Applies To:

Show Versions Show Versions

Manual Chapter: Configuration Guide for Local Traffic Management: Understanding Profiles
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>


5

Understanding Profiles


Introducing profiles

The BIG-IP® local traffic management (LTM) system can manage application-specific network traffic in a variety of ways, depending on the protocols and services being used. For example, you can configure the LTM system to compress HTTP response data, or you can configure the system to authenticate SSL client certificates before passing requests on to a target server.

For each type of traffic that you want to manage, the LTM system contains configuration tools that you can use to intelligently control the behavior of that traffic. These tools are called profiles. A profile is a system-supplied configuration tool that enhances your capabilities for managing application-specific traffic. More specifically, a profile is an object that contains user-configurable settings, with default values, for controlling the behavior of a particular type of network traffic, such as HTTP connections. Using profiles enhances your control over managing network traffic, and makes traffic-management tasks easier and more efficient.

Profile types

The LTM system provides several types of profiles. While some profile types correspond to specific protocols, such as HTTP, SSL, and FTP, other profiles pertain to traffic behaviors applicable to multiple protocols. Examples of these are connection persistence profiles and authentication profiles. Table 5.1 lists the available profile types, with descriptions.

Table 5.1 Available profiles in the LTM system
Profile Type
Description
Protocol profiles
Fast L4
Defines the behavior of Layer 4 IP traffic.
Fast HTTP
Improves the speed at which a virtual server processes traffic.
TCP
Defines the behavior of TCP traffic.
UDP
Defines the behavior of UDP traffic.
Services profiles
HTTP
Defines the behavior of HTTP traffic.
FTP
Defines the behavior of FTP traffic.
SSL profiles
Client SSL
Defines the behavior of client-side SSL traffic. See also Persistence Profiles.
Server SSL
Defines the behavior of server-side SSL traffic. See also Persistence Profiles.
Persistence profiles
Cookie
Implements session persistence using HTTP cookies.
Destination Address
Implements session persistence based on the destination IP address specified in the header of a client request. Also known as sticky persistence.
Hash
Implements session persistence in a way similar to universal persistence, except that the LTM system uses a hash for finding a persistence entry.
MSRDP
Implements session persistence for Microsoft Remote Desktop Protocol sessions.
SIP
Implements session persistence for connections using Session Initiation Protocol Call-ID.
Source Address
Implements session persistence based on the source IP address specified in the header of a client request. Also known as simple persistence.
SSL
Implements session persistence for non-terminated SSL sessions, using the session ID.
Universal
Implements session persistence using the LTM system's Universal Inspection Engine (UIE).
Authentication profiles
LDAP
Allows the LTM system to authenticate traffic based on authentication data stored on a remote Lightweight Directory Access Protocol (LDAP) server.
RADIUS
Allows the LTM system to authenticate traffic based on authentication data stored on a remote RADIUS server.
TACACS+
Allows the LTM system to authenticate traffic based on authentication data stored on a remote TACACS+ server.
SSL Client Certificate LDAP
Allows the LTM system to control a client's access to server resources based on data stored on a remote LDAP server. Client authorization credentials are based on SSL certificates, as well as defined user groups and roles.
SSL OCSP
Allows the LTM system to check on the revocation status of a client certificate using data stored on a remote Online Certificate Status Protocol (OCSP) server. Client credentials are based on SSL certificates.
Other profiles
OneConnect
Enables client requests to reuse server-side connections. The ability for the LTM system to reuse server-side connections is known as Connection PoolingTM.
Stream
Defines the behavior of Real-Time Streaming Protocol (RTSP) traffic.

 

Default profiles

The LTM system includes a default profile for each profile type listed in Table 5.1 . A default profile is a system-supplied profile that contains default values for its settings. An example of a default profile is the http default profile. You can use a default profile as is, or you can create a custom profile based on the default profile.

You can use a default profile in several ways:

  • You can use a default profile as is.
    You simply configure your virtual server to reference the default profile.
  • You can modify the default profile settings (not recommended).
    When you modify a default profile, you lose the original default profile settings. Thus, any custom profiles you create in the future that are based on that default profile inherit the modified settings.
  • You can create a custom profile, based on the default profile (recommended).
    This allows you to preserve the default profile, and instead configure personalized settings in the custom profile. Custom profiles inherit some of the setting values of a parent profile that you specify. After creating a custom profile, you can configure your virtual server to reference the custom profile instead of the default profile. For more information on custom profiles, see Custom and parent profiles , following.
Note

You can modify a default profile, but you cannot create or delete a default profile.
Warning

Once you modify a default profile, the only way to restore the settings to their original values is to manually configure the profile to specify those values.

