Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
12 / 17 / 2010
BIG-IP LTM Essentials Web-Based Training Lab Guide 2010 F5 Networks, Inc.
P-2
Preface
Phone
(206) 272-6888
support@f5.com
Email (suggestions)
feedback@f5.com
Contacting F5 Networks
Web
www.f5.com
F5 Networks, Inc.
F5 Networks, Ltd.
F5 Networks, Inc.
F5 Networks, Inc.
Corporate Office
401 Elliott Avenue West
Seattle, Washington 98119
United Kingdom
Chertsey Gate West
Chertsey Surrey KT16 8AP
Asia Pacific
5 Temasek Boulevard
#08-01/02 Suntec Tower 5
Japan
Akasaka Garden City 19F
4-15-1 Akasaka, Minato-ku
T (888) 88BIG-IP
T (206) 272-5555
F (206) 272-5557
Training@f5.com
United Kingdom
T (44) 0 1932 582-000
F (44) 0 1932 582-001
EMEATraining@f5.com
Singapore, 038985
T (65) 6533-6103
F (65) 6533-6106
APACTraining@f5.com
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Preface
Legal Notices
Copyright
Copyright 2010, F5 Networks, Inc. All rights reserved.
F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5 assumes no
responsibility for the use of this information, nor any infringement of patents or other rights of third parties which may result
from its use. No license is granted by implication or otherwise under any patent, copyright, or other intellectual property
right of F5 except as specifically described by applicable user licenses. F5 reserves the right to change specifications at any
time without notice.
Trademarks
F5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, Acopia, Acopia Networks, Application Accelerator, Ask F5, Application
Security Manager, ASM, ARX, Data Guard, Enterprise Manager, EM, FirePass, FreedomFabric, Global Traffic Manager,
GTM, iControl, Intelligent Browser Referencing, Internet Control Architecture, IP Application Switch, iRules, Link
Controller, LC, Local Traffic Manager, LTM, Message Security Module, MSM, NetCelera, OneConnect, Packet Velocity,
Secure Access Manager, SAM, SSL Accelerator, SYN Check, Traffic Management Operating System, TMOS,
TrafficShield, Transparent Data Reduction, uRoam, VIPRION, WANJet, WebAccelerator, and ZoneRunner are trademarks
or service marks of F5 Networks, Inc., in the U.S. and other countries, and may not be used without F5's express written
consent.
Patents
This product protected by U.S. Patent[s] 6,374,300; 6,473,802; 6,970,933; 7,051,126; 7,102,996; 7,146,354; 7,197,661;
7,206,282; 7,287,084. Other patents pending.
RF Interference Warning
This is a Class A product. In a domestic environment this product may cause radio interference, in which case the user may
be required to take adequate measures.
FCC Compliance
This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of FCC
rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is
operated in a commercial environment. This unit generates, uses, and can radiate radio frequency energy and, if not installed
and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of
this equipment in a residential area is likely to cause harmful interference, in which case the user, at his own expense, will
be required to take whatever measures may be required to correct the interference.
Any modifications to this device, unless expressly approved by the manufacturer, can void the user's authority to operate
this equipment under part 15 of the FCC rules.
Standards Compliance
This product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable to Information
Technology products at the time of manufacture.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
P-3
Table of Contents
Lab Instructions: .........................................................................................................Lab-1
Connecting to the F5 Training Lab Environment ....................................................... Lab-1
The F5 Training Lab Network .................................................................................... Lab-3
F5 Training Lab limitations ........................................................................................ Lab-4
BIG-IP LTM Essentials Web-Based Training Lab Guide 2010 F5 Networks, Inc.
Toc-2
Table of Contents
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Introduction
Welcome to the BIG-IP LTM Essentials Web-Based Training Course Student Lab Guide. The purpose of the
BIG-IP LTM Essentials course is to introduce the basic information you need to set up and operate the BIG-IP
Local Traffic Manager (LTM) from F5 Networks. The purpose of this Lab Guide is to provide all the
information and exercises you need to work directly with a BIG-IP LTM system and solidify the concepts you
have learned in the associated Web-based training modules.
The hands-on lab exercises included in this course are critically important to your learning. These exercises are
especially helpful if you can do them as soon as possible after completing the associated training module.
Therefore, we recommend the following approach when taking this course:
Work through the training module as close to the start of your lab time as possible.
After completing the training module, move into the lab exercises. Be sure to complete the entire
exercise, including the review questions at the end.
There are eleven modules in this course, each one taking approximately thirty minutes to complete. To
complete the entire course, including modules and labs, will take you about fourteen hours.
In addition to the lab exercises, this guide contains other useful information.
Appendix B explains the various customer support resources that are available. We highly
recommend that you review this listing. You may find some of these resources to be very valuable
while working your way through this course.
Appendix C contains an informative list of other training courses available from F5 Global
Training Services. After completing this introductory course, you may want to enroll in one or
more of these classes to gain a deeper understanding of BIG-IP LTM.
BIG-IP LTM Essentials Web-Based Training Lab Guide 2010 F5 Networks, Inc.
