Tuesday, September 4, 2012

BIG IP F5 LTM Tutorial - Part 10


6. Profiles

Ø  Profile is very powerful configuration tools in BIG IP F5 LTM which hold all traffic management & simplify settings of objects which can be tedious & complicated without these profiles.

Ø  Profiles  Provide :
o   A single place to define specific traffic behaviour.
o   A centralized place to utilize that object settings.
o   A Centralized place to change any settings & have them applied to all application using an existing profile.

Ø  A profile tells a virtual server how to process packets when it receives based upon the profile’s configuration parameters
.
Ø   Profiles are used by LTM system to manage the processing of traffic through each virtual server.
For Example:
o   If you want to encrypt /decrypt traffic then you can use clientssl/serverssl profile.
o   If you want to increase the speed at which the virtual server processes HTTP requests then assign fasthttp profile.

Ø  You can use existing profile or can create custom profile based on application requirement.

Ø  You can associate multiple profiles to single virtual server.

Ø  We have certain restriction & dependency using these profiles i.e.
o   HTTP profile needs TCP profile in place to process traffic.
o   HTTP & FTP profile cannot associate with single virtual server.

Ø  As a general rule, profile of given layer of OSI model are depend upon profile of lower layers & profile of the same layer cannot co-exists.
o   For Example: HTTP profile is required to process cookies and HTTP profile requires a TCP profile.
o   For Example: TCP & UDP profile cannot co-exist in one Virtual Server.

Ø  At a minimum, a Virtual Server must reference a connection lever profile, based on UDP, FastL4 or TCP profile type. Thus if you have not assigned any profile then LTM adds a default profile (UDP, FastL4, TCP) depend  on Virtual Server protocol setting , If you have selected UDP then it will add UDP profile or if you have selected TCP then it will add FastL4 Profile. ( Types of profile are mention below)

Ø  Types of profile :
o   Protocol (Connection Oriented)
ü  Protocol Support parameters concerning timeouts and connection management. All Virtual Server have at least one protocol profile.
o   Services (Data Type Oriented)  
ü  Service based profile support special feature for select application. For HTTP it’s knowledge of various HTTP headers & data structure. For FTP it’s the ability to support Active / Passive FTP, but both services will have same protocol profile i.e. TCP.
o   Persistence (Session Oriented)
ü  Persistence profile defines multiple methods that the LTM system uses to treat multiple TCP connection to treat TCP connections as Single session. There are different type of persistence profile & you can configured based or your requirement.
o   SSL (Encryption Oriented)
ü  SSL based profile support encryption / decryption.
o   Authentication (Security Oriented)

Ø  Configuration of Profile :
o   Till now we had configured Node, Pool Member, and Pool & Virtual Server.
o   After configuration you can verity that by default Virtual Server will have FastL4 profile.
o   You can modify these profiles or can create custom profile.
o   For MY_SERVER_HTTP - fasthttp  and MY_SERVER_HTTPS- clientssl

root@chetan(Active)(tmos)# modify ltm virtual MY_SERVER_HTTP profiles replace-all-with { fasthttp }
root@chetan(Active)(tmos)# modify ltm virtual MY_SERVER_HTTPS profiles replace-all-with { clientssl }

o   Default available profile options under Virtual Server  : - 



o   Also you can create custom profile based on application requirement.



Note: Check restriction before applying any profile to virtual server



Saturday, September 1, 2012

BIG IP F5 LTM Tutorial - Part 9


Now we are ready to Configure BIG IP F5 LTM through CLI mode and after this post every one will know that in reality configuring through CLI is VERY EASY.

CLI Configuration of Nodes, Pool Member, Pools, Virtual Server & Monitors

Ø  Telnet / SSH to BIG IP Box
Ø  After success full login you will get prompt : [root@chetan:Active] config #
Ø  This prompt or CLI mode is the legacy CLI mode but we are not going to use this CLI mode.
Ø  We will be working with shell mode, for shell mode type “tmsh” and hit enter. You will go to BIG IP shell mode & will get prompt root@chetan(Active)(tmos)# . ( TMOS that we discussed Part2
Note : To auto complete your command you can use "Tab" button. It will help you to complete the command & '?" is to check the available options. ( Same as Cisco )

Configure Node & assign ICMP monitor:-

 root@chetan(Active)(tmos)# create ltm node 172.16.1.2 up
root@chetan(Active)(tmos)# modify ltm node 172.16.1.2 monitor icmp
root@chetan(Active)(tmos)# modify ltm node 172.16.1.2 screen TEST_SER1

root@chetan(Active)(tmos)# create ltm node 172.16.1.1 up
root@chetan(Active)(tmos)# modify ltm node 172.16.1.1 monitor icmp
root@chetan(Active)(tmos)# modify ltm node 172.16.1.1 screen TEST_SER2

root@chetan(Active)(tmos)# show ltm node  172.16.1.1
root@chetan(Active)(tmos)# show ltm node  172.16.1.2

Configure Pool, Adding Members from Node list; Assign Monitors & Load balancing method

Ø  Assign Custom Monitors

root@chetan(Active)(tmos)# create ltm pool MY_SER1 members add { 172.16.1.1:80 }
root@chetan(Active)(tmos)# create ltm monitor http TEST_HTTP send GET/index.html interval 10 timeout 30
root@chetan(Active)(tmos)# modify ltm pool MY_SER1  monitor TEST_HTTP
root@chetan(Active)(tmos)# modify ltm pool MY_SER1  load-balancing-mode round-robin

