F5 GTM Specialist Certification Resource Guide: Purpose of This Document

F5 GTM Specialist Certification Resource Guide
Purpose of this document

This document outlines topic areas covered on the F5 GTM Specialists Certification Exam and
resources available to help prepare test takers.
References
(Ref:1) Kozierok, Charles M. 2005. The TCP/IP Guide. No Starch Press, Inc. San Francisco,
CA. 94103. ISBN 1-59327-047-X
(Ref:2) Liu, Cricket and Albitz, Paul. 2006. DNS and BIND, Fifth Edition. O’Reilly Media, Inc.
Sebastopol, CA. 95472. ISBN 978-0-596-10057-5
Manual: BIG-IP Global Traffic Manager: Implementations
http://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-implementations-11-3-
0.html?sr=28646530
Manual: BIG-IP Global Traffic Manager: Concepts
http://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-concepts-11-3-0.html
Manual: Traffic Management Shell (tmsh) Reference Guide version 11.3.0 (MAN-0306-04)
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-tmsh-11-3-
0.html?sr=28675254
Configuring BIG-IP GTM v11 Global Traffic Manager. March 2013 v11.3.0. Edition. F5 Networks
Training Course. (Configuring GTM: Module X)
Section 1, Concepts
1.01 Identify resource record types and their purpose including DNSSEC record
types.
Example: Identify resource record types and their purpose.
Example: Identify DNSSEC purpose and GTM implementation
• Ref: 1, p. 892, Record Types.
• http://en.wikipedia.org/wiki/List_of_DNS_record_types
• Manual Chapter: BIG-IP DNS Services: Implementations> Configuring DNSSEC
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-dns-services-
implementations-11-3-0/2.html?sr=28642034
• Manual Chapter 10: BIG-IP Global Traffic Manager: Concepts> DNSSEC Keys and Zones
http://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-concepts-11-2-
0/gtm_dnssec.html?sr=28642034
• SOL9113: BIG-IP GTM support for Domain Name System Security Extensions
http://support.f5.com/kb/en-us/solutions/public/9000/100/sol9113.html?sr=29317825
• SOL7058: BIG-IP GTM ZoneRunner character support for DNS Resource Records
© 2013 F5 Networks, Inc.

2 F5 GTM Specialists Resource Guide
• SOL12981: Providing the DNSSEC DS record to the parent domain

• Configuring GTM: Module Advanced Topics
1.02 Identify the different zone types and their purpose

Example:Identify the different types of zones (Master, Slaves, Hint, Root,
Stub)
• Ref: 1, P. 883. DNS Zones.
• Manual: BIG-IP Global Traffic Manager:Concepts ZoneRunner
0/gtm_zfd.html?sr=29318989
• Configuring GTM: Module DNS Overview
1.03 Explain the purpose of tools and when to use them

Example: Explain the purpose of tools and when to use them, specifically
nslookup, dig, named-checkzone, rndc.
• nslookup: Using NSlookup.exe
http://support.microsoft.com/kb/200525
• Dig for Windows
http://members.shaw.ca/nicholas.fong/dig/
• named-checkzone
http://linux.die.net/man/8/named-checkzone
• named-checkzone checks the syntax and integrity of a zone file. It performs the same
checks as named does when loading a zone. This makes named-checkzone useful for
checking zone files before configuring them into a name server.
• named-compilezone is similar to named-checkzone, but it always dumps the zone contents
to a specified file in a specified format. Additionally, it applies stricter check levels by default,
since the dump output will be used as an actual zone file loaded by named. When manually
specified otherwise, the check levels must at least be as strict as those specified in the
named configuration file.
• rndc
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html
• rndc
• BIND includes a utility called rndc which allows command line administration of the named
daemon from the localhost or a remote host.
• http://linux.die.net/man/8/rndc
• rndc controls the operation of a name server. It supersedes the ndc utility that was provided
in old BIND releases. If rndc is invoked with no command line options or arguments, it prints
a short summary of the supported commands and the available options and their
arguments.