Custom and parent profiles

A custom profile is a profile that you create. When you create a profile, one of the settings that you specify is the Parent Profile setting. A parent profile is a profile from which your custom profile inherits its settings and their default values.

In general, a custom profile automatically inherits the settings and values of its parent profile. Thus, instead of having to configure every individual setting when you create a custom profile, you simply specify a parent profile, which causes the LTM system to automatically assign values to its settings. The values that it assigns are those of the parent profile.

Note

If you do not specify a parent profile when you create a custom profile, the LTM system automatically assigns the corresponding default profile as the parent profile.

Using the default profile as the parent profile

A typical profile that you can specify as a parent profile when you create a custom profile is a default profile. For example, if you create a custom HTTP-type profile called my_http_profile, you can specify the default profile http as the parent profile. In this case, the LTM system automatically creates the profile my_http_profile so that it contains the same settings and default values as the profile http. The new child profile thus inherits its settings and values from its parent profile.

An exception to this automatic inheritance feature occurs when you modify the settings of a child profile. In this case, the child profile does not inherit parent values for any of the modified settings. This behavior is designed to prevent the LTM system from overwriting any settings that you have modified in a child profile.

For all settings in a child profile that you do not modify, however, the child profile continues to inherit those values from the parent profile.

Using a custom profile as the parent profile

When creating a custom profile, you can specify another custom profile, rather than the default profile, as the parent profile. The only restriction is that the custom profile that you specify as the parent must be of the same profile type as the child. Once you have created the child profile, its settings and default values are automatically those of the custom profile that you specified as the parent.

For example, if you create a profile called my_http_profile2, you can specify the custom profile my_http_profile as its parent. The result is that the default setting values of profile my_http_profile2 are those of its parent profile my_http_profile.

If you subsequently modify the settings of the parent profile, the LTM system automatically propagates those changes to the child profile. For example, if you create the custom profile my_http_profile and use it as a parent profile to create the custom profile my_http_profile2, any changes you make later to profile my_http_profile are automatically propagated to profile my_http_profile2. Again, the exception to this is when you modify any of the settings in the child profile. For those modified settings, the child profile does not inherit the values of its parent.

Summarizing profiles

Profiles are a configuration tool that you can use to affect the behavior of certain types of network traffic. By default, the LTM system provides you with a set of profiles that you can use as is. These profiles contain various settings that define the behavior of FastL4, TCP, UDP, RSTP, HTTP, FTP, and SSL traffic. Profiles also give you a way to enable connection and session persistence, and to manage client application authentication. Once you have assigned a profile to a virtual server, the LTM system manages any traffic that corresponds to that profile type according to the settings defined in that profile.

There are two possible types of profiles: default profiles, which the LTM system supplies, and custom profiles, which you create. Default profiles are useful when the values contained in them are sufficient for your needs. Custom profiles are useful when you want your values to differ from those contained in the default profile. To ease your task of configuring and maintaining profiles, the LTM system ensures that a custom profile automatically inherits settings and values from a parent profile.

When you create profiles to manage a type of network traffic, you can use them in the following ways:

  • You do not need to take any action to use the default profiles that are enabled by default. The LTM system uses them to automatically direct the corresponding traffic types according to the values specified in the those profiles.
  • You can create a custom profile, using the default profile as the parent profile, modifying some or all of the values defined in that profile.
  • You can create a custom profile to use as a parent profile for other custom profiles.

Creating and modifying profiles

As described in the previous section, profiles are a configuration tool to help you manage your application traffic. To make use of profiles, you can either use the default profiles that the LTM system provides, or you can create your own custom profiles. You can also modify existing profiles as needed.

More specifically, you can:

  • Use a default profile as is.
  • Modify a default profile.
  • Create a custom profile.
  • Modify a custom profile.

The following sections contain the procedures for creating and modifying profiles. To understand individual profile settings and their effect on different types of traffic, see either the remainder of this chapter, or one of the following chapters:

For background information on default and custom profiles, see Introducing profiles .

Using a default profile as is

The LTM system provides a default profile that you can use as is for each type of traffic. A default profile includes default values for any of the properties and settings related to managing that type of traffic. To implement a default profile, you simply assign the profile to a virtual server, using the Configuration utility. You are not required to configure the setting values. For more information, see Implementing a profile .

