Applies To:

Show Versions Show Versions

Manual: Configuration Guide for Local Traffic Management, version 9.2.2

Original Publication Date: 04/03/2009
Updated Date: 12/14/2005

Configuration Guide for BIG-IP®
Local Traffic Management
version 9.2.2

Table of Contents

Legal Notices

1. Introducing Local Traffic Management

Introducing the BIG-IP system

Understanding BIG-IP local traffic management

Summary of local traffic-management capabilities

Managing specific types of application traffic

Optimizing performance

Enhancing network security

Overview of local traffic management configuration

Configuring virtual servers

Configuring load balancing pools

Configuring profiles

Using the Configuration utility

About this guide

Additional information

Stylistic conventions

Finding help and technical support resources

2. Configuring Virtual Servers

Introducing virtual servers

Understanding virtual server types

Host virtual servers

Network virtual servers

Creating and modifying virtual servers

Creating a virtual server

Modifying a virtual server

Configuring virtual server and virtual address settings

Configuring virtual server properties, settings, and resources

Configuring virtual address properties and settings

Managing virtual servers and virtual addresses

Viewing a virtual server configuration

Viewing a virtual address configuration

Deleting a virtual server

3. Configuring Nodes

Introducing nodes

Creating and modifying nodes

Configuring node settings

Specifying an address for a node

Specifying a node name

Specifying monitor associations

Specifying the availability requirement

Specifying a ratio weight

Setting a connection limit

Managing nodes

Viewing existing nodes

Enabling and disabling a node

Deleting a node

Removing monitor associations

Displaying node status

4. Configuring Load Balancing Pools

Introducing load balancing pools

What is a load balancing pool?