F5 GTM Specialists Resource Guide 3
• rndc communicates with the name server over a TCP connection, sending commands
authenticated with digital signatures. In the current versions of rndc and named, the only
supported authentication algorithm is HMAC-MD5, which uses a shared secret on each end
of the connection. This provides TSIG-style authentication for the command request and the
name server's response. All commands sent over the channel must be signed by a key_id
known to the server.
• rndc reads a configuration file to determine how to contact the name server and decide what
algorithm and key it should use.
• SOL 5739: Manually editing zone files while using ZoneRunner
1.04 Explain the dataflow of the DNS query process [iterative, recursive, lame
delegation, host file, and resolvers].
Example: Explain recursive versus iterative
• Ref: 1, pp. 909-923.
• SOL 7055: Enabling DNS recursion on the BIG-IP GTM system
• rfc 4697: Observed DNS Resolution Misbehavior
http://tools.ietf.org/html/rfc4697
1.05 Distinguish IPv4 versus IPv6 query including differentiating IPv4/6

transport versus IPv4/6 query type and extrapolating when different query
types will be used on different transports
Example: Explain the difference between IPv6 and IPv4 data transport
Example: Explain the difference between IPv6 record and IPv6 data
transport
• Ref: 1, pp. 948-950.
• rfc 3901 : DNS IPv6 Transport Operational Guidelines
• rfc 3596 : DNS Extensions to Support IP Version 6
• Manual: BIG-IP DNS Services: Implementations: Configuring DNS64

1.06 Given a DNS hierarchical diagram determine what source IP the GTM will
receive the query from.
1.07 Identify DNS security concepts and their purpose [DDOS, DNSSEC,
AnyCast, DNSFirewall, site validation, iRules, and impacts of floating self-
IP versus non-floating self-IP listener]
• Manual Chapter: About System DoS and DDoS Attacks
http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/bigip-dns-dos-firewall-
• Manual Chapter: BIG-IP DNS Services: Implementations.
implementations-11-3-0.html?sr=28705021
• DNSSEC - Security extension encompassing a suite of IETF specifications securing certain
kinds of information provided by DNS.
• AnyCast - Not unique to DNS, actually a networking concept implemented by using BGP.
Not really a security concept as much as a way to distribute service over multiple servers
over a geographic area. DDoS actually uses this concept.
• DNSFirewall - A firewall specific to monitoring DNS traffic/requests.
• Site validation - useful in ensuring valid information from known systems through the use of
digitally signed answers. Part of the specifications of DNSSEC.
• iRules - Open ended. iRules can be used to direct and handle traffic to preventing traffic
based on specific requirements.
• floating/non-floating self-IP listener
1.08 Describe data center, server/virtual server, and object monitoring including
explanation of resulting object statuses [prober pools, BigIP and generic
server objects, monitors, etc.].
Example: Identify the purpose and uses of prober pools
• Manual: BIG-IP Global Traffic Manager: Concepts
0.html
• SOL 8170: Overview of BIG-IP GTM monitor timers
http://support.f5.com/kb/en-
us/search.res.html?q=sol8170&filter=p&requiredfields=lifecycle:release
• Configuring GTM: Module LDNS Probes and Metrics
• Configuring GTM: Module Monitors

1.09 Define the GTM load balancing methods and when to use them [dynamic,
static].
0.html
• Configuring GTM: Module Load Balancing
1.10 Identify applicable iRules events including application to WideIP versus

Listener.
Example: Identify the purpose and use of Wide IP.
Example: Identify LTM iRule events versus GTM iRule events (Apply to
WideIP vs Listener).
• Manual Chapter: BIG-IP Global Traffic Manager: iRules:
0/gtm_irules.html?sr=28644562
• Configuring GTM: Module Accelerated DNS Resolutions (Listeners and Wide-IP)
• Configuring GTM: Module Advanced Topics (GTM iRules)
1.11 Identify the purpose of GTM tools and when to use them [checkcert,
iqdump, etc.].
• Checkcert Utility
• SOL 7574: Monitoring SSL certificate expiration on the BIG-IP system
• SOL 12420: The checkcert utility sends debug logs to the remote syslog server
• iqdump
• SOL 8187: Troubleshooting BIG-IP device certificates
0.html
• SOL 14106 - Troubleshooting virtual server and link auto-discovery (11.x)
• SOL 13312 - Overview of the BIG-IP GTM big3d_install, bigip_add, and gtm_add utilities
(11.x)
• SOL 13690 - Troubleshooting BIG-IP GTM synchronization and iQuery connections (11.x)
• Configuring GTM: Module Intelligent DNS Resolutions

1.12 Explain how zone transfers work [multi master, master/slave, DNSExpress,
incremental/full, updates (notify/expire)].
0.html
• Ref: 1, pp. 896-898.
• Configuring GTM: Module Accelerated DNS Resolutions
1.13 Given a scenario determine the impact of a custom DNS profile for various
types of queries, determine what response will be given and where it will
come from.
Example: Explain all of the features that can be enabled in a DNS profile
(DNS cache, unhandled query, DNS Express, enable GTM, enable bind)
• Manual Chapter: Other Application-Layer Profiles: DNS Profiles
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-concepts-11-3-
0/ltm_other_services_profiles.html?sr=28644390#1215229
• Configuring GTM: Module Accelerated DNS Resolutions
1.14 Given a scenario with a specific query source IP address and various pool
and Wide IP loading balancing methods and topology rules/regions
determine the response that will be given.
0.html
• SOL 13412 - Overview of BIG-IP GTM Topology records (11.x)
1.15 Explain sync group/iQuery purpose, configuration and basic requirements.