For information on creating or modifying a virtual server, see Chapter 2, Configuring Virtual Servers .

Modifying a default profile

Using the Configuration utility, you can modify the values of a default profile. We do not recommend this. Although modifying a default profile appears to be simpler and quicker than creating a custom profile, be aware that in so doing, you lose the original values. If you want to reset the profile back to its original state, you must do this manually by modifying the settings of the default profile again to specify the original values. (To find the original default values, see the relevant profile chapter in this guide, or see the online help.)

Modifying and implementing a default profile is a two-step process:

  • First, you must modify the settings of the default profile, using the Configuration utility. For more information, see To modify a default profile , following.
  • Second, you must associate that profile with a virtual server. For information on associating a profile with a virtual server, see Implementing a profile .

To modify a default profile

  1. On the Main tab, expand Local Traffic.
  2. Click Profiles.
    The HTTP Profiles screen opens.
  3. Select the default profile that you want to modify:
    • If you are modifying the http profile, click the name http.
      This displays the properties and settings of the default http profile.
    • If you are modifying a default profile other than the http profile, click the appropriate profile menu on the menu bar and choose a profile type. Then click a profile name.
      This displays the properties and settings of that default profile.
  4. Modify the settings to suit your needs.
  5. Click Update.

Creating a custom profile

If you do not want to use a default profile as is or change its settings, you can create a custom profile. Creating a custom profile and associating it with a virtual server allows you to implement your own specific set of traffic-management policies.

When you create a custom profile, the profile is a child profile and automatically inherits the setting values of a parent profile that you specify. However, you can change any of the values in the child profile to better suit your needs. For background information on custom profiles and inheritance of setting values, see Custom and parent profiles .

If you do not specify a parent profile, the LTM system uses the default profile that matches the type of profile you are creating.

Implementing a custom profile is a two-step process:

  • First, you must create the custom profile, using the Configuration utility. For more information, see To create a custom profile , following.
  • Second, you must associate that profile with a virtual server. For information on associating a profile with a virtual server, see Implementing a profile .
Important

Within the Configuration utility, each profile creation screen contains a check box to the right of each profile setting. When you check a box for a setting and then specify a value for that setting, the profile then retains that value, even if you change the corresponding value in the parent profile later. Thus, checking the box for a setting ensures that the parent profile never overwrites that value through inheritance.

To create a custom profile

  1. On the Main tab, expand Local Traffic.
  2. Click Profiles.
    The Profiles screen opens and, by default, displays a list of any existing HTTP profiles.
  3. Select the type of profile you want to create:
    • If you are creating an HTTP type of profile, proceed to Step 4.
    • If you are creating another type of profile, click a profile category on the menu bar and choose a profile type.
  4. On the right side of the screen, click Create.
    This displays the screen to create a new profile.
  5. In the Name box, type a unique name for your profile.
  6. For the Parent Profile setting, select a profile from the list.
    You can select either the default profile or another custom profile.
  7. Specify, modify, or retain values for all settings:
    • If you want to specify or modify a value, locate the setting, click the box in the Custom column on the right side of the screen, and then type or modify a value.
    • If you want to retain a value inherited from the parent profile, leave the setting as is. Do not check the box in the Custom column.
  8. Click Finished.

Tip


An alternative way to access the New Profile screen is to expand Local Traffic On the Main tab, click the Create button next to the Profiles menu item, and select a profile type.

Modifying a custom profile

Once you have created a custom profile, you can use the Configuration utility to adjust the settings of your custom profile later if necessary. If you have already associated the profile with a virtual server, you do not need to perform that task again.

Important

Within the Configuration utility, each profile creation screen contains a check box to the right of each profile setting. When you check a box for a setting and then specify a value for that setting, the profile then retains that value, even if you change the corresponding value in the parent profile later. Thus, checking the box for a setting ensures that the parent profile never overwrites that value through inheritance.

To modify custom profile settings

  1. On the Main tab, expand Local Traffic.
  2. Click Profiles.
    The HTTP Profiles screen opens.
  3. Point to the menu for the type of profile you want to modify (Services, Persistence, Protocols, SSL, or Authentication) and choose a profile type.
    This displays a list of existing profiles of that type.
  4. In the Name column, click the name of the profile you want to modify.
    This displays the settings and values for that profile.
  5. Modify or retain values for all settings:
    • If you want to modify a value, locate the setting, click the box in the Custom column on the right side of the screen, and then modify the value.
    • If you want to retain a value inherited from the parent profile, leave the setting as is. Do not check the box in the Custom column.
    • If you want to reset a value back to the parent profile value, clear the check box in the Custom column on the right side of the screen.
  6. Click the Update button.

