Applies To:

Show Versions Show Versions

Manual: Configuration Guide for Local Traffic Management, version 9.2

Original Publication Date: 08/26/2005

Table of Contents

Legal Notices

Introducing Local Traffic Management

Introducing the BIG-IP system


Understanding BIG-IP local traffic management


Summary of local traffic-management capabilities

Managing specific types of application traffic

Optimizing performance

Enhancing network security

Overview of local traffic management configuration


Configuring virtual servers

Configuring load balancing pools

Configuring profiles

Using the Configuration utility

About this guide


Additional information

Stylistic conventions

Finding help and technical support resources


Configuring Virtual Servers

Introducing virtual servers


Understanding virtual server types


Host virtual servers

Network virtual servers

Creating and modifying virtual servers


Creating a virtual server

Modifying a virtual server

Configuring virtual server and virtual address settings


Configuring virtual server properties, settings, and resources

Configuring virtual address properties and settings

Managing virtual servers and virtual addresses


Viewing a virtual server configuration

Viewing a virtual address configuration

Deleting a virtual server

Configuring Nodes

Introducing nodes


Creating and modifying nodes


Configuring node settings


Specifying an address for a node

Specifying a node name

Specifying monitor associations

Specifying the availability requirement

Specifying a ratio weight

Setting a connection limit

Managing nodes


Viewing existing nodes

Enabling and disabling a node

Deleting a node

Removing monitor associations

Displaying node status

Configuring Load Balancing Pools

Introducing load balancing pools


What is a load balancing pool?

