ebook img

Introduction to ADC Deployments with BIG-IP LTM PDF

57 Pages·2017·12.07 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Introduction to ADC Deployments with BIG-IP LTM

Agility 2018 Hands-on Lab Guide F5 Application Delivery Controller Solutions F5 Networks, Inc. 2 Contents: 1 Class1: IntroductiontoADCDeploymentswithBIG-IPLTM 5 2 Class2: BuildingtheF5Fabric 25 3 Class3: BIG-IP®LocalTrafficManager(LTM)-v13.1LabGuide 57 4 Class4: TroubleshootwithtcpdumpandWireshark 107 5 ResilientDataCenterArchitectureswithF5BIG-IP 123 3 4 1 Class 1: Introduction to ADC Deployments with BIG-IP LTM Welcome to the ADC Deployments with BIG-IP LTM hands-on lab session. These labs are intended to guide you through creating basic ADC deployments and completing common administrative tasks. This guide is intended to complement lecture material provided during the ADC Deployments with BIG-IP LTM aswellasareferenceguidethatcanbereferredtoaftertheclass. 1.1 Lab Network Setup Intheinterestoffocusingasmuchtimeaspossibleconfiguringyourapplicationdeliverycontroller,wehave providedsomeresourcesandbasicsetupaheadoftime. Theseare: • Cloud-based lab environment complete with a Windows workstation, a virtual BIG-IP (VE), a virtual BIG-IQ acting as a logging node, a virtual BIG-IQ acting as a management node, and a back-end bankingapplicationrunningonaLinuxwebserver. • ThevirtualBIG-IPhasbeenpre-licensed Ifyouwishtoreplicatetheselabsinyourofficeyouwillneedtoperformthesestepsaccordingly. Additional labresourcesareprovidedasillustratedinthediagramonthenextpage. Toaccessthelabenvironment,youwillrequireawebbrowserandRemoteDesktopProtocol(RDP)client software. The web browser will be used to access the lab training portal. The RDP client will be used to connect to a Windows workstation, where you will be able to access the BIG-IP and BIG-IQ management interfaces(HTTPS,SSH). Youclassinstructorwillprovideadditionallabaccessdetails. 5 1.1.1 Lab Diagram 1.1.2 Timing for Labs Thetimeittakestoperformeachlabvariesandismostlydependentonaccuratelycompletingsteps. This cannever beaccurately predictedbut westrived toderive anestimate amongseveral peopleeach having adifferentlevelofexperience. Belowisanestimateofhowlongitwilltakeforeachlab: LABName(Description) TimeAllocated LAB1–ConfigureVirtualServersandPools 35minutes LAB2–WorkwithSNAT,Profiles,andMonitors 45minutes LAB3–UseSSLOffload,BestPractices,andiApps 40minutes LAB4–ConfigureHighAvailability 30minutes 1.2 Module 1: BIG-IP LTM Basic Configuration InthismoduleyouwilllearnthebasicsofconfiguringBIG-IPLocalTrafficManager 1.2.1 Lab 1: Configure Virtual Servers and Pools In this lab you will explore the BIG-IP configuration utility, create your first web application, and configure differenttypesofvirtualserversandloadbalancingmethods. Task1–ConnecttoRavelloandExaminetheBIG-IPConfigurationUtility 1. Use a browser to access http://IP_address with the IP address supplied by your instructor, and log inusingtheusernameandpasswordsuppliedbyyourinstructor. 6 2. ForADCImplementationswithLTMclickView. 3. CopytheIPaddressoftheWindows7ExternalVM,andthenuseRDPtoaccesstheIPaddress. 4. LogintotheWindowsworkstationasexternal_user/password. 5. OpenChromeandclicktheBIGIP_Abookmark. 6. LogintotheBIG-IPsystemasadmin/admin. 7. FromtheleftmenuselectLocalTraffic. TheLocalTrafficmenuiswheremostADCfunctionsareperformed. 8. FromtheleftmenuselectNetwork. TheNetworkmenuiswhereyouconfigureelementsforroutingandswitching. 9. FromtheleftmenuselectSystem. TheSystemmenuiswhereyouconfigureDNSandNTPsettings,managelicensing,performsoftware updates,andimportSSLcertificates. 10. OpentheNetwork>VLANs>VLANListpage. Two VLANs were already created, an external VLAN for outside access, and an internal VLAN for accesstotheinternalnetwork. 11. OpentheNetwork>SelfIPs>SelfIPListpage. This BIG-IP system is configured with four self IP addresses. Each VLAN has a standard self IP address(endingin.241)andafloatingselfIPaddress(endingin.240). We’llusethefloatingselfIP addressesduringthehighavailabilityexercise. 12. OpentheNetwork>Routespage. This BIG-IP system is configured with a default gateway route for outbound internet access (on 10.1.10.1). Task2–CreateaBasicWebApplication Examinethelabdiagramonpage2. We’llbecreatingawebapplicationforanapplicationthatisstoredon threewebservers(at10.1.20.11–10.1.20.13). 1. OpentheLocalTraffic>Pools>PoolListpageandclickCreate. 2. Usethefollowinginformationforthenewpool. Forfieldsthatarenotspecified,leavethemsettothe defaultsettings. 