesson 5: Health Monitors
• Lesson 6: Profiles
• Lesson 7: Persistence
• Lesson 8: SSL Termination
• Lesson 1: BIG-IP Installation
Initial BIG-IP System Setup
BIG-IP System Initial Setup
IP Address 192.168.1.245/24
Username / Password BIG-IP configuration utility: admin / admin
CLI: root / default
Configure the Management Port Using CLI
https://<mgmt
https://<mgmt port
port IP>
IP>
Log in to the BIG-IP System
F5 Licensing
Server
18.202.191.1
/config/bigip.license
127.20.10.3 172.20.10.4
Manual Licensing
F5 Licensing
Server
172.20.20.1
127.20.10.3 172.20.10.4
Two Methods for Manual Licensing
Using the F5 Licensing Server Web Site
Download or Copy the F5 License
Paste the License on the BIG-IP System
Resource Provisioning
Provisioning a module
requires a license
Setup Utility – Platform Page
F5 Networks recommends
changing the root and admin
account passwords
Setup Utility – Standard Network
create “NAME”
Two Methods to Issue TMSH Commands
Use Command Completion
• In this exercise:
• Access Ravello lab environment
• Re-activate BIG-IP license
• Complete Setup Utility
• Explore tmsh commands
• Create an archive file
• Estimated completion time: 30 minutes
• Lesson 1: BIG-IP Installation
• Lesson 2: Processing Traffic
• Lesson 3: Using SNAT
• Lesson 4: Load Balancing
• Lesson 5: Health Monitors
• Lesson 6: Profiles
• Lesson 7: Persistence
• Lesson 8: SSL Termination
Nodes
Physical or
logical server
Represented by
an IP address
Represented by an
IP address and a port
Each pool is
configured with a load
balancing method
Ratio
Round Robin
(Member)
BIG-IP LTM is a
default deny device
Represented by an
IP address and a port
104.219.2.100:80 104.219.2.100:443
104.219.2.100:80 104.219.2.100:443
Request packet
Source IP: 18.200.150.10:4003
Member: 172.20.10.1:80
Destination IP: 172.20.10.1:80
Request packet #2
Source IP: 18.200.150.10:4003
Destination IP:
104.219.2.100:80
104.219.2.100:80 104.219.2.100:443
Request packet #2
Source IP: 18.200.150.10:4003
Member: 172.20.10.2:80
Destination IP: 172.20.10.2:80
Request packet #3
Source IP: 18.200.150.10:4003
Destination IP: 104.219.2.100:80
104.219.2.100:80 104.219.2.100:443
172.20.10.3
is offline
Request packet #3
Source IP: 18.200.150.10:4003
Member: 172.20.10.4:80
Destination IP: 172.20.10.4:80
Request packet
Source IP: 18.200.150.10:4003 Response packet
Destination IP: 104.219.2.100:80 Source IP: 104.219.2.100:80
Destination IP: 18.200.150.10:4003
104.219.2.100:80 104.219.2.100:443
Response packet
Source IP: 172.20.10.1:80
Destination IP: 18.200.150.10:4003
104.219.2.100:80 104.219.2.100:443
Request packet
Source IP: 18.200.150.10:4003 172.20.10.240
172.20.10.241
Destination IP: 172.20.10.1:80
Solution #2:
Use Secure Network
Response Address
packet
Translation
Source (SNAT)
IP: 172.20.10.1:80
Destination IP: 18.200.150.10:4003
DG: 172.20.10.241
104.219.2.100:80 104.219.2.100:443
TMOS:
Traffic Management
Operating System
• In this exercise:
• Create a pool of HTTP web servers
• Create virtual server for the new pool
• Use statistics to test traffic flow
• View the Network Map and logs
• Estimated completion time: 50 minutes
• Lesson 1: BIG-IP Installation
• Lesson 2: Processing Traffic
• Lesson 3: Using SNAT
• Lesson 4: Priority Group Activation
• Lesson 5: Health Monitors
• Lesson 6: Profiles
• Lesson 7: Persistence
• Lesson 8: SSL Termination
SNAT Concepts
188.50,.22.19
Request from
172.20.1.1 Self IP: 172.20.1.1
18.90.220.50
104.219.104.148
Use SNAT to give Internet
access to internal nodes with
private IP addresses
172.20.5.20
172.20.5.15
172.20.10.3 172.20.10.4
SNAT Routing Using Auto Map
External VLAN
Internal VLAN
Configuring SNAT Auto Map
