F5 BigIP LTM Initial Build, Install and Licensing.

1. F5 BigIP Load Balancer Architecture, Design &
Implementation.
Version 1.1
Author: Ciprian Maior (MTO)
Kapil Sabharwal (Hitachi Consulting)

2. Local Traffic Manager
LTM is a traffic management operating system (TMOS) module that provides advanced load
balancing and application delivery features as well as far more functionalities such as firewall
functions.
BigIP is the name for BigIP Controller.
ADC Chosen for Cloud Infrastructure is Viprion, a high density hardware consolidation
platform. This modular chassis has capacity for upto 8 hot swappable blade modules.
Hardware specifications:
▪ LCD Panel & physical controls.
▪ Everything from firmware, software and configuration settings are automatically
duplicated from primary blade to every other blade.
▪ SuperVIP feature allows VIP to span multiple blades.
▪ vCMP a hypervisor which allows for multiple ADC guest instances.
▪ RAM, 40 Gb Ether interfaces.
▪ 10 Gb, 1 Gb (SFP GBIC or Copper GBIC).
▪ 30,000 2k SSL TPS.
BigIP Application Delivery Controller Operating System and Hotfix:
1.1 Upgrade OS and Hotfix via TMSH
Testing Steps
1. Log on each F5 platform through command line
2. Install the HF image directly via TMSH. For example, tmsh install /sys software hotfix
Hotfix-BIGIP-11.3.0-39.0-HF5.iso volume HD1.2.
3. Reboot the system
1. After rebooting, the system should finished HF upgrade.

3. Initial CLI login via SSH
Default credentials root / default
Default Initial IP Address to access via HTTPS for GUI Configuration
Utility

4. Launching the configuration Utility on CLI with config command:

5. Launch the Config Utility:
Modify the Mgmt. IP Address, Netmask and Mgmt. gateway address to a
desired values.

6. Default route for the Mgmt. network for out of band management.
Next Access the BigIP via Browser via new Mgmt IP Address.

7. Post Login, the BigIP presents with Initial Setup Utility.

8. Install License in License TAB:
Copy the Registration key and Press Next, It generates a Dossier, Press
Next.

9. It is assumed you either have direct access to Internet on this
connection from F5, if so you proceed with Step 2,
Next on the Activation Page at F5.com Enter/ Copy the product Dossier
within the required space, Click Next..

10. F5 Generates the Activation License.

11. Click Submit, System configuration changes and Page Opens with
current provisioned resources and applies activated licenses for LTM,
GTM, APM, ASM modules.
Complete Rest of the Setup config utility for Network, High
availability, VLANs, Interfaces and other options in Setup Utili

12. Change the passwords for WebUI, CLI login.
Define the SELF IP Addresses for Internal and External Network. Also
In case your BigIP Is connected to an SVI or Trunked Port for multiple
tagged VLANs on a dot1q trunk port on the next hop switch or router on
Internal or External Network, choose to tag appropriate VLANs on F5
appliance as well.

13. Define the next hop default gateway on F5 on the external network to
the outside network.

14. On Internal network define the internal network SelfIP Address and
netmask, also chose & keep the interfaces untagged for a connection
to non-trunk access uplink port on an end switch or a router. In such a
case the BigIP behaves like an end node.

15. Platform identification with SNMP sysObjectID
Test Objective/Description
Verify that F5 platforms can be uniquely identified by their SNMP sysObjectID.
Prerequisite Information
Testing Steps
1. Log on each F5 platform through command line
2. Perform command: “snmpget -c <SNMP community> -v 2c localhost 1.3.6.1.2.1.1.2.0”
3. Analyse the output

16. BigIP Functionality and Modules:
In its most basic form BigIP performs three interrelated functions, monitoring host, servers,
acting as a proxy for those hosts and load balancing traffic across them.
Destination ‘real’ host availability and possibly metrics related to performance and load are
constantly monitored by the BigIP (the monitoring function).
Monitoring information is used to influence load balancing decisions in real time. For instance,
an unavailable server will not have any traffic sent to it.
BigIP can provide a multitude of TCP/IP, protocol and application specific features that enable
to apply policy control, high availability, security and performance enhancements to almost
any traffic flow. These could include:
1. VLANs tagging, LACPs, traffic mirroring.
2. QOS and rate shaping.
3. Routing: static and dynamic.
4. TCP optimization including TCP Connection ‘multiplexing’, reducing response times.
5. Access lists, packet filtering & DDOS Protection.
6. Load balancing using a range of algorithms, with complex decision making based on a
wide range of client & server metric, factors from tcp connection load to HTTP request
headers.
7. Connection limiting & buffering or queuing.
8. Server health monitoring.
9. Multiple persistence / stickiness options.
10. Content Caching.
11. SSL Offload.
12. HTTP Compression offload.
13. Firewall & security features.
TMSH:
Traffic management shell is CLI Shell and provides with command set available through the
HMS, used to manage, monitor and control all aspects of TMOS modules such as LTM.

17. Publishing Applications in SDC.
Following basic and generic steps are required to publish any Tier 1 web application in SDC.
1. Nodes / Servers, Identify the nodes with FQDNs.
2. Create and identify the headers (with third party tools if need be), that will go in
configuring the HTTP Health monitors
3. Create Pools.
4. Certificate Standards and Importing (Service if assigned a Certificate for security).
5. DNS: Create Bind forwarder server list.
6. Create Virtual Server, assign the default node pool to Virtual Server.
7. Create iRule(s) and assign it to Virtual Server so as to have a desired behavior for traffic
redirection or mapping of the pools and resources.

18. Publishing HelloWorld.pvp.gov.on.ca
F5 monitors all "NODES" that participate in a virtual server service "POOL". A node can be defined
for SDC as a virtual machine upon which a load balanced application resides. One or more nodes
may participate in a "POOL"
By default, SDC will monitor all nodes for accessibility on ports 80 and 443

19. The default monitors available in F5 are tcp icmp http tcp_echo etc.

20. Create and select health monitor, which will monitor the health, availability and online status
of HTTP and SSL Based applications.
Define the intervals.
Timeout intervals.
Define the send and receive strings. Utilis such as curl can be used.
Go to
2:20

24. Define and create Virtual Server that will receive the client connections as a proxy
request for backend server farm for service type 443.
Create VIP Servers.
Define VLAN and Tunnels and SNAT as Auto Map.
Applying the default pool to VIPs
Requirement completed: "Creating F5 Application Pools"

25. Select your VS
Click Resources

26. Select your created pool from dropdown
Click update.

27. Publishing end to end SSL session to Server farm.
Create Client SSL Profile.
Select SSL and Client

28. Click Create
Name based on Cert FQDN
Create Server SSL Profile
Between F5 and Web Server
For TCP handshake
F5 is Client
Web Server is Server
Go to

29. Click Profiles
Select SSL and Server

30. Click Create
Name based on Cert FQDN !{NEED naming Convention}
Select advanced from drop down.
(To edit fields enable the custom element)

31. Creating F5 application pools
Go to
Click Create

32. Select the following
Click finished.
Add load balancing Rule
Click on the pool

33. Click Members
Select from dropdown

34. Click update