Академический Документы
Профессиональный Документы
Культура Документы
F5 LTM Training
Topic Section Time
Day 1
Introduction • Introduction 4.00 – 4.20
• Types of SLB pm
• Is load Balancing different from Clustering
• LB Vendor Comparison
• F5 Solutions
• F5 Solution. Cont.
INTRODUCTION
INTRODUCTION
Load Balancer, as the name suggests is a tool which balances
load. Since we are dealing with networks, it basically does
“Network Load Balancing”. Now, if I had to define “Load
Balancing”, I would preferably do it as, “Load balancing
(performed by a load balancer) is a type of service performed by a
tool that assigns work loads to a set of servers in such a manner that
the computing resources are used in an optimal manner”. This
optimal manner may be any thing and it is configurable.
Load balancers are used to increase capacity (concurrent
users) and reliability of applications.
Types of SLB
Load balancers are generally grouped into two
categories:
Application security
Application Optimization
Application Availability
F5 Solution
MODULE - 2
BIG-IP 6900
2 x Quad core CPU
16 10/100/1000 + 8x 1GB SFP
2x 320 GB HD (S/W RAID) + 8GB CF
16 GB memory
SSL @ 58K TPS / 9.6Gb bulk
6 Gbps max hardware compression
12 Gbps Traffic
BIG-IP 3600 2 x Dual core CPU
16 10/100/1000 + 8x 1GB SFP Multiple Product Modules
2x 320 GB HD (S/W RAID) + 8GB CF
8 GB memory
SSL @ 25K TPS / 4 Gb bulk
BIG-IP 1600 Dual core CPU
5 Gbps max hardware compression
6 Gbps Traffic
8 10/100/1000 + 2x 1GB SFP
1x 160 GB HD + 8GB CF
Multiple Product Modules
4 GB memory
SSL @ 10K TPS / 2 Gb bulk
1 Gbps max software compression
Dual core CPU
4 10/100/1000 + 2x 1GB SFP 2 Gbps Traffic
1x 160GB HD 1 Advanced Product Module
4 GB memory
SSL @ 5K TPS / 1 Gb Bulk
1 Gbps max software compression
1 Gbps Traffic
1 Basic Product Module
Function / Performance
› Exploring Big-IP Hardware
› Inside view of 3600 BIG-IP
Lights Out Management
-Two operating systems
-TMM for primary use
-AOM/SCCP for lights
Out management
-Always on Management
-Switch card control processing
› BIG-IP LTM Software
MODULE 2
Initial Setup
SSH Client
-username:- root
-Password:-default
/config/bigip_base.conf
-Holds all information relevant to the basic
elements of the BigIP
Like: management IP, vlans, routes few more things
/etc/hosts.allow
-hosts which are allowed to use the local INET
services.
Such as services are SSH, snmp for the snmp devices
/config/BigDB.dat
-bigdb database holds a set of bigdb configuration
keys
-Keys define the behaviours of various aspects of the
BIG-IP system
LTM OBJECTS
Local traffic objects
The most basic objects in Local Traffic Manager that you must
configure for local traffic management are:
Virtual Server:
These acts like a virtual server with an Virtual IP, as the name
suggests, this IP is not real and this is the IP on which client sends
their requests. These servers receive the request from a client and
then forward it directly to a “pool” or to a “I-Rule” which in turn
forwards to a pool
Pools:
This is a collection of Nodes (Actual Servers/ Computers), It may
have 1 to N number of real nodes
Local traffic objects
Nodes:
These are nothing but the actual IP address of the real servers
which actually have to service the requests.
Health Monitors:
Health Monitors are normally Keep a lives which are sent to
the nodes in order to determine that they are healthy and can
process data. For Example, A web server should accept
connections at port 80, if it doesn’t then it is probably down
and cannot service the requests, we have different type of
health monitors and these are determined by the server we are
using and the port we want to connect.
MODULE 4
Traffic Processing
Pools , Members & Nodes
Virtual Server
-Big-IP is default deny device, so listener (virtual) is must
-Virtual server glues everything together
-Typically virtual are associated with pool
-Before virtual server can load balance it should mapped to pool
-Big-IP translate the destination ip address from virtual server to
actual server
-Client see the pool servers as single server, hence the term Virtual
Server
Asymetric Routing Problem
Full Proxy Architecture
-It is basically Ratio load balancing but with Ratio assigned by Big-
IP
-Servers with connections lower than average will given ratio of 3
-Servers with connections higher than average will given ratio of 2
#b pool lab_Pool { lb method member observed }
Observed
>Connections status
-server B & C with Ratio 3
-Servers A & D with Ration 2
Predictive
-Predictive method is similar to Observed, but assigns more
aggressive value
#b pool lab_Pool { lb method member predictive }
Predictive
>Connections status
-server A & C with Ratio 1
-Servers B & D with Ration 4
Pool Member vs. Node
Load Balancing by:
>Node
-Total service for one IP Address
-Take all transactions for the IP address into account
#b node <ip_addr> { ratio <no.>/ session <enable/disable>}
>Pool Member
-IP Address & Service
-Take the decision based transactions happening on
the service port.
