F5: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
Line 1:
[[Category:LoadBalancers]]
__TOC__
<br />
= Interfaces =
Line 18 ⟶ 21:
;LTM How BIG IP process Traffic
* Node - represent the Ip address
Line 44 ⟶ 46:
* Check the status of nodes and pool members, if any pool member response time is not good or is not responding Big IP will not send the request to that node.
;Monitor type
* Address check - BIG IP send ICMP request and wait for reply if there is no reply it considers nei down does not send the traffic further to that node.
* Service check - will check TCP port number on which server is listening ,if no response it considers down ----
* Content check - we can check if the server is responding with right contest ,like for http request get/http .... request is send .
* Interactive check - TEST for FTP connection .once connection is open username and password is send then request is send get /file once file is received
* F5 recommends time out = 3n+1 (frequency) for setting the monitor for http
* Customization of monitor
* Assign nodes to monitor
Line 63 ⟶ 65:
to avoid this we use prescience profile so that return request for the client is send to same server.
* Persistence profile - is configured for clients and group of clients how BIG IP knows the returning client request need to send to same server, persistence profile is configured taking source IP address of http cookie.
* SSL termination
Line 71 ⟶ 73:
* All virtual servers have layer four profile includes TCP, UDP, Fast, l4
* Profile types - service profile, persistence profile
== Persistence Types ==
* Source address persistence: keeps the track of source
* Limitation - if the client address being
* Cookie
* Three modes : (insert ,rewrite ,passive ) mode.
Insert mode - BIG ip create special cookie in HTTP
rewrite - pool member created
passive - pool
== SSL Profile ==
Line 103 ⟶ 105:
= Deploy F5 in KVM =
[10.170.131.132:8443] ---------> [Mgmt-192.168.122.109:8443]
[10.170.131.132:443] ----------> [VIP-192.168.122.110:443] --------------> [CentOS-192.168.122.98:80]
* Download the Image from F5 Portal:
Line 111 ⟶ 113:
<pre>
virt-install --name ubuntu-trusty --ram 256 --disk path=/var/kvm/images/trusty.img,size=3 --vcpus 1 --os-type linux --os-variant ubuntutrusty --graphics none --console pty,target_type=serial --location 'http://fr.archive.ubuntu.com/ubuntu/dists/trusty/main/installer-amd64/' --extra-args 'console=ttyS0,115200n8 serial'
sudo virt-install --name bigip\
Line 139 ⟶ 140:
--os-variant=rhel6 \
--import --autostart --noautoconsole
sudo virsh shutdown bigip
sudo virsh destroy bigip
sudo virsh undefine --domain bigip
sudo virsh list --all
sudo virsh net-dhcp-leases default
10.170.131.132
192.168.122.109
sudo virsh console bigip
Line 164 ⟶ 160:
tmsh show sys management-ip --> notworking
tmsh show running-config
nano /etc/libvirt/hooks/qemu
#!/bin/bash
Line 184 ⟶ 177:
# avoid duplicate as this hook get called for each VM
[ $v -le 2 ] && /sbin/iptables -I FORWARD 1 -o virbr0 -m state -s 10.170.131.0/24 -d 192.168.122.109/32 --state NEW,RELATED,ESTABLISHED -j ACCEPT
chmod -v +x /etc/libvirt/hooks/qemu
Line 195 ⟶ 187:
-A PREROUTING -d 10.170.131.132 -p tcp --dport 443 -j DNAT --to-destination 192.168.122.109:443 -m comment --comment "Port443 for BigIP"
COMMIT
sudo iptables -t nat -I PREROUTING -p tcp -d 10.170.131.132 --dport 8443 -j DNAT --to-destination 192.168.122.109:8443
Line 202 ⟶ 192:
sudo iptables -I FORWARD -m state -d 192.168.122.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
sudo service netfilter-persistent save
curl -sk -u root:kIr@t#29 -H "Content-Type: application/json" -X GET https://192.168.122.109/mgmt/tm/sys/management-ip | jq -M .
192.168.122.145
root/kIr@t#29
tmsh install /sys license registration-key
tmsh
modify /security firewall management-ip-rules rules add { example_mgmt_rule { action accept destination { addresses add { 192.168.122.109 } ports add { 443 } } ip-protocol tcp log yes place-before first source { addresses add { 10.170.131.1-10.170.131.254 } ports none } status enabled uuid auto-generate } }
save /sys config
=== Install CentOS ===
Line 226 ⟶ 210:
virt-customize -a CentOS-7-x86_64-GenericCloud-2111.qcow2 --root-password password:DDYrTXJZTJldOqimb68ZK5KCmRpbdBOe
Now able to login to new guest as root / DDYrTXJZTJldOqimb68ZK5KCmRpbdBOe
sudo virt-install \
Line 241 ⟶ 223:
--os-variant=rhel6 \
--import --autostart --noautoconsole
sudo iptables -t nat -I PREROUTING -p tcp -d 10.170.131.132 --dport 443 -j DNAT --to-destination 192.168.122.110:443
Line 247 ⟶ 228:
sudo iptables -I FORWARD -m state -d 192.168.122.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
</pre>
<br />
;References
<references/>
<br />
<br />
<br />
{{DISQUS}}
|