Features of a load balancing pool

Creating and modifying load balancing pools


Creating and implementing a load balancing pool

Modifying a load balancing pool

Modifying pool membership

Configuring pool settings


Specifying a pool name

Associating health monitors with a pool

Specifying the availability requirements

Allowing SNATs and NATs

Specifying action when a service becomes unavailable

Configuring a slow ramp time

Configuring the Quality of Service (QoS) level

Configuring the Type of Service (ToS) level

Specifying the load balancing method

Specifying priority-based member activation

Specifying pool members

Configuring pool member settings


Specifying an address

Specifying a service port

Specifying a ratio weight for a pool member

Specifying priority-based member activation

Specifying a connection limit

Selecting an explicit monitor association

Managing pools and pool members


Displaying pool or pool member properties

Removing monitor associations

Deleting a pool

Viewing pool and pool member statistics

Understanding Profiles

Introducing profiles


Profile types

Default profiles

Custom and parent profiles

Summarizing profiles

Creating and modifying profiles


Using a default profile as is

Modifying a default profile

Creating a custom profile

Modifying a custom profile

Implementing a profile


Configuring protocol-type profiles


The Fast L4 profile type

The Fast HTTP profile type

The TCP profile type

The UDP profile type

Configuring other types of profiles


The OneConnect profile type

The Statistics profile type

The Stream profile type

Managing profiles


Viewing profiles

Deleting profiles

Using profiles with iRules


Managing HTTP and FTP Traffic

Introducing HTTP and FTP traffic management


Configuring HTTP profile settings


Specifying a profile name

Specifying a parent profile

Specifying a realm for basic authentication

Specifying a fallback host

Inserting headers into HTTP requests

Erasing content from HTTP headers

Configuring chunking

Enabling or disabling OneConnect transformations

Rewriting an HTTP redirection

Specifying the maximum header size

Enabling support for pipelining

Inserting an XForwarded For header

Configuring the maximum columns for linear white space

Configuring a linear white space separator

Specifying a maximum number of requests

Configuring HTTP compression


Compression in a typical client-server scenario

Compression using the LTM system

Enabling or disabling the compression feature

Using URI compression

Using content compression

Specifying a preferred compression method

Specifying minimum content length for compression

Specifying the compression buffer size

Specifying a compression level

Specifying a memory level for gzip compression

Specifying window size for gzip compression

Enabling or disabling the Vary header

Allowing compression for HTTP/1.0 requests

Keeping the Accept-Encoding header

Implementing browser workarounds

CPU Saver

CPU Saver High Threshold

CPU Saver Low Threshold

Configuring the RAM Cache


Getting started with RAM caching

Understanding RAM Cache settings

Configuring FTP profile properties and settings


Specifying a profile name

Specifying a parent profile

Specifying a Translate Extended value

Specifying a data port

Managing HTTP and FTP profiles


Managing SSL Traffic

Introducing SSL traffic management


Managing client-side and server-side traffic

Summarizing SSL traffic-control features

Understanding certificate verification

Understanding certificate revocation

Understanding encryption/decryption

Understanding client authorization

Understanding SSL session persistence

Understanding other SSL features

Managing keys and certificates


Displaying information about existing keys and certificates

Creating a request for a new certificate and key

Renewing a certificate

Deleting a certificate/key pair

Importing keys, certificates, and archives

Creating an archive

Understanding SSL profiles


Configuring general properties of an SSL profile


Specifying a profile name

Selecting a parent profile

Configuring configuration settings


Specifying a certificate name

Specifying a key name

Configuring a certificate chain

Specifying trusted client CAs

Specifying SSL ciphers

Configuring workarounds

Enabling ModSSL method emulation

Configuring the SSL session cache

Specifying an alert timeout

Forcing renegotiation of SSL sessions

Configuring SSL shutdowns

Configuring client or server authentication settings


Configuring certificate presentation

Configuring per-session authentication

Advertising a list of trusted client CAs

Configuring authentication depth

Configuring name-based authentication

Certificate revocation

Managing SSL profiles


Authenticating Application Traffic

Introducing remote authentication


LTM authentication modules

Implementing authentication modules

Implementing an LDAP authentication module


Creating an LDAP configuration object

Creating an LDAP profile

Implementing a RADIUS authentication module


Creating a RADIUS server object

Creating a RADIUS configuration object

Creating a RADIUS profile

Implementing a TACACS+ authentication module


Creating a TACACS+ configuration object

Creating a TACACS+ profile

Implementing an SSL client certificate LDAP authentication module


Understanding SSL client certificate authorization

Creating an SSL client certificate LDAP configuration object

Creating an SSL client certificate LDAP authorization profile

Implementing an SSL OCSP authentication module


Understanding OCSP

Creating an OCSP responder object

Creating an SSL OCSP configuration object

Creating an SSL OCSP profile

Enabling Session Persistence

Introducing session persistence


Configuring a persistence profile

Enabling session persistence through iRules

Persistence types and their profiles


Types of persistence

Understanding criteria for session persistence

Cookie persistence

Destination address affinity persistence

Hash persistence

Microsoft Remote Desktop Protocol persistence

SIP persistence

Source address affinity persistence

SSL persistence

Universal persistence

Configuring Monitors

Introducing monitors


Summary of monitor types

Summary of monitor settings

Understanding pre-configured and custom monitors

Creating a custom monitor


Configuring monitor settings


Simple monitors

Extended Content Verification (ECV) monitors

External Application Verification (EAV) monitors

Special configuration considerations


Setting destinations

Using transparent and reverse modes

Associating monitors with pools and nodes


Types of monitor associations

Managing monitors


Configuring SNATs and NATs

Introducing secure network address translation


How does a SNAT work?

Mapping original IP addresses to translation addresses

Creating a SNAT pool


Implementing a SNAT


Creating a standard SNAT

Creating an intelligent SNAT

Assigning a SNAT pool directly to a virtual server

Implementing a NAT


Additional restrictions

Managing SNATs and NATs


Viewing or modifying SNATs, NATs, and SNAT pools

Defining and viewing translation addresses

Deleting SNATs, NATs, SNAT pools, and translation addresses

Enabling or disabling SNATs or NATs for a load balancing pool

Enabling or disabling SNAT translation addresses

SNAT examples


Example 1 - Establishing a standard SNAT that uses a SNAT pool

Example 2 - Establishing an intelligent SNAT

Configuring Rate Shaping

Introducing rate shaping


Creating and implementing rate classes


Configuring rate class settings


Specifying a name

Specifying a base rate

Specifying a ceiling rate

Specifying a burst size

Specifying direction

Specifying a parent class

Specifying a queue discipline

Managing rate classes


Writing iRules

Introducing iRules


What is an iRule?

Basic iRule elements

Specifying traffic destinations and address translations

Creating iRules


Controlling iRule evaluation


Configuration prerequisites

Specifying events

Using statement commands


Querying header or content data


Querying for node status

Querying Link Layer headers

Querying IP packet headers

Querying UDP headers and content

Querying TCP headers and content

Querying HTTP headers and content

Querying SSL headers of HTTP requests

Querying authentication data

Querying for statistics data

Manipulating header or content data


Manipulating Link Layer data

Manipulating IP headers

Manipulating TCP headers and content

Manipulating HTTP headers, content, and cookies

Manipulating SSL headers and content

Setting statistical data

Using utility commands


Parsing and manipulating content

Encoding data

Ensuring data integrity

Retrieving pool information

Working with profiles


Reading profile settings

Overriding profile settings

Enabling session persistence with iRules


Creating, managing, and using data groups


Using the matchclass command

Creating data groups

Storage options

Displaying data group properties

Managing data group members

Additional Monitor Considerations

Implementing monitors for Dynamic Ratio load balancing


Implementing a Real Server monitor

Implementing a WMI monitor

Implementing an SNMP DCA or SNMP DCA Base monitor

Implementing an MSSQL monitor


Disabled Tcl Commands

Disabled Tcl commands