F5 Networks BIG-IP®
system is a port-based, multilayer switch that supports virtual local area network (VLAN) technology. Because hosts within a VLAN can communicate at the data-link layer (Layer 2), a BIG-IP system reduces the need for routers and IP routing on the network. This in turn reduces equipment costs and boosts overall network performance. At the same time, the BIG-IP systems multilayer capabilities enable the system to process traffic at other OSI layers. The BIG-IP system can perform IP routing at Layer 3, as well as manage and secure TCP, UDP, and other application traffic at Layers 4 through 7. The following software modules provide comprehensive traffic management and security for all traffic types. The modules are fully integrated to provide efficient solutions to meet any network, traffic management, and security needs.
The Local Traffic Manager includes local traffic management features
that help you make the most of network resources such as web servers. Using the powerful Configuration utility, you can customize the way that the BIG-IP system processes specific types of protocol and application traffic. By using features such as virtual servers, server pools, profiles, and iRulesTM
, you ensure that traffic passing through the BIG-IP system is processed quickly and efficiently, while meeting all of your security needs. For more information, see the Configuration Guide for BIG-IP® Local Traffic Management
| || |BIG-IP® Global Traffic Manager The Global Traffic Manager provides intelligent traffic management to
your globally available network resources. Through the Global Traffic Manager, you can select from an array of load balancing modes, ensuring that your clients access the most responsive and robust resources at any given time. In addition, the Global Traffic Manager provides extensive monitoring capabilities so the health of any given resource is always available. For more information, see the Configuration Guide for BIG-IP® Global Traffic Management
The Link Controller seamlessly monitors availability and performance of
multiple WAN connections to intelligently manage bi-directional traffic flows to a site; providing fault tolerant, optimized Internet access regardless of connection type or provider. The Link Controller ensures that traffic is always sent over the best available link to maximize user performance and minimize bandwidth cost to a data center. For more information, see the Configuration Guide for BIG-IP® Link Controller
| || |BIG-IP®Application Security Module The Application Security Module provides web application protection
from application-layer attacks. The Application Security Module protects Web applications from both generalized and targeted application layer attacks including buffer overflow, SQL injection, cross-site scripting, and parameter tampering. For more information, see the Configuration Guide for BIG-IP® Application Security Management
The Global Traffic Manager is a system that monitors the availability and
performance of global resources and uses that information to manage network traffic patterns. The Global Traffic Manager uses load balancing algorithms, topology-based routing, and iRules to control and distribute traffic according to specific policies. The system is highly configurable, and its web-based configuration utility allows for easy system setup and monitoring.
The Global Traffic Manager manages multiple resources within your
network. Each resource represents either a physical presence, such as a server, or a logical presence, such as a wide IP. Effective management of your network traffic requires that you understand and configure these resources correctly.
A virtual server is a collection of IP addresses and port combinations
that, together, provide access to an application or data source on your network. These collections are called virtual servers because they might span more than one physical machine, or might be a subset of available ports on a single machine.
A server is a a physical device that manages one or more virtual servers.
An example of a server is the Local Traffic Manager; however, the Global Traffic Manager can manage other server types as well, such as a Windows 2000 Server.
To manage your network traffic, the Global Traffic Manager also
requires that you configure an additional resource: a listener. A listener instructs the Global Traffic Manager to listen for network traffic destined for a specific IP address. Listeners are critical for the Global Traffic Manager; without them, the Global Traffic Manager does not know what traffic it must manage and what traffic it can safely ignore.
A link is a physical device that connects your network to the rest of the
Internet. Often, links are logically attached to a collection of servers for managing access to your data sources.
A pool is a collection of multiple virtual servers. The Global Traffic
Manager uses pools to load balance incoming network traffic among multiple virtual servers. Pools differentiate from servers in that a pool can encompass virtual servers on multiple servers on the network. This provides you with more significant load balancing granularity, because you can load balance across multiple pools of virtual servers and then have the appropriate server load balance across the virtual servers themselves.
A distributed application is a collection of wide IPs, data centers, and
links, and is the highest-level component that the Global Traffic Manager supports. You can configure the availability of distributed applications to be dependent on a specific data center, link, or server. For example, if you configure a data center to have its availability depend on a link, and that link goes down, the Global Traffic Manager considers the application to be unavailable.
Through the configuration of wide IPs and pools, you can use the Global
Traffic Manager to load balance across a collection of resources, while distributed applications, data centers, and servers give you visibility into the performance and availability of these sources.