Introduction
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Module
Lab
Instructions
1 Lab Initial Setup
Lab-1
1-1
6. The first time you connect you will need to install the Cloudshare plug-in and may need to
enable pop-ups for it to install. This is a first-time only install.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
1-2
Lab-2
Module 1 Lab
Lab
Initial
Instructions
Setup
1. Each lab starts assuming an un-configured BIG-IP and then instructs you to restore a UCS
backup file that was captured at the end of the previous lab.
2. If during your lab time you wish to revert back to this un-configured state you may do so by
selecting Actions and then Revert Now.
3. Rather than restoring UCS files at the beginning of each new lab you may also work straight
through all the labs. From an instructional angle, F5 recommends doing the Module WBT,
then the lab for that Module. Then the next Module WBT and its corresponding lab.
4. Also, you can only enter the F5 Training Lab environment from
the links within F5 University (ie. the graphic to the right).
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Module
Lab
Instructions
1 Lab Initial Setup
Lab-3
1-3
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
1-4
Lab-4
Module 1 Lab
Lab
Initial
Instructions
Setup
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
1-5
LAB CONFIGURATION
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
1-6
Lab Requirements:
PC Configuration
Your PC is configured with two IP Addresses in order to reach both the Management and client
networks once they are configured on your BIG-IP.
PC Mgmt IP Address
PC Client IP Address
192.168.1.30/24
10.10.1.30/16.
Licensing Steps
1. You should first see the Setup Utilitys Welcome screen. Click Next.
2. Normally, you would need to license your BIG-IP System. For these labs, the systems should
already be licensed. Review the features that are licensed and then click Next.
Provisioning Steps
1. The second screen should be Provisioning. Verify that Local Traffic (LTM) is set to
Nominal, any other products are set to None (Disabled) and then click Next.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
1-7
Setup Utility
1. Within the General Properties section, specify the following:
IP Address:
Network Mask:
Management Route:
Host Name:
Host IP Address:
High Availability:
Unit ID:
Time Zone:
192.168.1.245
255.255.255.0
Leave blank
bigip1.f5trn.com
Use Management Port IP Address
Redundant Pair
1
America/Los Angeles
default
default
admin
admin
Enabled
* All Addresses
3. Click Next.
NOTE: When you type in the admin password field you will be required to log back into
the system whether the password has been changed or not.
Once this first step of administrative access has been configured, you can configure self-IP addresses
and VLANs. We will choose the Basic Network Configuration option, which will step through
creating two VLANs, internal and external, and their IP addresses, and interfaces. Each self IP will
be assigned Port Lockdown settings. Port lockdown limits administrative access to the self IP
addresses. Because we have configured the system as a redundant pair, Allow Default should be
selected for Port Lockdown on self IPs of the internal VLAN to ensure the systems will be able to
communicate.
Because we have configured as a redundant pair, the administrator will also be prompted for a partner
address and a floating IP address for each VLAN. Generally, the partner address should be an
address on the internal VLAN to minimize security concerns. Floating addresses are shared between
the systems and used by the system that is currently active. These concepts are discussed in the
Redundant Pair module.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
1-8
172.16.1.31
255.255.0.0
Allow Default
172.16.1.33
Allow Default
172.16.1.32
5. Click the Next button to configure the External VLAN, then specify the following:
10.10.1.31
255.255.0.0
Allow 443
Leave blank
10.10.1.33
Allow 443
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
1-9
Access both the Web Configuration utility and Command Line (SSH) utility for BIG-IP
LTM system and get familiar with the interface
Lab Requirements:
User ID and password of the BIG-IP LTM systems Web Configuration Utility
User ID and password of the BIG-IP LTM systems Command Line Interface
PC Configuration
Your PC is configured with two IP Addresses in order to reach both the Management and client
networks once they are configured on your BIG-IP.
Mgmt IP Address
Client IP Address
192.168.1.30/24
10.10.1.30/16.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
1-10
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
1-11
Create a backup of the BIG-IP System on both the BIG-IP and your desktop.
Lab Requirements:
Saving a configuration
1. From the Navigation pane, click the System section.
2. Select Archives, then click Create.
3. Within the General Properties section, specify the following:
File Name
Encryption
Private Keys
Version
Module1_End
Disabled
Include
BIG-IP Version (read only)
b.
c.
d.
Decompress the file and extract the file: tar -xvzf Module1_End.ucs. The
resulting files show the directory structure and all files stored in the *.ucs file.
Individual files can be viewed with cat, tail, more and other tools.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
1-12
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
2-13
Verify functionality
Lab Requirements:
IP and port addresses available for use on BIG-IP LTM that can be reached by the client
systems
Actual servers with appropriate routes to return traffic through each BIG-IP LTM system
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
2-14
Basic
http_pool
Leave Blank
Round Robin
Disabled
172.16.20.1 port 80
172.16.20.2 port 80
172.16.20.3 port 80
vs_http
10.10.1.100
80 (or HTTP)
Enabled
Leave Blank
Leave Blank
http_pool
None
None
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
2-15
Expected result: 5 connections per refresh distribute evenly among the pool members.
The webpage consists of the index.html and 4 objects. The web servers have keep-alives
disabled.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
2-16
vs_https
10.10.1.100
443 (or HTTPS)
Enabled
Basic
https_pool
Leave Blank
Round Robin
Disabled
172.16.20.1 port 443
172.16.20.2 port 443
172.16.20.3 port 443
NOTE: Since the members IP addresses are the same, you could select Node List and
choose the members IP addresses from the drop-down list.