Ø  Assign Default Monitors

root@chetan(Active)(tmos)# create ltm pool MY_SER2 members add { 172.16.1.2:443 }
root@chetan(Active)(tmos)# modify ltm pool MY_SER2 monitor https_443
root@chetan(Active)(tmos)# modify ltm pool MY_SER2  load-balancing-mode round-robin

Ø  Verification Command

root@chetan(Active)(tmos)# show ltm pool MY_SER1
root@chetan(Active)(tmos)# show ltm pool MY_SER2

root@chetan(Active)(tmos)# show ltm pool MY_SER1  members
root@chetan(Active)(tmos)# show ltm pool MY_SER2  members

Configure Virtual Server and Assign Pool

root@chetan(Active)(tmos)# create ltm virtual MY_SERVER_HTTP destination 1.1.1.1:80
root@chetan(Active)(tmos)# modify ltm virtual MY_SERVER_HTTP  pool MY_SER1
root@chetan(Active)(tmos)# show ltm virtual MY_SERVER_HTTP

root@chetan(Active)(tmos)# create ltm virtual MY_SERVER_HTTPS destination 2.2.2.2:443
root@chetan(Active)(tmos)# modify ltm virtual MY_SERVER_HTTPS  pool MY_SER2
root@chetan(Active)(tmos)# show ltm virtual MY_SERVER_HTTPS

To Delete Config

root@chetan(Active)(tmos)# delete  ltm virtual MY_SERVER
Note : If you remember we discussed the CLI hierarchy in Part6, if you won't remember then  please check & come back, so that you can easily understand the Command line interface. It will explain you that why & when to use ltm , sys, net ...etc.


Show Command:

root@chetan(Active)(tmos)# show sys hardware
root@chetan(Active)(tmos)# show sys license
root@chetan(Active)(tmos)# show sys version
root@chetan(Active)(tmos)# show sys cpu
root@chetan(Active)(tmos)# sh net route
root@chetan(Active)(tmos)# sh net arp
root@chetan(Active)(tmos)# sh net interface
root@chetan(Active)(tmos)# sh net vlan
root@chetan(Active)(tmos)# show ltm virtual MY_SERVER
root@chetan(Active)(tmos)# show ltm pool MY_POOL members
root@chetan(Active)(tmos)# show ltm node  172.16.1.1
root@chetan(Active)(tmos)# show ltm virtual-address
root@chetan(Active)(tmos)# sh running-config net interface
root@chetan(Active)(tmos)# sh running-config net vlan
root@chetan(Active)(tmos)# sh running-config net route
root@chetan(Active)(tmos)# sh running-config net self
root@chetan(Active)(tmos)# sh running-config ltm virtual
root@chetan(Active)(tmos)# sh running-config ltm pool
root@chetan(Active)(tmos)# sh running-config ltm pool members
root@chetan(Active)(tmos)# sh running-config ltm node
root@chetan(Active)(tmos)# sh running-config ltm virtual-address all-properties
[root@chetan:Active] config # bigtop –n (real time statistics)

Type of Load balancing:  Static & Dynamic

Static Load balancing              : Ratio & Round Robin
Dynamic Load Balancing        : Least Connection, Fastest, Observed, Predictive, Dynamic Ratio

dynamic-ratio-member
observed-node
dynamic-ratio-node
predictive-member
fastest-app-response
predictive-node
fastest-node
ratio-member
least-connections-member
ratio-node
least-connections-node
round-robin
least-sessions
weighted-least-connections-member
observed-member
weighted-least-connections-node


Advance Configuration:

root@chetan(Active)(tmos)# modify ltm node 172.16.1.1 ratio 10
ü  Specifies the fixed ratio value used for a node during ratio-node load balancing.

root@chetan(Active)(tmos)# modify ltm pool MY_SER1 members modify { all { priority-group 10 } 172.16.1.1:http }
ü  Specifies the priority group within the pool for this pool member. The priority group number specifies that traffic is directed to that member before being directed to a member of a lower priority. The default value is 1. This feature is use when you need logical grouping in your pool & treat them as a primary server & secondary server. The Traffic will be forwarded to primary or higher priority group server unless those servers fail or reach their fail threshold.  (Priority group is by default disabled )

root@chetan(Active)(tmos)# modify ltm pool MY_SER1  members modify { all { connection-limit 1000 } }
ü  Specifies the maximum number of concurrent connections allowed for a pool member. The default value is 0 (zero)

root@chetan(Active)(tmos)# modify ltm pool MY_SER1  members modify { all { dynamic-ratio 10 } }
ü  Specifies a range of numbers that you want the system to use in conjunction with the ratio load balancing method. The default value is 1

root@chetan(Active)(tmos)# modify ltm pool MY_SER1 members modify { all { state down }}
ü  Marks the pool member up or down. The default value is up

root@chetan(Active)(tmos)# modify ltm pool MY_SER1 min-active-members (value)
ü  Specifies the minimum number of pool members that must be up; otherwise the system takes the action specified in the min-up-members-action option. Use this option for gateway pools in a redundant system where a unit number is applied to the pool. This indicates that the pool is only configured on the specified unit.

Note: All advance option is not covered here & for further detail please visit www.f5.com