Implementing a profile

Once you have created a profile for a specific type of traffic, you implement the profile by associating that profile with one or more virtual servers.

You associate a profile with a virtual server by configuring the virtual server to reference the profile. Whenever the virtual server receives that type of traffic, the LTM system applies the profile settings to that traffic, thereby controlling its behavior. Thus, profiles not only define capabilities per network traffic type, but also ensure that those capabilities are available for a virtual server.

To assign a profile to a virtual server

  1. On the Main tab, expand Local Traffic.
  2. Click Virtual Servers.
    This displays a list of existing virtual servers.
  3. Click a virtual server name.
    This displays the properties and settings for that virtual server.
  4. Locate the setting for the type of profile you want to assign and select the name of a default or custom profile.
  5. At the bottom of the screen, click Update.
Note

You can also assign a profile to a virtual server at the time that you create the virtual server.

Because certain kinds of traffic use multiple protocols and services, users often create multiple profiles and associate them with a single virtual server.

For example, a client application might use the TCP, SSL, and HTTP protocols and services to send a request. This type of traffic would therefore require three profiles, based on the three profile types TCP, Client SSL, and HTTP.

Each virtual server lists the names of the profiles currently associated with that virtual server. You can add or remove profiles from the profile list, using the Configuration utility.

The LTM system has specific requirements regarding the combinations of profile types allowed for a given virtual server. Table 5.2 shows the specific combinations of profile types that you can configure on a virtual server.

 
Table 5.2 Profile combinations that the LTM system allows and disallows
Profile Type
Prerequisite
Profiles
Incompatible Profiles
Protocol profiles
Fast L4
None
All
Fast HTTP
None
All
TCP
None
Fast L4, UDP
UDP
None
Fast L4, TCP
Services profiles
HTTP
TCP
FTP
FTP
TCP
HTTP, CLient SSL or Server SSL
SSL profiles
Client SSL
TCP
FTP
Server SSL
TCP
FTP
Persistence profiles
Cookie
HTTP
N/A
Destination Address Affinity
Any
None
Hash
Fast L4, TCP, UDP
N/A
MSRDP
TCP
N/A
SIP
TCP or UDP
FTP
Source Address Affinity
Any
None
SSL
TCP
FTP
Universal
None
N/A
Authentication profiles
LDAP
TCP
N/A
RADIUS
TCP
N/A
TACACS+
TCP
N/A
SSL Client Certificate LDAP
TCP
N/A
OCSP
TCP
N/A
Other profiles
OneConnect
TCP
N/A
Stream
TCP
Fast L4, UDP

 

In directing traffic, if a virtual server requires a specific type of profile that does not appear in its profile list, the LTM system uses the relevant default profile, automatically adding the profile to the profile list. For example, if a client application sends traffic over TCP, SSL, and HTTP, and you have assigned SSL and HTTP profiles only, the LTM system automatically adds the default profile tcp to its profile list.

At a minimum, a virtual server must reference a profile, and that profile must be associated with a UDP, FastL4, or TCP profile type. Thus, if you have not associated a profile with the virtual server, the LTM system adds a UDP, FastL4, or TCP default profile to the profile list.

The default profile that the LTM system chooses depends on the configuration of the virtual server's protocol setting. If the protocol setting is set to UDP, the LTM system adds the udp profile to its profile list. If the protocol setting is set to anything other than UDP, the LTM system adds the FastL4 profile to its profile list.

Configuring protocol-type profiles

Some of the profiles that you can configure are known as Protocol profiles. The Protocol profiles types are:

  • Fast L4
  • Fast HTTP
  • TCP
  • UDP

For each Protocol profile type, the LTM system provides a pre-configured profile with default settings. In most cases, you can use these default profiles as is. If you want to change these settings, you can configure protocol profile settings when you create a profile, or after profile creation by modifying the profile's settings.