Leave Blank
Leave Blank
https_pool
None
None
10. When complete, make sure to click Finished for the virtual server.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
2-17
Expected result: You may see six connections the first time you request the page, (due to
the SSL key exchange) but should see five connections per subsequent refresh. The
requests should be evenly distributed among the pool members.
Confirm that the virtual server was created. Students often neglect to hit Finish
for the virtual server after hitting Finish for the pool.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
2-18
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
3-19
Choose differing load balancing methods and view the resulting behavior
Choose differing member priority and ratio values and view the resulting behavior
Lab Requirements:
Access to a BIG-IP LTM with at least a pool with two or more working members
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
3-20
Ratio
1
2
3
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
3-21
Expected result: Traffic will be distributed to the members with a 1:2:3 ratio.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
3-22
Ratio
1
2
3
Priority Group
1
4
4
In step (9), 172.16.20.1:80 should receive no traffic. The traffic will be distributed to the
other members with a 2:3 ratio
In step (14), 172.16.20.2:80 should receive no traffic. The traffic will be distributed to the
other members with a 1:3 ratio
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
4-23
Lab Requirements:
Access to a BIG-IP LTM with at least one pool with two working members
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
4-24
my_icmp
ICMP
10
31
No
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
4-25
Leave Blank
Node Specific
my_icmp in Active column
All
Leave as Defaults
None
Leave as Default
Conclusion
At this point, each node is being tested differently. Node 172.16.20.1 has a specific assignment,
my_icmp. Node 172.16.20.2 has no monitor assigned. Node 172.16.20.3 is using the Node Default
monitor, which is currently icmp. This is not a recommended configuration; rather it is used to
demonstrate the three ways monitors can be associated with nodes.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
4-26
Basic
http
my_http
HTTP
http
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
4-27
4-28
Conclusion
At this point, each member is being tested differently. Member 172.16.20.1:80 is set to inherit from
pool where the pool has http assigned. Member 172.16.20.2:80 has a specific assignment, my_http.
Member 172.16.20.3:80 has no assigned monitor. This configuration is not recommended; rather it is
used to demonstrate the three ways monitors can be associated with members.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
4-29
my_https
HTTPS
https
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
4-30
Basic
my_https
NOTE: [1-3] is a simple regular expression that matches any single character in the
range from 1 to 3.
Available or Green
Unknown or Blue
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
There is no Lab for Module 5 Profiles. There are labs using Profiles in both Modules 6,
Persistence, and 7 Labs, SSL Termination.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
5-31
5-32
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
6-33
Verify functionality
Lab Requirements:
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
6-34
Expected result: All pool members should receive approximately equal amounts of
traffic. If not, ensure that step (1) was followed.
sign.
Pr_Src_Persist
Persistence Type
Parent Profile
source_addr
4. In the Configuration Section, leave all fields at the default settings except for the following:
Timeout
Mask
6-35
https_pool
Pr_Src_Persist
None
Persistence Records
Data Format
Normalized
Auto Refresh
Disabled
8. Leave the * in the search field (show all records) and click Search or Refresh.
9. If no persistent sessions currently appear, refresh your screen connecting to
https://10.10.1.100 and then refresh the Persistence Records Statistics again.
10. Why might the persistent connection not appear the first time?
Expected result: While the persistence record is active, all traffic from that client will be
directed to a single pool member. Since the persistence record is configured to remain
for only 15 seconds, it may time out before you navigate to the persistence statistics.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
6-36
Verify functionality
Lab Requirements:
sign.
Pr_Cookie_Persist
Persistence Type
Cookie
Parent Profile
Cookie
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
6-37
1. In the Configuration Section, leave all settings at default except for the following:
Expiration
http_pool
Pr_Cookie_Persist
None
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
6-38
http_pool
None
None
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
6-39
Lab Requirements:
NOTE: You may want to extend the persistence timeout value in the Persist_Source
profile before beginning this lab.
6-40
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
7-41
Create a virtual server that will use the clientssl profile and load balance traffic
Lab Requirements:
7-42
Generate a certificate
1. From the Navigation pane, expand the Local Traffic section.
2. Either select SSL Certificates and click Create or hover your mouse over SSL Certificates
and then click the
Self
www.test.com
Training
F5 Networks
Seattle
Washington
US
Leave blank
365
sign.
3. In the General Properties section, enter the name Pr_Client_SSL and accept clientssl as the
parent profile.
4. From the Configuration section, check the custom button to the right of Certificate and
Key, and choose TestCertificate or your new name from the drop-down list.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
7-43
5. Click Finished.
vs_ssl
10.10.1.102
443 (or HTTPS)
Enabled
4. In the Configuration section, accept all defaults except the SSL Profile (Client) option, and
choose the Pr_Client_SSL profile youve just created.
5. In the Resources section, select http_pool as the Default Pool.
6. Click Finished.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
7-44
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
8-45
Lab Requirements:
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
8-46
Configure a NAT
1. From the Navigation pane, expand the Local Traffic section.
2. Either select SNATs, the NAT List tab, and Create, or use the flyout menus to expand
SNATs NATs and click the
sign.