If you use the Global Traffic Manager in conjunction with a Local Traffic
Manager, you might also want to familiarize yourself with the following additional network resources. These resources are not managed directly through the Global Traffic Manager, but understanding their role in your network configuration can assist you in optimizing your networks availability and performance:
A self IP is what most people think of when they think of an IP address.
In a Global Traffic Manager or Local Traffic Manager environment, the term self IP address helps distinguish actual IP addresses from other types of addresses, such as those that identify a virtual server.
The Global Traffic Manager supports both the standard DNS protocol and
the BIG-IP iQuery protocol (a protocol used for collecting dynamic load balancing information). The Global Traffic Manager also supports administrative protocols, such as Simple Network Management Protocol (SNMP), and Simple Mail Transfer Protocol (SMTP) (outbound only), for performance monitoring and notification of system events. For administrative purposes, you can use SSH, RSH, Telnet, and FTP. The Configuration utility supports HTTPS, for secure web browser connections using SSL, as well as standard HTTP connections.
The proprietary Global Traffic Manager SNMP agent allows you to monitor
status and current traffic flow using popular network management tools. This agent provides detailed data such as current connections being handled by each virtual server.
The Global Traffic Manager supports Secure Shell (SSH) administrative
connections for remote administration from the command line. The Global Traffic Manager web server, which hosts the web-based Configuration utility, supports SSL connections as well as user authentication.
The Global Traffic Manager also supports Web certificate authentication
for iQuery communications between the Global Traffic Manager and other systems running the big3d
The Global Traffic Manager is a highly scalable and versatile solution. You
can configure the Global Traffic Manager to manage up to several hundred domain names, including full support of domain name aliases. The Global Traffic Manager supports a variety of media options, including Fast Ethernet, and Gigabit Ethernet; the Global Traffic Manager also supports multiple network interface cards that can provide redundant or alternate paths to the network.
The Global Traffic Manager synchronization feature allows you to
automatically synchronize configurations from one Global Traffic Manager to any other Global Traffic Manager or Link Controller in the network, simplifying administrative management. The synchronization feature offers a high degree of administrative control. For example, you can set the Global Traffic Manager to synchronize a specific configuration file set, and you can also set which Global Traffic Manager or Link Controller systems in the network receive the synchronized information and which ones do not.
The Global Traffic Manager includes the big3d
agent, which is an integral part of its load balancing operations. The big3d
agent continually monitors the availability of the servers that the Global Traffic Manager load balances. It also monitors the integrity of the network paths between the servers that host the domain, and the various local DNS servers that attempt to connect to the domain. The big3d
agent runs on many of the F5 modules, including Global Traffic Manager, Local Traffic Manager, and Link Controller. Each big3d
agent broadcasts its collected data to all of the Global Traffic Managers and Link Controllers in your network, ensuring that all Global Traffic Managers work with the latest information.
agent offers a variety of configuration options that allow you to choose the data collection methods you want to use. For example, you can configure the big3d
agent to track the number of router hops (intermediate system transitions) along a given network path, and you can also set the big3d
agent to collect host server performance information using the SNMP protocol. For further details on the big3d
agent, refer to Appendix A, Working with the big3d Agent
A redundant system
is a set of two Global Traffic Managers: one operating as the active unit, the other operating as the standby unit. If the active unit goes offline, the standby unit immediately assumes responsibility for managing DNS traffic. The new active unit remains active until another event occurs that causes the unit to go offline, or you manually reset the status of each unit.
In a redundant system that has been set up with hardware-based failover,
the two units in the system are connected to each other directly using a failover cable attached to the serial ports. The standby unit checks on the status of the active unit once every second using this serial link.
In a redundant system that has been set up with network-based failover,
the two units in the system communicate with each other across an Ethernet network instead of going across a dedicated fail-over serial cable. The standby unit checks on the status of the active unit once every second using the Ethernet.
The Global Traffic Manager includes sophisticated monitoring tools to help
you monitor the Global Traffic Manager and the traffic it manages. See Chapter 10, Configuring Monitors
for more information.
The Configuration Guide for BIG-IP® Global Traffic Management
is designed to help you understand how you can use the features of the Global Traffic Manager to accomplish the tasks associated with managing name resolution request on a global level. These tasks include tracking the performance of different servers and services and identifying the load balancing methods that best suit the needs of your company.
This chapter describes how to configure listeners for the Global Traffic
Manager. A listener instructs the Global Traffic Manager to listen for network traffic destined for a specific IP address.
This chapter describes how to define the physical components of your
network, such as servers and data centers. You can use these components to determine load balancing modes and track traffic statistics.