The following sections list the traffic-management settings contained in FastL4, Fast HTTP, TCP, and UDP profiles. For information on configuring other types of profiles, see the following:

The Fast L4 profile type

The purpose of a Fas tL4 profile is to help you manage Layer 4 traffic. For your typical needs, most of the Fast L4 profile settings suffice. The specific settings that you might want to change are: Reset on Timeout, Idle Timeout, and PVA Acceleration. Table 5.3 lists and describes the settings of the Fast L4 profile type.

Table 5.3 Settings of a FastL4 profile
Setting
Description
Default Value
Name
This setting specifies a unique name for the profile.
No default value
Parent Profile
This setting specifies the profile that you want to use as the parent profile. Your new profile inherits all non-custom settings and values from the parent profile specified.
fastL4
Reset on Timeout
If this setting is enabled and a TCP connection exceeds the timeout value for idle connections, the LTM system sends a reset in addition to deleting the connection.
Enable
Reassemble IP Fragments
If this setting is enabled, the LTM system reassembles IP fragments.
Disable
Idle Timeout
This setting specifies the number of seconds that a connection is idle before the connection is eligible for deletion.
300
Max Segment Size Override
If set to a non-zero value, this setting overrides the maximum segment size of 1450.
0
PVA Acceleration
This setting specifies the preferred PVA acceleration mode. Possible values are Full, Assisted, or None.
Full
IP ToS to Client
This setting specifies the Type of Service level that the LTM system assigns to UDP packets when sending them to clients.
65535
IP ToS to Server
This setting specifies the Type of Service level that the LTM system assigns to UDP packets when sending them to servers
65535
Link QoS to Client
This setting specifies the Quality of Service level that the LTM system assigns to UDP packets when sending them to clients.
65535
Link QoS to Server
This setting specifies the Quality of Service level that the LTM system assigns to UDP packets when sending them to servers.
65535
TCP Timestamp Mode
Specifies the action that the LTM system should take on TCP timestamps. Possible values are: Preserve, Strip, and Rewrite.
Preserve
TCP Window Scale Mode
Specifies the action that the LTM system should take on TCP windows. Possible values are: Preserve, Strip, and Rewrite.
Preserve
Generate Internal Sequence Numbers
Enables the LTM system to generate its own sequence numbers for SYN packets, according to RFC 1948. When enabled, this setting allows timestamp recycling.
Disabled
Strip Sack OK
Enables the LTM system to block a TCP SackOK option from passing to the server on an initiating SYN.
Disabled
RTT from Client
Specifies that the LTM system should use TCP timestamp options to measure the round-trip time to the client.
Disabled
RTT from Server
Specifies that the LTM system should use TCP timestamp options to measure the round-trip time to the server.
Disabled
Loose Initiation
Specifies, when checked (enabled), that the system initializes a connection when it receives any TCP packet, rather that requiring a SYN packet for connection initiation. We recommend that if you enable this setting, you also enable the Loose Close setting.
Warning: Enabling loose initiation can permit stray packets to pass through the system. This can pose a security risk and reduce system performance.
Disabled (unchecked)
Loose Close
Specifies, when checked (enabled), that the system closes a loosely-initiated connection when the system receives the first FIN packet from either the client or the server.
Disabled (unchecked)
TCP Close Timeout
Specifies the length of time, in seconds, that a connection can remain idle before deletion, once the system receives a CLOSE packet for that connection. This setting must be less than the Idle Timeout value Additionally, the TCP Close Timeout setting is valid only if you enable the Loose Initiation or Loose Close setting.
5

 

The Fast HTTP profile type

The Fast HTTP profile is a configuration tool designed to speed up certain types of HTTP connections. This profile provides the ability to tune these connections for the best possible network performance. When you associate this profile with a virtual server, the virtual server processes traffic packet-by-packet, and at a significantly higher speed.

Note

The Fast HTTP profile is incompatible with all other profile types. Also, you cannot use this profile type in conjunction with VLAN groups, or with the IPv6 address format.