10.10.1.200
Origin Address
172.16.20.2
State
Enabled
Enabled
VLAN Traffic
All VLANs
5. Click Finished.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
8-47
SNAT Labs
Lab Requirements:
Gateway
172.16.1.33
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
8-48
IP Address: 172.16.1.201
Origin
Address List
Type Network
Address 10.0.0.0
Netmask 255.0.0.0
Click Add
VLAN Traffic
All VLANs
Unchecked
5. Click Finished.
Source IP at Server
Which SNAT
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
9-49
Configure a series of iRules, pools, and virtual servers in order to demonstrate a variety
of rule features and functions.
Lab Requirements:
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
9-50
iRules Lab #1
Create and use an iRule that processes requests based on the file extension.
Create a Pool
1. From the Navigation pane, expand the Local Traffic section.
2. Either select Pools and then click Create, or use the flyout menus to expand Pools and click
the
sign.
Basic
Name
pool1
Health Monitors
Leave Blank
Round Robin
Disabled
New Members
Enter and press Add
IP: 172.16.20.1
Port: * All Services
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
9-51
rule_txt_end
when HTTP_REQUEST {
if {[HTTP::uri] ends_with "txt"} {
pool pool1
}
}
Definition
vs_rule_txt
Destination
10.10.1.101
Service Port
80 (or HTTP)
State
Enabled
4. In the Configuration section, leave all fields at their default except the following:
HTTP Profile
http
5. In the Resources section, leave all fields at their default except the following:
iRules
rule_txt_end
http://10.10.1.101/file.txt
b.
http://10.10.1.101/text.txt
c.
http://10.10.1.101
NOTE: Currently, you should get an error message (Cannot display webpage for IE and
Connection reset for Firefox) page not found for url http://10.10.1.101 because there is
no Default Pool or an else leg for the iRule. Also, files such as file.txt, text.txt and
text.one, only exist on Server 1 (172.16.20.1)
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
9-52
b.
c.
3. Open a new browser, test client connections and explain your results.
a. http://10.10.1.101/file.txt
b. http://10.10.1.101/text.txt
c. http://10.10.1.101
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
9-53
iRules Lab#2
Lab 2 Overview
Create and use an iRule that processes requests based on the TCP port.
Name
rule_tcp_port
Definition
when CLIENT_ACCEPTED {
if {[TCP::local_port] == 80} {
pool pool1
}
elseif { [TCP::local_port] == 443 } {
pool pool2
}
}
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
9-54
vs_tcpport
Destination
10.10.1.103
Service Port
* All Ports
State
Enabled
rule_tcp_port
Default Pool
pool3
b.
c.
3. To which node is traffic being directed for each client request above and why?
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Module 10 Labs
Lab Redundant
RedundantPair
Pair
10-55
Setup utility
Configuring a pair of BIG-IP systems is very similar to configuring a single BIG-IP system. When
you choose Redundant Pair for the High Availability option in the setup utility, there are a few
additional parameters than must be set. You must set each systems Unit ID, specify a partner
address, and set floating (shared) IP addresses for each VLAN.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
10-56
Module
Module10
10Labs
Lab Redundant Pair
13. The configuration for BIG-IP #1 should be as if you had just finished all Module9 Labs.
Please verify this is the case. Your configuration should be licensed and include five Pools,
two iRules, five Virtual Servers, and Monitors assigned to some but not all Pool Members.
No Pool Members should be marked Offline (red) or Disabled (black). Finally, the vs_https
Virtual Server should have a Source Address Persistence Profile assigned.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Module 10 Labs
Lab Redundant
RedundantPair
Pair
10-57
Step
Management Port IP address
Management Port Netmask
Hostname
High Availability
Unit ID
root password
admin password
SSH Access
System Y
192.168.1.246
255.255.255.0
bigip2.f5trn.com
Redundant Pair
2
default
admin
* All Addresses
Internal
172.16.1.32
255.255.0.0
Allow Default
172.16.1.33
172.16.1.31
1.2 Untagged
External
10.10.1.32
255.255.0.0
Allow Default
Leave Blank
10.10.1.33
1.1 Untagged
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
10-58
Module
Module10
10Labs
Lab Redundant Pair
Synchronization Lab
Synchronization should always be from the systems whose configuration is desired. In our case, we
wish to Synchronize the BIG-IP #1 configuration to BIG-IP #2 since it has no configuration.
At this point, the BIG-IP #1 and #2 system configurations should be similar. Verify that
BIG-IP #2 has the same Virtual Servers, Pools, Profiles, Monitors and iRules as BIG-IP
#1. The License, Hostname and Self IPs (Network / Self IPs) should be different.
If the Self IPs are the same for both systems, verify the following:
If BIG-IP #2 does not have Virtual Servers from BIG-IP #1, verify the following:
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
11-59
12.
13.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
11-60
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
11-61
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
11-62
8. Normally you would remove the Ethernet cable but for remote labs we will disable Network
Failover on unit #2.
9. How quickly did the standby system change to the active role also?
10. If disabling Network Failover on unit #2 does not cause it to go active then you may need
to disable Network Failover on unit #1 also.
11. Note that when both systems are in active mode; both are trying to service all virtual servers,
NATs and SNATs.
12. Again, normally we would now replace the Ethernet cable but for remote labs we will enable
Network Failover again on both units.