• In this exercise:
• Examine the client IP before adding SNAT
• Add SNAT Auto Map, and then examine the
client IP address
• Estimated completion time: 15 minutes
• Lesson 1: BIG-IP Installation
• Lesson 2: Processing Traffic
• Lesson 3: Using SNAT
• Lesson 4: Priority Group Activation
• Lesson 5: Health Monitors
• Lesson 6: Profiles
• Lesson 7: Persistence
• Lesson 8: SSL Termination
Priority Group Activation
HTTP Pool
Use Priority Group Activation
1 2 3 4 5
6 7 8 9 10
40 40 40 40 40 30 30 30 30 15 15 15 15 15
1 2 3 4 5 6 7 8
9 10 11 12 13 14
40 40 40 40 40 30 30 30 30 15 15 15 15 15
40 40 40 40 40 30 30 30 30 15 15 15 15 15
• In this exercise:
• Use priority groups
• Estimated completion time: 15 minutes
• Lesson 1: BIG-IP Installation
• Lesson 2: Processing Traffic
• Lesson 3: Using SNAT
• Lesson 4: Priority Group Activation
• Lesson 5: Health Monitors
• Lesson 6: Profiles
• Lesson 7: Persistence
• Lesson 8: SSL Termination
Health Monitors Overview
LEGEND
Unknown
Monitoring ensures that
BIG-IP LTM does not send
Available
requests to offline servers
172.20.10.4
172.20.10.1 172.20.10.2 172.20.10.3 available?
available? available? available?
Offline
ping ping
172.20.10.1 172.20.10.3
Offline
TCP connection
available?
Offline
Available
Offline
Virtual server
104.219.2.100:80
Pool
• In this exercise:
• Assign node monitors
• Create and test a custom HTTP monitor
• Estimated completion time: 40 minutes
• Lesson 1: BIG-IP Installation
• Lesson 2: Processing Traffic
• Lesson 3: Using SNAT
• Lesson 4: Priority Group Activation
• Lesson 5: Health Monitors
• Lesson 6: Profiles
• Lesson 7: Persistence
• Lesson 8: SSL Termination
Profiles Overview
104.219.2.100:80 104.219.2.100:443
SSL profiles
Persistence profiles
104.219.2.100:80 104.219.2.100:443
1 2 3 4
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
Profile Dependencies in the Configuration Utility
Create a Profile
Basic Profile Configuration
?
LTM Exercise 6 – Use a Stream Profile
• In this exercise:
• Create a custom HTTP monitor
• Create a stream profile
• Examine the changes to the web page after
applying the custom profiles
• Estimated completion time: 30 minutes
• Lesson 1: BIG-IP Installation
• Lesson 2: Processing Traffic
• Lesson 3: Using SNAT
• Lesson 4: Priority Group Activation
• Lesson 5: Health Monitors
• Lesson 6: Profiles
• Lesson 7: Persistence
• Lesson 8: SSL Termination
Persistence Overview
Web applications
A persistence usingcan
profile
shopping
change the carts
BIG-IPmust
LTM load
maintain client
balancing state
behavior
104.219.2.100:80 104.219.2.100:443
Member: 172.20.10.4:80
172.20.10.3:80
1 1
2 2
3 3
4 4
172.20.10.1 172.20.10.2 172.20.10.3 172.20.10.4
1 1
2 2
3 3
172.20.10.1 172.20.10.2 172.20.10.3 172.20.10.4
188.15.20.90
Member: 172.20.10.2:80
1
5
2 9
6 12
3 10
7
4 8 11
172.20.10.1 172.20.10.2 172.20.10.3 172.20.10.4
1
2
3
172.20.10.1 172.20.10.2 172.20.10.3 172.20.10.4
• In this exercise:
• Use source address persistence
• Use cookie persistence
• Estimated completion time: 20 minutes
• Lesson 1: BIG-IP Installation
• Lesson 2: Processing Traffic
• Lesson 3: Using SNAT
• Lesson 4: Priority Group Activation
• Lesson 5: Health Monitors
• Lesson 6: Profiles
• Lesson 7: Persistence
• Lesson 8: SSL Termination
Advantages of SSL Termination with BIG-IP LTM
Cookie persistence and iRules with SSL traffic
virtual server
Create a Self-Signed Certificate
Configure a Self-Signed Certificate
• In this exercise:
• Create an HTTPS pool and virtual
• Create a self-signed certificate
• Create a client SSL profile
• Add the client SSL profile to the virtual server
• Estimated completion time: 30 minutes