Example: Explain how iQuery is used in sync groups and LTM monitoring
0.html
• SOL 13690: Troubleshooting BIG-IP GTM synchronization and iQuery connections (11.x)
• SOL 13734 - BIG-IP GTM synchronization group requirements

• SOL 14106: Troubleshooting virtual server and link auto-discovery (11.x)

• SOL 13946: Troubleshooting ConfigSync and device clustering (11.x)
1.16 Explain the networking requirements of placing devices within a GTM data
center object
Example: Explain and identify GTM objects (Data center, link, server, virtual
server, prober pool, pool, wideIP)
• Manual Chapter: BIG-IP DNS Services: Implementations
implementations-11-3-0.html
Section 2, Deployment
2.01 Explain when to configure translation addresses for local data center
connectivity.
0.html
• SOL 7820: Overview of SNAT features
2.02 Explain how to configure GTM sync groups and iQuery.

• http://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-implementations-
11-3-0.html?sr=28646530
2.03 Given a set of requirements select the appropriate load balancing methods
[ex. wide IP level, pool level, different types and combinations].
Example: Given a scenario determine the load balancing decision based on
virtual server status and configure load balancing (single pool versus
multiple pools, effect of secondary and fallback mechanisms in the first
pool, effect of topology and topology records at the Wide IP level versus
pool level, iRule effects)
0.html

2.04 Explain how to configure GTM to return non-wide IP supported records [ex.
MX, SRV, TXT records, etc.].
Example: Determine when to use ZoneRunner to manage DNS records on
GTM.
• Manual: BIG-IP Global Traffic Manager: Concepts: ZoneRunner
0.html
• Configuring GTM: Modules Accelerated DNS Resolutions, Intelligent DNS Resolutions, and
Bind and ZoneRunner
• SOL 6963: Managing the BIG-IP BIND configuration file
• SOL 7176: F5 support for ZoneRunner, BIND, and the named process
2.05 Given a scenario select the appropriate deployment type: screening mode,
DNS delegation, caching resolver, and DNS 6 to 4.
0.html
• Manual: BIG-IP DNS Cache: Implementations
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-dns-cache-
• Manual: BIG-IP DNS Services: Implementations
• SOL 277: Delegating a subdomain to a BIG-IP GTM or Link Controller system from another
DNS server (9.x - 11.x)
• Configuring GTM: Module Accelerated DNS Resolutions, Intelligent DNS Resolutions, and
Advanced Topics
2.06 Given a scenario of specific virtual server status, pool and Wide IP load
balancing settings determine the answer returned [Single pool versus
multiple pools, effect of secondary and fall-back mechanisms in the first
pool, effect of topology and topology records at the Wide IP level versus
pool level, and iRule effects].


0.html
• Configuring GTM: Module Intelligent DNS Resolutions, Load Balancing, and Configuration
Project
2.07 Given a set of topology requirements configure a deployment using user

defined topology prefixes.
Example: Given these topology regions and these rules with load balancing
configured as such, what would be the response provided.
Example: What is the effect of weighting on topology records
• Manual: BIG-IP Global Traffic Manager: Concepts: Topology Load Balancing
0.html
2.08 Given a scenario configure a deployment using auto-discovery [behavior of

delete versus no-delete with auto-discovery, compatibility with translation,
and route domains].
• Manual: BIG-IP Global Traffic Manager: Implementations
http://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-implementations-
11-3-0.html?sr=28646530
• SOL 13994 - Configuring virtual server and link auto-discovery (11.x)
2.09 Explain the necessary steps and tools to add a new LTM to a sync group.
Example: Understand the minimal object requirements to get a sync group
up
Example: Explain how to add LTM to a sync group and on which host do
you run bigip_add.
11-3-0.html?sr=28646530
• SOL13734 - BIG-IP GTM synchronization group requirements
http://support.f5.com/kb/en-us/solutions/public/13000/700/sol13734.html

(11.x)
• Configuring GTM: Module Intelligent DNS Resolutions and Advanced Topics
2.10 Explain the necessary steps and tools to add a new GTM to an existing
sync group.
Example: Describe how to add GTM to an existing deployment (add GTM to
the data center, which direction to run gtm_add, how to use gtm_add)
11-3-0.html?sr=28646530
• SOL13734 - BIG-IP GTM synchronization group requirements
(11.x)
• sol14044: Removing and re-adding a BIG-IP GTM system to an existing GTM
synchronization group
• Configuring GTM: Module Accelerated DNS Resolutions, Intelligent DNS Resolutions, and
Advanced Topics
2.11 Explain how to troubleshoot and verify sync group mesh.