13. Unit #2 should now fall back to standby state.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
11-63
Lab Requirements:
A working Active / Standby redundant pair of BIG-IPs.
Basic
ssh_pool
Leave Blank
Round Robin
Disabled
172.16.20.1 port 22
172.16.20.2 port 22
172.16.20.3 port 22
vs_ssh
10.10.1.100
22 (or SSH)
Enabled
ssh_pool
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
11-64
Perform Failover
1. Force the Active system to standby (System / High Availability / Force to Standby).
2. Notice that the SSH connection has been lost.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
11-65
Lab Requirements:
You must have a virtual server and pool appropriate for persistence other than cookie persistence.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
11-66
Perform Failover
1. Force the Active system to standby. (System / High Availability / Redundancy / Force to
Standby).
2. Refresh the session to https://10.10.1.100. While there is some chance the same node may
be chosen, the https session does not persist to the same server. If it does seem to persist to
the same node, failover again and test. You may need to refresh by pressing Ctrl-F5 to ensure
the browser does not simply display its cache.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Lab Project
LP-67
LP-68
Lab Project
Type
Settings
Associations
my_http
http
Interval 5, Timeout 16
Receive String Server
Others leave at defaults
http_pool
(Once pool is created, below.)
Type
Settings
Associations
icmp
Node Default
Load Balance
Members
Port
Ratio
Priortity
ssh_pool
Round Robin
172.16.20.1
172.16.20.2
172.16.20.3
22
22
22
1
1
1
1
1
1
http_pool
Ratio Member
Priority Group
Activation
Less than 2
172.16.20.1
172.16.20.2
172.16.20.3
80
80
80
2
2
1
1
4
4
https_pool
Round Robin
172.16.20.1
172.16.20.2
172.16.20.3
443
443
443
1
1
1
1
1
1
Monitors
my_http
Profile
Type
Parent Profile
Settings
Pr_Src_Persist
Persistence
Source
Address
source_addr
Pr_SSL_term
SSL
Client
clientssl
Certificate of TestCertificate
and a Key of TestCertificate
BIG-IP LTM Essentials Web based Training Lab Guide 2009 F5 Networks, Inc.
Lab Project
LP-69
IP Address
Port
Resources
vs_ssh
10.10.1.100
22
ssh_pool
Defaults only
vs_http
10.10.1.100
80
http_pool
SNAT Automap
vs_https
10.10.1.100
443
https_pool
Pr_Src_Persist
vs_ssl
10.10.1.102
443
http_pool
Pr_SSL_term
BIG-IP LTM Essentials Web based Training Lab Guide 2009 F5 Networks, Inc.
LP-70
Lab Project
Verification
Activity
Questions
Working?
BIG-IP LTM Essentials Web based Training Lab Guide 2009 F5 Networks, Inc.
Lab Project
LP-71
Review Questions
1. Which admin users passwords are changed by the BIG-IP setup utility, and what access do
they have?
4. How are monitors created, and what can they be assigned to?
5. If a particular node is in a node disabled condition, will any types of client requests still be
directed to that pool member?
6. What is the difference between the client SSL and server SSL Profiles?
BIG-IP LTM Essentials Web based Training Lab Guide 2009 F5 Networks, Inc.
LP-72
Lab Project
Questions
Answers
Browser session to
https://10.10.1.102
Refresh
http://10.10.1.100
Refresh
https://10.10.1.100
Refresh (again)
https://10.10.1.100
BIG-IP LTM Essentials Web based Training Lab Guide 2009 F5 Networks, Inc.
Lab Project
LP-73
root and it should have access only to command line not the web GUI.
admin and it should initially have access only to the web GUI, but command line
access can be added
Node is IP Address only of a server where Pool Member typically contains both IP
Address and Port
A Pool is a group of Pool Members, and the Virtual Server is the client representation of
the application. Clients seldom know there are multiple Pool Members behind a Virtual.
Round Robin is the default load balancing mode but we can also use Ratio, Least
Connections, Fastest, Observed and Predictive.
F5 Networks continues to add new features to BIG-IP LTM including new load balancing
modes, so you might see more depending on what version you are running.
4. How are monitors created, and what can they be assigned to?
Just like other objects, they are created by selecting Monitors and clicking the create
button or the
Monitors also need to be assigned before they will be used. Monitors can be assigned to
all Nodes or an individual Node, or at the Pool level or to an individual Pool Member
5. If a particular node is in a node disabled condition, will any types of client requests still
be directed to that pool member?
Yes, client requests can still be directed to a disabled Node if there is still a persistent
session (i.e. within the timeout window)
On the other hand, if the Node is administratively Forced Offline rather than Disabled
then no more client requests will be sent until the Node is Enabled again.
6. What is the difference between the client SSL and server SSL Profiles?
The Client SSL Profile encrypts (https) network traffic between the client and BIG-IP.
The Server SSL Profile encrypts (https) network traffic between BIG-IP and the servers.
SNATs are used to fix or assist with routing issues. There are MANY ways a SNAT can
be used to resolve the many different types of routing issues, two are listed below.
o
BIG-IP LTM Essentials Web based Training Lab Guide 2009 F5 Networks, Inc.
LP-74
Lab Project
BIG-IP LTM Essentials Web based Training Lab Guide 2009 F5 Networks, Inc.