Features of a load balancing pool

Creating and modifying load balancing pools

Creating and implementing a load balancing pool

Modifying a load balancing pool

Modifying pool membership

Configuring pool settings

Specifying a pool name

Associating health monitors with a pool

Specifying the availability requirements

Allowing SNATs and NATs

Specifying action when a service becomes unavailable

Configuring a slow ramp time

Configuring the Quality of Service (QoS) level

Configuring the Type of Service (ToS) level

Specifying the load balancing method

Specifying priority-based member activation

Specifying pool members

Configuring pool member settings

Specifying an address

Specifying a service port

Specifying a ratio weight for a pool member

Specifying priority-based member activation

Specifying a connection limit

Selecting an explicit monitor association

Managing pools and pool members

Displaying pool or pool member properties

Removing monitor associations

Deleting a pool

Viewing pool and pool member statistics

5. Understanding Profiles

Introducing profiles

Profile types

Default profiles

Custom and parent profiles

Summarizing profiles

Creating and modifying profiles

Using a default profile as is

Modifying a default profile

Creating a custom profile

Modifying a custom profile

Implementing a profile

Configuring protocol-type profiles

The Fast L4 profile type

The Fast HTTP profile type

The TCP profile type

The UDP profile type

Configuring other types of profiles

The OneConnect profile type

The Statistics profile type

The Stream profile type

Managing profiles

Viewing profiles

Deleting profiles

Using profiles with iRules

6. Managing HTTP and FTP Traffic

Introducing HTTP and FTP traffic management

Configuring HTTP profile settings

Specifying a profile name

Specifying a parent profile

Specifying a realm for basic authentication

Specifying a fallback host

Inserting headers into HTTP requests

Erasing content from HTTP headers

Configuring chunking

Enabling or disabling OneConnect transformations

Rewriting an HTTP redirection

Specifying the maximum header size

Enabling support for pipelining

Inserting an XForwarded For header

Configuring the maximum columns for linear white space

Configuring a linear white space separator

Specifying a maximum number of requests

Configuring HTTP compression

Compression in a typical client-server scenario

Compression using the LTM system

Enabling or disabling the compression feature

Using URI compression

Using content compression

Specifying a preferred compression method

Specifying minimum content length for compression

Specifying the compression buffer size

Specifying a compression level

Specifying a memory level for gzip compression

Specifying window size for gzip compression

Enabling or disabling the Vary header

Allowing compression for HTTP/1.0 requests

Keeping the Accept-Encoding header

Implementing browser workarounds

CPU Saver

CPU Saver High Threshold

CPU Saver Low Threshold

Configuring the RAM Cache

Getting started with RAM caching

Understanding RAM Cache settings

Configuring FTP profile properties and settings

Specifying a profile name

Specifying a parent profile

Specifying a Translate Extended value

Specifying a data port

Managing HTTP and FTP profiles

7. Managing SSL Traffic

Introducing SSL traffic management

Managing client-side and server-side traffic

Summarizing SSL traffic-control features

Understanding certificate verification

Understanding certificate revocation

Understanding encryption/decryption

Understanding client authorization

Understanding SSL session persistence

Understanding other SSL features

Managing keys and certificates

Displaying information about existing keys and certificates

Creating a request for a new certificate and key

Renewing a certificate

Deleting a certificate/key pair

Importing keys, certificates, and archives

Creating an archive

Understanding SSL profiles

Configuring general properties of an SSL profile

Specifying a profile name

Selecting a parent profile

Configuring configuration settings

Specifying a certificate name

Specifying a key name

Configuring a certificate chain

Specifying trusted client CAs

Specifying SSL ciphers

Configuring workarounds

Enabling ModSSL method emulation

Configuring the SSL session cache

Specifying an alert timeout

Forcing renegotiation of SSL sessions

Configuring SSL shutdowns

Configuring client or server authentication settings

Configuring certificate presentation

Configuring per-session authentication

Advertising a list of trusted client CAs

Configuring authentication depth

Configuring name-based authentication

Certificate revocation

Managing SSL profiles

8. Authenticating Application Traffic

Introducing remote authentication

LTM authentication modules

Implementing authentication modules

Implementing an LDAP authentication module

Creating an LDAP configuration object

Creating an LDAP profile

Implementing a RADIUS authentication module

Creating a RADIUS server object

Creating a RADIUS configuration object

Creating a RADIUS profile

Implementing a TACACS+ authentication module

Creating a TACACS+ configuration object

Creating a TACACS+ profile

Implementing an SSL client certificate LDAP authentication module

Understanding SSL client certificate authorization

Creating an SSL client certificate LDAP configuration object

Creating an SSL client certificate LDAP authorization profile

Implementing an SSL OCSP authentication module

Understanding OCSP

Creating an OCSP responder object

Creating an SSL OCSP configuration object

Creating an SSL OCSP profile

9. Enabling Session Persistence

Introducing session persistence

Configuring a persistence profile

Enabling session persistence through iRules

Persistence types and their profiles

Types of persistence

Understanding criteria for session persistence

Cookie persistence

Destination address affinity persistence

Hash persistence

Microsoft Remote Desktop Protocol persistence

SIP persistence

Source address affinity persistence

SSL persistence

Universal persistence

10. Configuring Monitors

Introducing monitors

Summary of monitor types

Summary of monitor settings

Understanding pre-configured and custom monitors

Creating a custom monitor

Configuring monitor settings

Simple monitors

Extended Content Verification (ECV) monitors

External Application Verification (EAV) monitors

Special configuration considerations

Setting destinations

Using transparent and reverse modes

Associating monitors with pools and nodes

Types of monitor associations

Managing monitors

11. Configuring SNATs and NATs

Introducing secure network address translation

How does a SNAT work?

Mapping original IP addresses to translation addresses

Creating a SNAT pool

Implementing a SNAT

Creating a standard SNAT

Creating an intelligent SNAT

Assigning a SNAT pool directly to a virtual server

Implementing a NAT

Additional restrictions

Managing SNATs and NATs

Viewing or modifying SNATs, NATs, and SNAT pools

Defining and viewing translation addresses

Deleting SNATs, NATs, SNAT pools, and translation addresses

Enabling or disabling SNATs or NATs for a load balancing pool

Enabling or disabling SNAT translation addresses

SNAT examples

Example 1 - Establishing a standard SNAT that uses a SNAT pool

Example 2 - Establishing an intelligent SNAT

12. Configuring Rate Shaping

Introducing rate shaping

Creating and implementing rate classes

Configuring rate class settings

Specifying a name

Specifying a base rate

Specifying a ceiling rate

Specifying a burst size

Specifying direction

Specifying a parent class

Specifying a queue discipline

Managing rate classes

13. Writing iRules

Introducing iRules

What is an iRule?

Basic iRule elements

Specifying traffic destinations and address translations

Creating iRules

Controlling iRule evaluation

Configuration prerequisites

Specifying events

Using statement commands

Querying header or content data

Querying for node status

Querying Link Layer headers

Querying IP packet headers

Querying UDP headers and content

Querying TCP headers and content

Querying HTTP headers and content

Querying SSL headers of HTTP requests

Querying authentication data

Querying for statistics data

Manipulating header or content data

Manipulating Link Layer data

Manipulating IP headers

Manipulating TCP headers and content

Manipulating HTTP headers, content, and cookies

Manipulating SSL headers and content

Setting statistical data

Using utility commands

Parsing and manipulating content

Encoding data

Ensuring data integrity

Retrieving pool information

Working with profiles

Reading profile settings

Overriding profile settings

Enabling session persistence with iRules

Creating, managing, and using data groups

Using the matchclass command

Creating data groups

Storage options

Displaying data group properties

Managing data group members

A. Additional Monitor Considerations

Implementing monitors for Dynamic Ratio load balancing

Implementing a Real Server monitor

Implementing a WMI monitor

Implementing an SNMP DCA or SNMP DCA Base monitor

Implementing an MSSQL monitor

B. Disabled Tcl Commands

Disabled Tcl commands