11-3-0.html?sr=28646530
• sol13690: Troubleshooting BIG-IP GTM synchronization and iQuery connections (11.x)
2.12 Explain the use of device certificates in iQuery [SSL components,

expiration, 3rd party certs].
Example: Explain the implications of device certificate expiration
11-3-0.html?sr=28646530
• sol10381: Expired device certificates result in failed database synchronization
• sol14318: Monitoring the expiration of SSL certificates using the tmsh utility

• SOL 7754: Renewing self-signed device certificates

2.13 Explain how to verify listener responses.

Example: Including static versus intelligent, TTLs, number of answer
records, stats in the profile, logging, and tcpdump
11-3-0.html?sr=28646530
• Configuring GTM: Module Accelerated DNS Resolutions and Configuration Project
2.14 Explain how to verify that DNSSEC is working.

Example: Including records getting signed, authoritative bit set, sig files in
correct location.
• Manual: BIG-IP Global Traffic Manager: Implementations: Overview: Authenticating with
SSL certificates signed by a third party
11-3-0.html?sr=28646530
• SOL 13204: Deploying BIG-IP GTM for DNSSEC
2.15 Given a scenario, explain how to validate system health for proper
operation.
• Manual: BIG-IP iHealth User Guide
http://support.f5.com/kb/en-us/products/big-
ip_ltm/manuals/related/bigip_ihealth_user_guide.html?sr=28677802
• SOL 13397: Overview of HTTP health monitor request formatting for the BIG-IP GTM
system
• Manual Chapter: Health and Performance Monitoring Statistics
http://support.f5.com/kb/en-us/products/em/manuals/product/em-health-activity-monitoring-
3-1-0/5.html?sr=28677770
• Configuring GTM: Module Monitors, Logs and Notification, and Advanced Topics

Section 3: Operations and Troubleshooting
3.01 Given a scenario determine the impact of software updates in a group on

monitoring and configuration state
• SOL 10449: Upgrading the software version or applying a hotfix to BIG-IP GTM
• Configuring GTM: Module Appendix A: Installation
• See specific product version release notes.
3.02 Given a scenario determine what is the effect of changing the features
enabled in a DNS profile.
Example: Including enabling/disabling recursion, protocol, unhandled
query behavior, and making sure BIND is not enabled in the profile or in the
GTM pools, etc.
• Manual Chapter: Other Application-Layer Profiles: DNS Profiles
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-concepts-11-3-
0/ltm_other_services_profiles.html?sr=28644390#1215229
• SOL 7055: Enabling DNS recursion on the BIG-IP GTM system
3.03 Explain how to renew device certificates and update them in the sync
group.
• SOL 6353: Updating an SSL device certificate on a BIG-IP GTM or BIG-IP Link Controller
system
• SOL 13946: Troubleshooting ConfigSync and device clustering (11.x)
• SOL 13734 - BIG-IP GTM synchronization group requirements
• SOL 13649 - Creating a device group using the Configuration utility
• SOL 13639 - Creating a device group using the Traffic Management Shell
• SOL 7754: Renewing self-signed device certificates

3.04 Explain the impact of restoring a UCS on a GTM.

Example: Including how to restore a GTM after an RMA and the effect on
zone files.
• SOL 4423: Overview of UCS archives
• SOL 4422: Viewing and modifying the files that are configured for inclusion in a UCS archive
• SOL 13542: Restoring DNSSEC configuration data to a GTM RMA unit
• SOL 14083: Preventing synchronization when installing a UCS archive on a BIG-IP GTM
system
• SOL 12679: Change in Behavior: The gtmparse utility now updates the timestamp of the
wideip.conf file before reloading the configuration from disk or UCS archive
3.05 Explain the importance of running compatible versions of big3d on the LTM
and GTM.
Example: Explain how to update big3d on LTM (big3d_install) and what
concerns might be when EM is also updating GTM
• SOL 13703: Overview of big3d version management
• Supplemental Document: Updating the big3d Agent Manually
http://support.f5.com/kb/en-us/products/monitoring_pack/releasenotes/related/relnote-
f5mpk-updating-big3d-manually.html?sr=28675754
• SOL 9742: Enterprise Manager may need to install a new big3d data collection agent on
managed devices
• Manual Chapter: big3d Agent
0/gtm_big3d.html?sr=28675754
• Example: Explain how to update big3d on LTM (big3d_install) and what concerns might be
when EM is also updating GTM
• SOL14304: BIG-IP GTM sync group members running big3d 11.3.0 may experience iQuery
communication issues with systems running previous versions of big3d
• BIG-IP Global Traffic Manager: Concepts: Communications Between BIG-IP GTM and Other
Systems
0/2.html?sr=29356957