Appendix A
Appendix A:
F5 Networks the Company and its Products
As the pioneer in Application Delivery Networks, F5 continues to lead the industry by driving more
intelligence into the network to deliver advanced application agility. F5 products ensure the secure
and optimized delivery of applications to any user, using any device, anywhere in the world. Through
its flexible and cohesive architecture, F5 delivers unmatched value by improving the way
organizations serve their employees, customers and constituentswhile dramatically lowering
operational costs.
F5s application delivery network products provide:
Application Optimization
F5's architecture automatically assigns every application the right mix of availability,
security, and performance at the network level, further optimizing their performance.
Application Security
F5's architecture delivers the raw horsepower, based on tightly integrated security,
availability, scalability - all of which work together to deliver exceptional throughput and
transaction performance.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix A
F5 Products include:
BIG-IP Local Traffic Manager (LTM)
BIG-IP Global Traffic Manager (GTM)
BIG-IP Link Controller (LC)
BIG-IP Application Security Manager (ASM)
BIG-IP Access Policy Manager (APM)
BIG-IP WebAccelerator (WAM)
BIG-IP WAN Optimization (WOM)
Enterprise Manager (EM)
FirePass
ARX
BIG-IP Edge Gateway
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix A
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix A
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix A
FirePass
SSL VPN Remote Access
F5's FirePass Controller provides secure remote access to corporate applications and data via standard
Web browser technology. It enables companies to extend secure remote access to anyone connected
to the Internet using desktops, laptops, PDAs, kiosks and more - while eliminating the need for
complex IPSec VPNs. FirePass is the first SSL VPN solution with complete cross-platform support.
Extending its support for any IP application to Macintosh, PocketPC and Linux clients, in addition to
Windows, and expanding client and application security for Web, email and file application access,
FirePass supports access to Web hosts, terminal servers, client-server applications, legacy hosts,
mobile devices and Windows desktops, without pre-installed client software.
ARX
Intelligent File Virtualization
Information Lifecycle Management (ILM) holds tremendous promise for the enterprise, yet its
adoption has been slowed by factors such as proprietary vendor approaches, complexity and lack of
internal coordination. Increasingly enterprises are using intelligent file virtualization to create storage
tiers and to use those tiers more efficiently, without many of the drawbacks associated with traditional
ILM approaches. Intelligent file virtualization offers a simple, open approach to automated storage
tiering that can be deployed rapidly to provide a dramatic positive economic impact to enterprises.
iControl SDK
Software Development Kit
The iControl architecture and SDK provide an interface between third party solutions and F5's suite
of products. This interface creates the opportunity for application developers, ISV's, hardware
manufacturers, service providers, and others to add value to their solutions by allowing
direct communication with our suite to create a true application-aware network. For more
information, please visit http://devcentral.f5.com.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix A
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix B
B-1
F5 Customer Support
Network Support Center
F5 Technical Support is designed to remotely assist you with specific break-fix issues regarding
ongoing maintenance of your F5 products. All F5 products come with a one year manufacturer's
hardware warranty and 90 days of software media warranty. Technical support is limited to F5
products with active support contracts. Subscribers who require additional levels of support from our
support team may opt to upgrade to Premium Support, which includes 24 x 7 support.
Ask F5
Ask F5 is an online knowledgebase accessible 24x7 through our technical support website. Ask F5
gives you real-time access to in-depth product and technical support information, by providing a
simple, English language query-based search. Ask F5 provides unlimited access at no additional
charge for all F5 customers covered under an F5 annual service agreement.
DevCentral
DevCentral is a community of experienced F5 users who regularly post answers based on real-life
knowledge. To assist DevCentral members, F5 provides technical documentation, tips, access to free
sample downloads, and a confidential discussion forum for receiving answers to technical questions.
DevCentral is free of charge to our customers for building iRules and iControl applications, and the
forum is monitored by F5 engineers and experts who offer assistance on technical questions including
design, architecture, troubleshooting, and general assistance with building iRules and iControl
applications.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
B-2
Appendix B
F5 Networks Technical Support can help resolve problems more quickly when you provide a full
description of the problem and the details of your configuration. To help you gather all the required
information, use the following guidelines to prepare for opening a case.
General Information
Provide the following information when you open a case with F5 Networks Technical Support:
A full description of the problem, including the following:
Any changes you made to the system before the problem first occurred.
A description of the impact the problem is having on your site, using the following definitions:
General Assistance Required - The subject of the case does not currently
impact your network or application.
The hours that you are available to work on the problem and any alternative contacts that can work on
the problem if you are not available.
Remote access information, if possible.
Remote access to your network environment is important, because it is the most effective method for
collecting information and troubleshooting technical issues. If you cannot provide remote access, F5
Networks Technical Support will work directly with you to resolve the issue over the phone;
however, this method can often be more time consuming and may require file transfers, replication,
and additional testing.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix B
B-3
tech.out file
A tech.out file contains the configuration files that F5 Networks Technical Support most frequently
needs when troubleshooting a problem. A tech.out file is produced by the qkview utility and the terms
tech.out and qkview may be used interchangeably.
For more information about qkview, refer to SOL1858: Overview of the qkview utility.