Table 5.4 lists and describes the settings of a Fast HTTP profile type

Table 5.4 Settings of a Fast HTTP profile
Setting
Description
Default Value
Name
This setting specifies a unique name for the profile.
No default value
Parent Profile
This setting specifies the profile that you want to use as the parent profile. Your new profile inherits all non-custom settings and values from the parent profile specified.
fasthttp
Reset on Timeout
Specifies, when checked (enabled), that the system sends a TCP RESET packet when a connection times out, and deletes the connection.
Enabled (checked)
Idle timeout
This setting specifies the number of seconds that a connection is idle before the connection flow is eligible for deletion because it has no traffic. Possible values are: Specify, Immediate, and Indefinite. For more information, see the online help.
300
Maximum Segment Size Override
Specifies a maximum segment size (MSS) override for server-side connections. The default setting is 0, which corresponds to an MSS of 1460. You can specify any integer between 536 and 1460.
0
Client Close Timeout
Specifies the number of seconds after which the system closes a client connection, when the system either receives a client FIN packet or sends a FIN packet to the client. This setting overrides the Idle Timeout setting. Possible values are: Specify, Immediate, and Indefinite. For more information, see the online help.
5
Server Close Timeout
Specifies the number of seconds after which the system closes a client connection, when the system either receives a server FIN packet or sends a FIN packet to the server. This setting overrides the Idle Timeout setting. Possible values are: Specify, Immediate, and Indefinite. For more information, see the online help.
5
Unclean Shutdown
Specifies how the system handles closing connections. Possible values are: Disabled, Enabled, and Fast. For more information, see the online help.
Disabled
Force HTTP 1.0 Response
Specifies, when checked (enabled), that the server sends responses to clients in the HTTP/1.0 format. This effectively disables client chunking and pipelining.
Disabled (unchecked)
Maximum Pool Size
Specifies the maximum number of connections a load balancing pool can accept. A setting of 0 specifies that a pool can accept an unlimited number of connections.
2048
Minimum Pool Size
Specifies the minimum number of connections that a load balancing pool can accept. A setting of 0 specifies that there is no minimum.
0
Ramp-Up Increment
Specifies the increment in which the system makes additional connections available, when all available connections are in use.
4
Maximum Reuse
Specifies the maximum number of times that the system can re-use a current connection.
0
Idle Timeout Override
Specifies the number of seconds after which a server-side connection in a pool is eligible for deletion, when the connection has no traffic. This setting overrides the Idle Timeout setting. Possible values are: Specify, Disabled, and Indefinite. For more information, see the online help.
Disabled
Parse Requests
Specifies, when checked (enabled), that the system parses the HTTP data in the connection stream. Note that if you are using a Fast HTTP profile for non-HTTP traffic, you should disable this setting to shield against dynamic denial-of-service (DDOS) attacks.
Enabled (checked)
Maximum Header Size
Specifies the maximum amount of HTTP header data that the system buffers before making a load balancing decision.
32768
Maximum Requests
Specifies the maximum number of requests that the system allows for a single client-side connection. When the specified limit is reached, the final response contains a Connection: close header is followed by the closing of the connection. The default setting of 0 means that the system allows an infinite number of requests per client-side connection.
0
Insert XForwarded For
Specifies whether the system inserts the XForwarded For: header in an HTTP request with the client IP address, to use with connection pooling. Possible settings are Enabled and Disabled. For more information, see the online help.
Disabled
Header Insert
Specifies a string that the system inserts as a header in an HTTP request. If the header exists already, the system does not replace it.
No default value

.

When writing iRulesTM, you can specify a number of events and commands that the Fast HTTP profile supports. The iRule events that the Fast HTTP profile supports are:

  • CLIENT_ACCEPTED
  • SERVER_CONNECTED
  • HTTP_REQUEST

The iRule commands that the Fast HTTP profile supports are:

  • HTTP::method
  • HTTP::uri
  • HTTP::version
  • HTTP::header exists
  • HTTP::header value
  • HTTP::header insert

For more information about these iRule events and commands, see Chapter 13, Writing iRules .

The TCP profile type

The TCP profile is a configuration tool for managing TCP network traffic. Many of the TCP profile settings are standard SYSCTL types of settings, while others are unique to the LTM system.

For most of the TCP profile settings, the default values usually meet your needs. The specific settings that you might want to change are: Reset on Timeout, Idle Timeout, IP ToS, and Link QoS. Table 5.3 lists and describes the settings of a TCP profile type.