3.06 Explain how to properly add/remove device from iQuery mesh.

• SOL 9837: An incomplete iQuery mesh across a sync group may result in inconsistent
responses or configuration loss
(11.x)
3.07 Explain the effect of adding a resource record without using ZoneRunner.
Example: Explain how to maintain zones via ZoneRunner, including moves,
adds, and deletions
0.html
• SOL 7176: F5 support for ZoneRunner, BIND, and the named process
• Configuring GTM: Module Appendix C: BIND and ZoneRunner
3.08 Explain the effects and implications of securing/hardening with respect to

normal operation, iQuery and resolution.
Example: Including port lockdown, packet filters, iQuery, SSH, effects of
appliance mode on LTM, bridge GTM, and the limitations of not having
advanced shell access to GTM
• SOL 13092: Overview of securing access to the BIG-IP system
• SOL 13250: Overview of port lockdown behavior (10.x - 11.x)
• Manual Chapter: Configuring Packet Filtering
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-
11-1-0/14.html?sr=28677714
• Manual: Traffic Management Shell (tmsh) Reference Guide
0.html?sr=28705185

3.09 Identify GTM specific command line tools and TMSH GTM specific
commands.
Example: Show a GTM iQuery.
• Manual: Traffic Management Shell (tmsh) Reference Guide version 11.3.0 (MAN-0306-04)
0.html?sr=28675254
• SOL 14106 - Troubleshooting virtual server and link auto-discovery (11.x)
3.10 Given a scenario determine what information needs to be provided when

making a support call.
• SOL 135: Information required when opening a support case for BIG-IP systems
• SOL 2633: Instructions for submitting a support case to F5

F5 GTM Specialist Certification Resource Guide: Purpose of This Document

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

F5 GTM Specialist Certification Resource Guide: Purpose of This Document

Caricato da

Copyright:

Formati disponibili

F5 GTM Specialist Certification Resource Guide

Purpose of this document

© 2013 F5 Networks, Inc.

• SOL12981: Providing the DNSSEC DS record to the parent domain

1.02 Identify the different zone types and their purpose

1.03 Explain the purpose of tools and when to use them

© 2013 F5 Networks, Inc.

1.05 Distinguish IPv4 versus IPv6 query including differentiating IPv4/6

© 2013 F5 Networks, Inc.

© 2013 F5 Networks, Inc.

1.10 Identify applicable iRules events including application to WideIP versus

© 2013 F5 Networks, Inc.

1.15 Explain sync group/iQuery purpose, configuration and basic requirements.

© 2013 F5 Networks, Inc.

• SOL 14106: Troubleshooting virtual server and link auto-discovery (11.x)

2.02 Explain how to configure GTM sync groups and iQuery.

© 2013 F5 Networks, Inc.

• Configuring GTM: Module Load Balancing

© 2013 F5 Networks, Inc.

• Manual: BIG-IP Global Traffic Manager: Concepts

2.07 Given a set of topology requirements configure a deployment using user

2.08 Given a scenario configure a deployment using auto-discovery [behavior of

© 2013 F5 Networks, Inc.

2.11 Explain how to troubleshoot and verify sync group mesh.

2.12 Explain the use of device certificates in iQuery [SSL components,

© 2013 F5 Networks, Inc.

• SOL 7754: Renewing self-signed device certificates

2.13 Explain how to verify listener responses.

2.14 Explain how to verify that DNSSEC is working.

© 2013 F5 Networks, Inc.

Section 3: Operations and Troubleshooting

3.01 Given a scenario determine the impact of software updates in a group on

© 2013 F5 Networks, Inc.

3.04 Explain the impact of restoring a UCS on a GTM.

© 2013 F5 Networks, Inc.

3.06 Explain how to properly add/remove device from iQuery mesh.

3.08 Explain the effects and implications of securing/hardening with respect to

© 2013 F5 Networks, Inc.

3.10 Given a scenario determine what information needs to be provided when

© 2013 F5 Networks, Inc.

Potrebbero piacerti anche