Log files
The tech.out file contains the log files for the last day. If the problem has existed for more than a day,
provide all the log files on the system, by performing the following steps:
1. Log in to the command line.
2. Change directories to the /var/log directory, by typing the following command:
cd /var/log
3. Place all of the log files in a tar archive, by typing the following command:
tar -czpf /var/tmp/logfiles.tar.gz *
4. This command will create a tar archive named logfiles.tar.gz in the /var/tmp directory.
Packet traces
If the problem involves the network, perform a packet trace while the problem is occurring and
provide the packet trace when you open the case.
For more information about performing packet traces with tcpdump, refer to SOL2246: Performing a
packet trace and providing the results to F5 Networks Support.
UCS archive
If you cannot give F5 Support remote access to your system, you must provide a UCS archive of the
current configuration. For more information, refer to SOL2250: Overview of UCS archives.
Core files
Core files contain the contents of the system memory at the time a crash occurred. If the system has
been configured to save core files, they will be located in the /var/savecore directory. Provide any
existing core files when you open the case.
If the system is crashing and has not yet been configured to save core files, configure it so that a core
file will be saved the next time the crash occurs.
For more information, refer to the following Solutions:
For switch appliances: SOL2226: Saving core files on BIG-IP or 3-DNS Controllers that have limited
disk space
For server appliances and blade controllers: SOL266: Configuring the BIG-IP or 3-DNS Controller to
save a core dump
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
B-4
Appendix B
tcpdump
tcpdump is one of the main troubleshooting tools used by the F5 Networks Support group to
determine what is happening on a BIG-IP LTM System.
Type
Meaning
-i <interface>
Switch
-i <VLAN>
Switch
-e
Switch
-n
Switch
-X
Switch
-s <value>
Switch
-w <value>
Switch
-r <value>
Switch
host <ip>
Filter
<protocol>
Filter
port <port>
Filter
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix B
B-5
F5 Professional Services
F5 Professional Services executes on the company's paradigm of innovation by delivering a full-range
of consulting services, including planning, design, deployments, upgrades, migrations, optimization
and application verification to ensure a highly available, scalable and secure infrastructure.
Installation Services
An F5 professional Consultant will work to ensure your F5 product is installed and running as
efficiently as possible. Network topology, load balancing design review, application tuning and
product orientation are included in this service. Network performance tuning and comprehensive
product training are not included.
Optimization Services
F5 Consultants can help you leverage the true power of advanced product features such as
compression, caching, and traffic shaping. Network performance tuning and application tuning are
also offered to optimize your F5 deployment.
B-6
Appendix B
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix B
B-7
Pre-Installation Information
Objective:
Now having a better understanding of the BIG-IP LTM Software and how it works, this section
conveys additional information to consider during a BIG-IP LTM System installation. You will learn
the types of hardware and networking questions that need to be answered before an installation takes
place.
Servers
1. What type of hardware are your servers?
2. What OS are your servers?
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
B-8
Appendix B
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix B
B-9
Pre-Installation Checklist
Follow the steps below to ensure proper installation of your BIG-IP LTM System.
1.
Provide 3 real internet addresses for a redundant BIG-IP LTM System configuration.
2.
Provide a real internet address for each virtual IP address (VIP) or NAT.
3.
Provide 3 internal IP addresses (e.g. 10.x.x.x, RFC 1918 etc.) [redundant BIG-IP LTM System
configuration].
4.
5.
6.
7.
Provide access to the existing production content server(s), or an alternate content server.
8.
Provide a monitor, keyboard and the appropriate power outlet for the monitor.
9.
Provide one 110/220 power outlet for each BIG-IP LTM System unit.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
B-10
Appendix B
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix B
B-11
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
B-12
Appendix B
To activate the license for the system, you must have a base registration key. The base registration
key is a 27-character string that lets the license server know which F5 products you are entitled to
license. The base registration key is preinstalled on your system. If the system is not yet licensed, the
Configuration utility prompts you to enter the base registration key. You enter keys for additional
modules using settings in the Add-On Registration Key List area of the License screen.
4. Install version 10 on the slot that is not currently active. See following steps.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix B
B-13
Example
--instslot=HD1.1
--hotfix
--nosaveconfig
--hotfix
--nosaveconfig
--nvlicenseok
--nvlicenseok
--setdefault
--setdefault
--reboot
--reboot
--format=volumes
--format=partitions
Description
Where to install the software. The slot
cannot be the currently active slot.
Version 9 does not support volumes.
Once the system is converted to volumes,
more than 2 images can be installed
simultaneously.
Used when the installation is a hotfix.
Whether to save and restore the current
configuration.
Allow installation even if the license is not
valid. Note that the installation will not
function until a valid license is obtained.
Change the default boot slot to the newly
installed image
Reboot after installation.
Assuming the system is currently booted to the image on slot HD1.1, the following command, run
from the /shared/images directory, would install a clean image of version 10 on slot 1.2, change the
default boot location to the new image, and reboot the system after installation.
image2disk --instslot=HD1.2 --nosaveconfig --setdefault -reboot BIGIP-10.0.0.5401.0.iso
Assuming the system is currently booted to the image on slot HD1.1, the following command, run
from the /shared/images directory, would install a hotfix on the image in slot HD1.2, but leave the
current slot active.
image2disk --instslot=HD1.2 --hotfix Hotfix-BIGIP-10.0.05460.HF1.iso
After any upgrade, you can confirm the installed versions by issuing the switchboot command.
