F5: Difference between revisions
Content added Content deleted
| Line 24: | Line 24: | ||
* Virtual server - combination of virtual IP and port, is also known as listener and we associate virtual server to pool members. |
* Virtual server - combination of virtual IP and port, is also known as listener and we associate virtual server to pool members. |
||
= load |
= load balancing methods = |
||
| ⚫ | |||
Dyanamic -LFOPD (least connection ,fastest ,observed,predective,dyanmic ratio ) |
|||
| ⚫ | |||
* Dynamic -LFOPD -> Least connection, Fastest, Observed, Predictive, Dynamic ratio |
|||
;Details: |
|||
Least connection - |
* Least connection - Load balancing is based on no of connection counts, if the connection counts are equal it will use round robin. |
||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
;Load balancing by pool member or node: |
|||
| ⚫ | |||
| ⚫ | |||
== Monitors == |
|||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
load balacing by poolmember or node . |
|||
| ⚫ | |||
| ⚫ | |||
== Profiles == |
|||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
-------------------------------------------------------------------------------------- |
|||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
------------------------------- |
|||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
= Persistence types = |
= Persistence types = |
||
Revision as of 23:58, 14 December 2022
Interfaces
- Control Plane
eth0 - Mgmt Syslog traffic uses this interface
- Data Plane
tmm interfaces - usually trunk HSL - High Speed Logging uses this interface
- Self IP -> Monitoring Traffic
- Float IP -> Application traffic
-> Only active on Active Unit
-> Pcaps filter with this IP else it will have Monitoring traffic as well.
F5 Training
- LTM How BIG IP process Traffic
- Node - represent the Ip address
- Pool member - combination of Ip address and port number, in other words pool member is application server on which F5 will redirect the traffic Pool-combination of pool member.
- Virtual server - combination of virtual IP and port, is also known as listener and we associate virtual server to pool members.
load balancing methods
- Static - Round robin, Ratio
- Dynamic -LFOPD -> Least connection, Fastest, Observed, Predictive, Dynamic ratio
- Details
- Least connection - Load balancing is based on no of connection counts, if the connection counts are equal it will use round robin.
- Fastest - No of layer 7 request pending on each member.
- Observed - ration load balancing method but ratio assigned by BIG IP, No off least connections counts BIG IP assign the request and check dynamically and assign the ratio's of the request.
- Predictive - similar to observed but assigns the ratio aggressively based on average connection counts .
- Load balancing by pool member or node
- Priority activation -helps to configure back sets for existing pool members .BIG IP will use high priority pool member first .
- Fallback host is only used for HTTP request ,if all the pool members are not available BIG will redirect the client request
Monitors
- Check the status of nodes and pool members, if any pool member response time is not good or is not responding Big IP will not send the request to that node.
- Monitor type
- Address check - BIG IP send ICMP request and wait for reply if there is no reply it considers nei down does not send the traffic further to that node.
- Service check - will check TCP port number on which server is listening ,if no response it considers down ----
- Content check - we can check if the server is responding with right contest ,like for http request get/http .... request is send .
- Interactive check - TEST for FTP connection .once connection is open username and password is send then request is send get /file once file is received connection is closed .
- F5 recommends time out = 3n+1 (frequency) for setting the monitor for http
- Customization of monitor
- Assign nodes to monitor
Profiles
- Defining traffic behavior for virtual server.
- Profiles contains setting how to process traffic though virtual servers. If for certain application BIG IP load balance the traffic then it will break the client connection
to avoid this we use prescience profile so that return request for the client is send to same server.
- Persistence profile - is configured for clients and group of clients how BIG IP knows the returning client request need to send to same server, persistence profile is configured taking source IP address of http cookie
- SSL termination
- FTP profile
- All virtual servers have layer four profile includes TCP, UDP, Fast, l4
- Profile types - service profile, persistence profile ,protocol profile, SSL profile, authentication profile, other profiles.
Persistence types
- Source address persistence: keeps the track of source ip address, administrator can set the net mask in persitance record so that all lients in same mask will assigned to same pool member.
- Limitation -if the client address being NAted .
- Cookie persistance -only uses http protocol
- Three modes : (insert ,rewrite ,passive ) mode.
Insert mode -BIG ip create special cookie in HTTP resonse to client . rewrite -pool member created blanl cookie and big ip inserts special cookie passive -pool memeber created special cookie and BIG IP let it pass through
SSL Profile
- SSL is secured socket layer .
- Website which uses HTTPS we need to us SSL profile as traffic is being Nated for source clients and web app is using https protocol.
- Using SSL termination BIG can decrypt the traffic and assigned to pool member.
- BIG IP contains SSL encryption hardware so all the encruption and key exchange are done in hardware .centralized certifiacte management.
iRule
- I-rule is a script that direct traffic though BIG IP , based on TCl command language .I rule give controll of inbound and outbound traffic from Big IP.
- Irule contains follwing events ( I rule name ,events ,condtion ,action )