Table 5.5 Settings of a TCP profile
Setting
Description
Default Value
Name
This setting specifies a unique name for the profile.
No default value
Parent Profile
This setting specifies the profile that you want to use as the parent profile. Your new profile inherits all non-custom settings and values from the parent profile specified.
tcp
Reset on Timeout
If this setting is enabled and a TCP connection exceeds the timeout value for idle connections, the LTM system sends a reset in addition to deleting the connection.
Enabled
Time Wait Cycle
This setting recycles the connection when a SYN packet is received in a TIME-WAIT state.
Enabled
Delayed ACKs
If this setting is enabled, the LTM system allows coalescing of multiple acknowledgement (ACK) responses.
Enabled
Proxy Maximum Segment
Advertises the same maximum segment to the server as was negotiated with the client.
Enabled
Proxy Options
Advertises an option (such as timestamps) to the server only if it was negotiated with the client.
Disabled
Proxy Buffer Low
Specifies the proxy buffer level at which the receive window was opened.
4096
Proxy Buffer High
Specifies the proxy buffer level at which the receive window was closed.
16384
Idle Timeout
This setting specifies the number of seconds that a connection is idle before the connection is eligible for deletion.
300
Time Wait
This setting specifies the number of milliseconds that a connection is in a TIME-WAIT state before entering the CLOSED state.
2000
FIN Wait
This setting specifies the number of seconds that a connection is in the FIN-WAIT or CLOSING state before quitting. A value of 0 represents a term of forever (or until the metrics of the FIN state).
5
Close Wait
This setting specifies the number of seconds that a connection remains in a LAST-ACK state before quitting. A value of 0 represents a term of forever (or until the metrics of the FIN state).
5
Send Buffer
This setting causes the LTM system to send the buffer size, in bytes.
8192
Receive Window
This setting causes the LTM system to receive the window size, in bytes.
4096
Keep Alive Interval
This setting causes the LTM system to keep alive the probe interval, in milliseconds.
1800
Maximum SYN Retransmissions
This setting specifies the maximum number of retransmissions of SYN segments that the LTM system allows.
4
Maximum Segment Retransmissions
This setting specifies the maximum number of retransmissions of data segments that the LTM system allows.
8
IP ToS
This setting specifies the Type of Service level that the LTM system assigns to TCP packets when sending them to clients.
0
Link QoS
This setting specifies the Quality of Service level that the LTM system assigns to TCP packets when sending them to clients.
0

 

The UDP profile type

The UDP profile is a configuration tool for managing UDP network traffic. Table 5.6 lists and describes the settings of a UDP profile type

Table 5.6 Settings of a UDP profile
Setting
Description
Default Value
Name
This setting specifies a unique name for the profile.
No default value
Parent Profile
This setting specifies the profile that you want to use as the parent profile. Your new profile inherits all non-custom settings and values from the parent profile specified.
udp
Idle timeout
This setting specifies the number of seconds that a connection is idle before the connection flow is eligible for deletion.
60
IP ToS
This setting specifies the Type of Service level that the LTM system assigns to UDP packets when sending them to clients.
0
Link QoS
This setting specifies the Quality of Service level that the LTM system assigns to UDP packets when sending them to clients.
0
Datagram LB
This setting specifies, when checked (enabled), that the system load balances UDP traffic packet-by-packet. Normally, the BIG-IP system treats UDP packets coming from the same IP address and port as part of a connection and sends those packets to the same node as long as the connection lives. However, in some cases,you might want to enable this setting to ensure packet-by-packet UDP load balancing.
Disabled (unchecked)

Configuring other profile types

Two other types of profiles that you can configure are the OneConnectTM and Stream profiles.

For each Protocol profile type, the LTM system provides a pre-configured profile with default settings. In most cases, you can use these default profiles as is. If you want to change these settings, you can configure protocol profile settings when you create a profile, or after profile creation by modifying the profile's settings.

The following sections list the traffic-management settings contained in the OneConnect and Stream profiles. For information on configuring other types of profiles, see the following:

The OneConnect profile type

The OneConnectTM profile is a configuration tool for enabling connection pooling on an LTM system. A component of the LTM system OneConnect feature, connection pooling optimizes the way that the LTM system handles connections. When connection pooling is enabled on an LTM system, client requests can utilize existing, server-side connections, thus reducing the number of server-side connections that a server must open to service those requests.

The LTM system can pool connections from multiple virtual servers if those virtual servers reference the same OneConnect profile and the same pool. Table 5.6 lists and describes the settings of a OneConnect profile type.