Switchboot displays the version that is installed on each slot, shows which is the current default boot
slot, and allows you to change the default boot slot. The output shown below is of a system with
version 9.4.5 on slot 1.1 and version 10 with hotfix 1 on slot 1.2. Slot 1.1 is currently set as the
default boot slot.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
B-14
Appendix B
The screen above shows the version of the current installations, the default boot image, and the
available images to install. The Import button would allow you to copy additional images from your
PC to the BIG-IP system.
The Hotfix List tab shows the list of Hotfixes on the system.
The Boot Locations tab shows the current default boot image but also allows you to change it.
The Volume Management tab shows the list of partitions or volumes (version 10 only). Once the
system is converted to volumes, additional volumes can be created.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix B
B-15
--instslot=HD1.x
--nosaveconfig
<filename>
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
B-16
Appendix B
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix C
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix C
ARCHITECTING BIG-IP IN AN APPLICATION DELIVERY NETWORK (Prereq: LTM Adv Topics)
This two-day course gives networking professionals an understanding of how to architect and
design BIG-IP devices into an application delivery network. The course builds on the foundation
of the BIG-IP Local Traffic Manager (LTM) Essentials and Advanced Topics courses,
demonstrating the next steps for implementing BIG-IP in a way that effectively delivers your
client applications. The labs for the course involve design exercises and group discussions. Based
on the knowledge gained in other BIG-IP LTM courses, you will work with other students to build
network designs that incorporate BIG-IP LTM to accomplish customer goals. The course will
cover many network design options, as well as best practices for given customer scenarios. The
course will also explore other design options available using BIG-IP Global Traffic Manager,
BIG-IP Link Controller, BIG-IP Application Security Manager, BIG-IP Message Security
Module, and BIG-IP WebAccelerator.
BIG-IP ACCESS POLICY MANAGER (APM) (Prerequisite: None)
This two and -day course provides security and network professionals with a functional
understanding of the BIG-IP Access Policy Manager (APM). The course includes installation,
configuration, management and troubleshooting on a BIG-IP APM. Students will build many
different Access Policies representing different customer scenarios using the Visual Policy Editor.
This hands-on course includes lectures, labs, and discussions.
BIG-IP WEBACCELERATOR (WAM) (Prerequisite: None)
This one day course is designed to help network professionals improve web site customer
experience using the WebAccelerator product. The course focuses on typical HTTP processes and
how the WebAccelerator Module can take advantage of those processes to decrease response time
while ensuring data accuracy and integrity. Using lectures and hands-on exercises, participants
gain real-time experience configuring WebAccelerator settings including editing standard policies
to affect how the traffic is manipulated as it is processed by the system.
BIG-IP WAN OPTIMIZATION (WOM) (Prerequisite: None)
This half day course is designed to help network professionals improve the performance of WAN
connections between Data Centers or Central and Remote Offices using the WAN Optimization
product. Using lectures and hands-on exercises, participants gain real-time experience configuring
WAN Optimization Module settings. In addition, students will edit the Quick Start template and
optimization policies to effect how the traffic is optimized as it is processed by the system.
BIG-IP LINK CONTROLLER (LC) (Prerequisite: None)
BIG-IP Link Controller is a two-day course that provides network professionals an understanding
of how to define, monitor, and load balance bi-directional traffic flow between multiple links to
meet business performance and cost priorities. Participants will gain knowledge of essential BIGIP LC features such as virtual servers, pools, monitors and SNATs along with BIG-IP GTM
features such as DNS, WideIPs, and Listeners and how these integrate into the Link Controller
System. This hands-on course includes lectures, labs and discussions.
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix C
CONFIGURING & ADMINISTERING ARX (Prerequisite: None)
This three-day course is designed to help students learn about the architecture, configuration,
administration and basic troubleshooting of the ARX product family. Students will learn to prequalify storage to be virtualized, design namespaces for CIFS, NFS or multiprotocol
environments, configure file, age, and load balancing, etc. This hands-on course includes lectures,
labs, and discussions.
TROUBLESHOOTING & MONITORING ARX (Prerequisite: Configuring and Administering ARX)
This two-day course provides students with a solid understanding of monitoring and
troubleshooting techniques for the ARX product family using the CLI and ARX Manager (GUI).
Students will learn to upgrade, monitor and troubleshoot namespaces, policies and authentication
in CIFS, NFS or multiprotocol environments with an emphasis on both problem determination and
avoidance. Students will also learn how to collect diagnostic information and packet captures that
will be useful when escalating issues to the F5 Support team. This hands-on course includes
lectures, labs, and discussions.
FIREPASS V6.X (Prerequisite: None)
This three-day course provides security and network professionals with a functional understanding
of the FirePass Controller. The course includes installation, configuration, management and
troubleshooting on a FirePass system. Lectures, demonstrations, hands-on labs and discussions
will be incorporated.
For more details about course offerings, pricing, schedules, and registration, see the following web
site: http://www.f5.com/training-support/global-training/
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.
Appendix C
BIG-IP LTM Essentials Web based Training Lab Guide 2010 F5 Networks, Inc.