Priority Group Activation
Monitor
Monitor Functionality
Monitor Types
Configuring Monitor
Assigning Monitor
Status
Intro to monitor
Big-IP system can monitor the health of nodes &
member
Step 3: Customize
Step 4: Assign
- to pool/node/pool member
Step 5: Status
Types of monitoring
Address Check
-IP address –node
Service Check
-IP:port
Content Check
-IP:port & check data returned
Interactive Check
-Interactive with servers
-Multiple commands and multiple response
Address Check
Example
System Custom
Profile
Profile Concept
Profile Configuration
Profile Concept
Contain settings that instruct how to pass the traffic
through virtual server
FTP
Profile Dependencies
Persistence Profiles
-cookie, dest_addr, source_addr, hash….
Protocol Profiles
-tcp, udp, fastL4…
SSl Profiles
-client, server
Authentications Profiles
-RADIUS servers, CRLDP servers…
Other Profiles
-OneConnect, NTLM, stream
Profile Configuration Concepts
Custom Profiles
-Stored in /config/bigip.conf
-Created from default profile
-Dynamic child & parent relationship
Services Profiles
Parent HTTP profiles Custom HTTP profile
profile http http {
basic auth realm none
oneconnect transformations enable
#b profile http pan_http_profile ‘{
compress disable defaults from http_master
compress uri include none header insert "X-SSL: True"
compress uri exclude none fallback "http://foo.com/f.asp?u=[HTTP::host]"
compress prefer gzip
}’
compress min size 1024
compress buffer size 4096
compress vary header enable #b profile http help ---for more option
.
.
.
ramcache max age 3600
ramcache min object size 500
ramcache max object size 50000
ramcache uri exclude none
ramcache uri include none
ramcache uri pinned none
ramcache ignore client cache control all
ramcache aging rate 9
ramcache insert age header enable
}
MODULE 8
Persistence
Persistence profile
Source Address Persistence
Cookie Persistence
Concept
What is the need of Persistence ?
Custom Profile
#b profile persist pan_cookie { mode cookie cookie mode rewrite cookie name paa }
Parent Profile:
profile persist cookie {
mode cookie
mirror disable
timeout immediate
cookie mode insert
cookie name none
cookie expiration 0d 00:00:00
cookie hash offset 0
cookie hash length 0
rule none
}
MODULE 9
Bi-directional traffic
Dedicated IP Address
Virtual
Virtual
Forwarding (Layer 2)
Generally used when LTM is configured in a bridge mode (VLAN Groups)
Essentially just forwards packets at Layer 2
Forwarding (IP)
Used when LTM needs to forward or route packets
Can either just route them based on it’s IP routing table of load balance
multiple routers/firewalls etc
Performance (HTTP)
Used for very simple, very fast HTTP load balancing
Loose a number of features (see next slide)
Performance (Layer 4)
Used for general purpose fast load balancing of packets using the PVA ASIC
Loose a number of features depending on PVA Acceleration mode (see next
few slides)
Configuration of virtual
>Forwarding (IP)
#b virtual forward_vip { destination any:any ip forward }
>Forwarding (Layer 2)
#b virtual forward_vip { destination any:any l2 forward }
>Standard
b virtual accel_vip ‘{
destination 10.118.10.12:https
ip protocol tcp
profile http_profile oneconnect_master www.foo.com tcp
persist simple_1800_profile
pool https_pool
}’
Chapter 12
iRule
What is an iRule?
Simply add the line “log xxx” (where “xxx” is anything you
like) to any iRule, for example:
when HTTP_REQUEST {
log "Client [IP::remote_addr] has requested page
[HTTP::uri] from server [HTTP::host]."
}
Change directory: cd
Print working directory: pwd
List directory contents: ls
View file: more <filename>
Edit file: vi <filename>
Copy file: cp <source> <dest>
Delete file: rm <filename>
Useful “vi” commands
“i” to start inserting text where the cursor is
“A” to start inserting text at the end of the line
“Esc” exits the editing mode
“dd” delete entire line
“x” delete single character
“Esc” then “:” then “w” to write the file
“Esc” then “:” then “q” to quit vi
“/” starts a search through the file
To run TCPDUMP from the CLI and save the output to a file
that can be opened in Ethereal/Wireshark use the following
command:
Example:
TIP: Use WinSCP to copy the file from the BIG-IP to your PC
Software Downloads
http://downloads.f5.com
Redundant Pair
High Availability
Failover Trigger
Failover Detection
Stateful Failover
MAC Masquerading
Failover Managers
Failover Mangers detects a failed process,
takes one of the several action restarting the
process, failing back to the standby, reboot the big-
ip
Watchdog
Performs hardware health checks
Overdog
Software to correct hardware failures
SOD
monitors the switch fabric and takes corrective action for
switch failures
All failover Managers update and monitor the high
Availability Table
High Availability Table
Update & Monitor by Failover Managers
Table Fields
-Feature Name
-Action on Failure
-Enabled
-Failed State
Command Line: b ha table show
HA Table
Failover Trigger
Processes (Daemons)
Switchboard
VLAN Failsafe
Gateway Failsafe
Failover Triggers - Daemans
VLAN Failsafe
Detects no network traffic Tries to generate traffic
Timeout reached Time Action; Standby becomes
active
Gateway Failsafe
Hardware Failover
Standby notices a loss of voltage, it Takes over the
active role
Network Failover
Heartbeat sent over network
No 50 foot (15.24 meter) limitation
Slower than Hardware Failover
Setting not synchronized between peers
If Both Hardware Failover & Network Failover are being used…..
Network Failover Settings
Network Communication
Stateful Failover
Types of Mirroring
Failover without MAC Masquerading
MAC Masquerading
MAC Masquerading
Thanks