This chapter describes how to define the logical components of your
network, such as pools and wide IPs. These components determine how the Global Traffic Manager load balances requests.
This chapter describes the load balancing modes that the Global Traffic
Manager supports, and how to apply those modes to your pools and wide IPs.
This chapter describes topologies, which allow you to define load
balancing modes and resolution controls based on the origin or destination of a given name resolution request.
This chapter describes how to use monitors to track the components of
your network. Monitors are components of the Global Traffic Manager that perform specific tests to see if a given component is available for load balancing.
This chapter describes how to use the Global Traffic Manager to view
statistics on the different physical and logical network components.
This appendix describes the big3d
agent, a utility that is responsible for much of the communication between different BIG-IP systems.
In addition to this guide, there are other sources of documentation you can
use in order to work with the BIG-IP system. The information is contained in the guides and documents described below. The following printed documentation is included with the BIG-IP system.
The following guides are available in PDF format from the AskF5SM
web site, http://tech.f5.com
. These guides are also available from the first Web page you see when you log in to the administrative web server on the BIG-IP system.
This guide provides detailed information about installing upgrades to the
BIG-IP system. It also provides information about licensing the BIG-IP system software and connecting the system to a management workstation or network.
The Configuration utility is a browser-based application that you use to
configure and monitor the Global Traffic Manager. Using the Configuration utility, you can define the load balancing configuration along with the network setup, including data centers, synchronization groups, and servers used for load balancing and path probing. In addition, you can configure advanced features such as topology settings and SNMP agents. The Configuration utility also monitors network traffic, current connections, load balancing statistics, performance metrics, and the operating system itself. The home screen of the Configuration utility provides convenient access to downloads such as the SNMP MIB, and documentation for third-party applications such as ZebOS.
This component is the left vertical pane of the Configuration utility. It
contains the following tabs: the Main tab, which allows you to select the area of your network (global, local, and so on); the Help tab, which displays online help relevant to the main screen; and the Search tab, which allows you to search for specific pools and virtual servers.
This component runs horizontally across the top of the Configuration
utility. The content of this component changes depending on what you select on the Main tab in the navigation section. Through the menu bar, you can access into more detailed aspects of a given network component.
The main component of the Configuration utility is the active screen. The
active screen changes depending on what you select on the Main tab in the navigation section. Through the active screen you configure the different aspects of the Global Traffic Manager.
It is important to note that the Global Traffic Manager often co-exists with
other BIG-IP system modules, such as a Local Traffic Manager or a Link Controller. Consequently, you might see features in the Configuration utility that are not described in this guide. See Finding help and technical support resources
for a list of other guides that will help you learn about the BIG-IP system.
The Configuration utility, which provides web-based access to the Global
Traffic Manager configuration and features, supports the following browser versions:
All examples in this documentation use only private IP addresses. When you
set up the solutions we describe, you must use IP addresses suitable to your own network in place of our sample IP addresses.
When we first define a new term, the term is shown in bold italic text. For
example, a wide IP
is a mapping of a fully-qualified domain name to one or more pools of virtual servers that host the domains content.
We refer to all products in the BIG-IP product family as BIG-IP systems.
We refer to the software modules by their name; for example, we refer to the Global Traffic Manager module as simply the Global Traffic Manager. If configuration information relates to a specific hardware platform, we note the platform.
We apply bold formatting to a variety of items to help you easily pick them
out of a block of text. These items include web addresses, IP addresses, utility names, and portions of commands, such as variables and keywords. For example, the nslookup
command requires that you include at least one <ip_address>
We use italic text to denote a reference to another document. In references
where we provide the name of a book as well as a specific chapter or section in the book, we show the book name in bold, italic text, and the chapter/section name in italic text to help quickly differentiate the two. For example, you can find information about the Local Traffic Manager in Chapter 1, Introducing the Global Traffic Manager
, in the Configuration Guide for BIG-IP® Local Traffic Management
We show actual, complete commands in bold Courier text. Note that we do
not include the corresponding screen prompt, unless the command is shown in a figure that depicts an entire command line screen. For example, the following command sets the Global Traffic Manager load balancing mode to Round Robin:
explains additional special conventions used in command line syntax.
The Configuration utility has online help for each screen. The online help
contains descriptions of each control and setting on the screen. Click the Help tab in the left navigation pane to view the online help for a screen.
The F5 Networks Technical Support web site, http://tech.f5.com
, provides the latest documentation for the product, including:
| || |The AskF5SM
natural language question and answer engine.