Tip


By implementing a OneConnect profile, you can also enable the OneConnect Transformation feature, available from within an HTTP profile. Using the OneConnect Transformation setting together with a OneConnect profile optimizes connection persistence.
Table 5.7 Settings of a OneConnect profile
Setting
Description
Default Value
Name
This setting specifies a unique name for the profile.
No default value
Parent Profile
This setting specifies the profile that you want to use as the parent profile. Your new profile inherits all non-custom settings and values from the parent profile specified.
oneconnect
Source Mask
The LTM system applies the value of this setting to the source address to determine its eligibility for reuse. A mask of 0 causes the LTM system to share reused connections across all clients. A host mask (that is, all 1 values in binary), causes the LTM system to share only those reused connections originating from the same client IP address.
0.0.0.0
Max Size
The setting defines the maximum number of connections that the LTM system holds in the connection reuse pool. If the pool is already full, then a server-side connection closes after the response is completed.
10000
Max Age
This setting defines the maximum number of seconds allowed for a connection in the connection reuse pool. For any connection with an age higher than this value, the LTM system removes that connection from the resue pool.
86400
Max Reuse
This setting specifies the maximum number of times that a server-side connection can be reused.
1000
Idle Timeout Override
This setting specifies the number of seconds that a connection is idle before the connection flow is eligible for deletion. You can use this setting to increase the timeout value for connections once they are pooled for re-use. Possible values are Disabled, Indefinite, or a numeric value that you specify.
Disabled

 

The Stream profile type

You can use the Stream profile to search and replace strings within a data stream, such as a TCP connection. Table 5.8 lists and describes the settings of a Stream profile type.

Table 5.8 Settings of a Stream profile
Setting
Description
Default Value
Name
This setting specifies a unique name for the profile.
No default value
Parent Profile
This setting specifies the profile that you want to use as the parent profile. Your new profile inherits all non-custom settings and values from the parent profile specified.
stream
Source
Specifies the source string for which to search.
No default value
Target
Specifies the target string to replace.
No default value

 

Managing profiles

Using the Configuration utility, you can not only create and implement profiles, but also:

  • View the settings of an existing profile
  • Delete a profile
  • View or reset profile statistics

Viewing profiles

You can view profile settings and values, using the Configuration utility.

To view profile settings

  1. On the Main tab, expand Local Traffic.
  2. Click Profiles.
    The Profiles screen opens.
  3. Point to the menu for the type of profile you want to view (Services, Persistence, Protocol, SSL, or Authentication) and choose a profile type.
    This displays a list of existing profiles of that type.
  4. In the Name column, click the name of the profile you want to view.
    This displays the settings and values for that profile.

Tip


When listing existing profiles, you can use the Search box that appears directly above the profile list. With the Search box, you can specify a string to filter the list, thereby showing only those objects that match the string. The default setting is an asterisk (*) , which means show all objects.

Deleting profiles

You can delete an existing profile, using the Configuration utility, as long as the profile is not referenced by a virtual server.

To delete a profile

  1. On the Main tab, expand Local Traffic.
  2. Click Profiles.
    The Profiles screen opens.
  3. Point to the menu for the type of profile you want to view (Services, Persistence, Protocol, SSL, or Authentication) and choose a profile type.
    This displays a list of existing profiles of that type.
  4. In the Select column, check one or more boxes next to the names of the profiles you want to delete.
  5. Click the Delete button.
    This displays the Delete Confirmation screen.
  6. Verify that all check boxes in the list are checked, and click the Delete button to permanently delete those profiles.

Using profiles with iRules

In some cases, the best way to manage a particular type of connection is to create an iRule. A good example is when you want to insert a header into an HTTP request and then direct the request based on the information in that header.

An iRule is a user-written script that manages a particular traffic connection when the connection meets certain criteria. For example, you can write an iRule that states that if a header in an HTTP request contains a certain string, the LTM system should send that request to the pool http_pool. An iRule is triggered when an event occurs that is specified within that iRule. iRule events are categorized into specific types, such as TCP, SSL, and HTTP.

When an iRule event occurs, the LTM system cannot actually trigger the iRule unless the virtual server has a profile in its profile list that corresponds to that event type. For example, if an iRule specifies an HTTP event, the virtual server must reference a profile that is based on the HTTP profile type.

The following list shows the possible types of iRule events and their profile requirements.

  • IP events
    No profile requirement
  • UDP events
    Requires a UDP- or FastL4-based profile
  • TCP events
    Requires a TCP- or FastL4-based profile
  • FTP events
    Requires an FTP-based profile
  • HTTP events
    Requires an HTTP- and a TCP-based profile
  • SSL events
    Requires either a Client SSL- or Server SSL-based profile, depending on the iRule context
  • AUTH events
    Requires an authentication profile

For more information on iRule events, see Chapter 13, Writing iRules .




Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)