7 Formfield Value Name http_pool NewMembers NodeName: node1Address: 10.1.20.11ServicePort: 80(ClickAdd) NodeName: node2Address10.1.20.12ServicePort: 80(ClickAdd) NodeName: node3Address: 10.1.20.13ServicePort: 80(ClickAdd) 3. ClickFinished. 4. OpentheLocalTraffic>VirtualServers>VirtualServerListpageandclickCreate. 5. Usethefollowinginformationforthenewvirtualserver,andthenclickFinished. Formfield Value Name http_virtual DestinationAddress/Mask 10.1.10.20 ServicePort 80 Resources>DefaultPool http_pool 6. Useanewtabtoaccesshttp://10.1.10.20. 7. UseCtrl+F5toreloadthepageseveraltimes. Youcanseethatpageelementsarecomingfromallthreewebservers. That’sallittakestocreatea basicwebapplicationontheBIG-IPsystem. 8. Closethetab. 9. IntheConfigurationUtility,opentheLocalTraffic>Pools>Statisticspage. 10. Expandthehttp_poolbyclickingonthe+icon. YouusetheStatisticspagetoidentifytheamountoftrafficsenttothepoolmembers. Noticethatthe requestsareevenlydistributedacrossallthreewebservers. 11. Selectthehttp_poolcheckbox,andthenclickReset. Task3–CreateaForwardingVirtualServer 1. Useanewtabtoattemptdirectaccesstoaninternalwebserverathttp://10.1.20.41. Currently you are unable to access resources on the internal network from the external Windows workstation. 8 2. OpentheStartmenuandtypecmd,thenright-clickcmd.exeandselectRunasadministrator,and thenclickYes. 3. Atthecommandprompt,type(orcopyandpaste): route add 10.1.20.0 mask 255.255.255.0 10.1.10.241 This adds a route to the 10.1.20.0 network through the external self IP address (10.1.10.241) of the BIG-IPsystem. 4. Reloadthepagedirectedathttp://10.1.20.41. The request fails again, as the BIG-IP system does not have a listener to forward this request to the internalnetwork. 5. IntheConfigurationUtility,opentheLocalTraffic>VirtualServers>VirtualServerListpageand clickCreate. 6. Usethefollowinginformationforthenewvirtualserver,andthenclickFinished. Formfield Value Name forward_virtual Type Forwarding(IP) DestinationAddress/Mask 10.1.20.0/24 ServicePort *AllPorts Protocol *AllProtocols Thisvirtualserverprovidesaccesstothe10.1.20.0/24networkonallportsandallprotocols. 7. Reloadthepagedirectedathttp://10.1.20.41. Therequestissuccessful. TheBIG-IPsystemdoesn’tactasafullproxy, itsimplyforwardsrequests totheinternalnetwork. 8. EdittheURLtohttps://10.1.20.32. 9. GotoStart>RemoteDesktopConnection. 10. ClickShowOptions,thenselecttheDisplaytab,thenchangetheDisplayconfigurationto1024by 768. 11. OpentheGeneraltabandconnectto10.1.20.251andloginasadministrator/password. 12. OntheWindowsServerimagegotoStart>Logoff. Younowhaveaccesstoallportsandallprotocolsonthe10.1.20.0network. Task4–CreateaRejectVirtualServer 1. IntheConfigurationUtility,ontheVirtualServerListpageclickCreate. 2. Usethefollowinginformationforthenewvirtualserver,andthenclickFinished. Formfield Value Name reject_win_server Type Reject DestinationAddress/Mask 10.1.20.251 ServicePort *AllPorts Protocol *AllProtocols 9 3. OntheLoraxIntranettabclickCorporateTools,andthenclosethetab. 4. GotoStart>RemoteDesktopConnectionandconnectto10.1.20.251. Although you still have access to the 10.1.20.0 network, you no longer have access to 10.1.20.251 (theWindowsServer). 5. ClosetheRemoteDesktopConnectionwindow. 6. Inthecommandprompttypethefollowing,andthenclosethecommandprompt. route DELETE 10.1.20.0 7. In the Configuration Utility, select the forward_virtual and reject_win_server checkboxes and then clickDeleteandDeleteagain. Task5–UseDifferentPoolOptions 1. OpentheLocalTraffic>Pools>PoolListpageandclickhttp_pool,andthenopentheMembers page. Currentlythepoolisusingthedefaultloadbalancingmethod: RoundRobin. 2. FromtheLoadBalancingMethodlistselectRatio(member),andthenclickUpdate. 3. ExaminetheCurrentMemberssection. Currentlyallthreepoolmembershavethesameratiovalue(1). 4. Clicknode1:80,thenchangetheratiovalueto10,andthenclickUpdate. 5. AtthetopofthepageclickMembers,thenclicknode2:80,thenchangetheratiovalueto5,andthen clickUpdate 6. ClickMembersagainandexaminetheCurrentMemberssection. 7. Use an incognito window to access http://10.1.10.20, then type Ctrl + F5 at least 10 times to reload thepage,andtheclosethepage. 8. IntheConfigurationUtility,atthetopofthepageclickStatistics. Requestsarenowbeingdistributedtothethreepoolmembersina10–5–1ratio. 1.2.2 Lab 2: Work with SNAT, Profiles, and Monitors InthislabyouwillexperimentwithusingSNATAutoMapforinboundrequestsaswellasoutboundrequests frominternalusers. You’llalsouseanHTTPandstreamprofiletomakeglobalmodificationstotextwithina website. Finallyyou’llseehowusinghealthmonitorsensuresthatyoutheBIG-IPknowswhichwebservers areavailableforclientrequests. 10

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.