Applies To:

Show Versions Show Versions

Manual: Configuration Guide for BIG-IP® Local Traffic Management, version 9.3
Manual

Original Publication Date: 04/18/2007


Configuration Guide for
BIG-IP Local Traffic Management
version 9.3

Table of Contents


Legal Notices

1. Introducing Local Traffic Management

Introducing the BIG-IP system

Understanding BIG-IP local traffic management

Summary of local traffic-management capabilities

Managing specific types of application traffic

Optimizing performance

Enhancing network security

Overview of local traffic management configuration

Configuring virtual servers

Configuring load balancing pools

Configuring profiles

Using the Configuration utility

About this guide

Additional information

Stylistic conventions

Finding help and technical support resources

2. Configuring Virtual Servers

Introducing virtual servers and virtual addresses

What is a virtual server?

What is a virtual address?

Understanding virtual server types

Host virtual servers

Network virtual servers

Creating a virtual server

Understanding virtual server and virtual address settings

Configuring virtual server settings

Configuring virtual address settings

Managing virtual servers and virtual addresses

Viewing or modifying a virtual server configuration

Viewing or modifying a virtual address configuration

Understanding virtual server and virtual address status

Enabling or disabling a virtual server or virtual address

Deleting a virtual server or virtual address

3. Configuring Nodes

Introducing nodes

Creating and modifying nodes

Configuring node settings

Specifying an address for a node

Specifying a node name

Assigning health monitors

Specifying the availability requirement

Specifying a ratio weight

Setting a connection limit

Managing nodes

Viewing a list of nodes

Viewing node properties

Understanding node status

Enabling or disabling a node

Deleting a node

Removing monitor associations

4. Configuring Load Balancing Pools

Introducing load balancing pools

What is a load balancing pool?

Features of a load balancing pool

Creating and modifying load balancing pools

Creating and implementing a load balancing pool

Modifying a load balancing pool

Modifying pool membership

Configuring pool settings

Specifying a pool name

Associating health monitors with a pool

Specifying the availability requirements

Allowing SNATs and NATs

Specifying action when a service becomes unavailable

Configuring a slow ramp time

Configuring the Type of Service (ToS) level

Configuring the Quality of Service (QoS) level

Specifying the load balancing method

Specifying priority-based member activation

Specifying pool members

Configuring pool member settings

Specifying a ratio weight for a pool member

Specifying priority-based member activation

Specifying a connection limit

Selecting an explicit monitor association

Creating an explicit monitor association for a pool member

Specifying an availability requirement

Managing pools and pool members

Managing pools

Managing pool members

Removing monitor associations

Viewing pool and pool member statistics

5. Understanding Profiles

Introducing profiles

Profile types

Default profiles

Custom and parent profiles

Summarizing profiles

Creating and modifying profiles

Using a default profile as is

Modifying a default profile

Creating a custom profile

Modifying a custom profile

Viewing and deleting profiles

Viewing a list of profiles

Deleting a profile

Implementing a profile

For more information

6. Managing HTTP and FTP Traffic

Introducing HTTP and FTP traffic management

Configuring HTTP standard profile settings

Understanding HTTP profile settings

Configuring HTTP compression

Compression in a typical client-server scenario

Compression using the BIG-IP system

Using an HTTP profile for data compression

Configuring the RAM Cache feature

Getting started with RAM caching

Understanding RAM Cache settings

Using an HTTP profile for RAM caching

Configuring FTP profile settings

Specifying a profile name

Specifying a parent profile

Specifying a Translate Extended value

Specifying a data port

7. Enabling Session Persistence

Introducing session persistence

Configuring a persistence profile

Enabling session persistence through iRules

Persistence types and their profiles

Types of persistence

Understanding criteria for session persistence

Cookie persistence

Destination address affinity persistence

Hash persistence

Microsoft Remote Desktop Protocol persistence

SIP persistence

Source address affinity persistence

SSL persistence

Universal persistence

8. Managing Protocol Profiles

Introducing protocol profiles

Configuring a Fast L4 profile

Understanding Fast L4 profile settings

Configuring PVA hardware acceleration

Configuring a Fast HTTP profile

Understanding Fast HTTP profile settings

Configuring TCP profiles

Understanding TCP profile settings

Configuring a UDP profile

9. Managing SSL Traffic

Introducing SSL traffic management

Managing client-side and server-side traffic

Summarizing SSL traffic-control features

Understanding certificate verification

Understanding certificate revocation

Understanding encryption/decryption

Understanding client authorization

Understanding SSL session persistence

Understanding other SSL features

Managing keys and certificates

Displaying information about existing keys and certificates

Creating a request for a new certificate and key

Renewing a certificate

Deleting a certificate/key pair

Importing keys, certificates, and archives

Creating an archive

Understanding SSL profiles

Configuring SSL profile settings

Specifying a profile name

Selecting a parent profile

Specifying a certificate name

Specifying a key name

Configuring a certificate chain

Specifying trusted client CAs

Specifying SSL ciphers

Configuring workarounds

Enabling ModSSL method emulation

Configuring the SSL session cache

Specifying an alert timeout value

Specifying a handshake timeout value

Forcing renegotiation of SSL sessions

Configuring SSL shutdowns

Accepting non-SSL connections

Configuring client and server authentication settings

Configuring certificate presentation

Configuring per-session authentication

Advertising a list of trusted client CAs

Configuring authentication depth

Configuring name-based authentication

Certificate revocation

10. Authenticating Application Traffic

Introducing remote authentication

BIG-IP system authentication modules

Implementing authentication modules

Implementing an LDAP authentication module

Creating an LDAP configuration object

Creating an LDAP profile

Implementing a RADIUS authentication module

Creating a RADIUS server object

Creating a RADIUS configuration object

Creating a RADIUS profile

Implementing a TACACS+ authentication module

Creating a TACACS+ configuration object

Creating a TACACS+ profile

Implementing an SSL client certificate LDAP authentication module

Understanding SSL client certificate authorization

Creating an SSL client certificate LDAP configuration object

Creating an SSL client certificate LDAP authorization profile

Implementing an SSL OCSP authentication module

Understanding OCSP

Creating an OCSP responder object

Creating an SSL OCSP configuration object

Creating an SSL OCSP profile

11. Using Additional Profiles

Introducing other types of profiles

Configuring a OneConnect profile

Configuring a Statistics profile

Configuring a Stream profile

12. Configuring Monitors

Introducing monitors

Summary of monitor types

Understanding pre-configured and custom monitors

Creating a custom monitor

Special configuration considerations

Setting destinations

Using transparent and reverse modes

Associating monitors with pools and nodes

Types of monitor associations

Configuring monitor settings

Simple monitors

Extended Content Verification (ECV) monitors

External Application Verification (EAV) monitors

Managing monitors

13. Configuring SNATs and NATs

Introducing secure network address translation

How does a SNAT work?

Mapping original IP addresses to translation addresses

Creating a SNAT pool

Implementing a SNAT

Creating a standard SNAT

Creating an intelligent SNAT

Assigning a SNAT pool directly to a virtual server

Implementing a NAT

Additional restrictions

Managing SNATs and NATs

Viewing or modifying SNATs, NATs, and SNAT pools

Defining and viewing translation addresses

Deleting SNATs, NATs, SNAT pools, and translation addresses

Enabling or disabling SNATs or NATs for a load balancing pool

Enabling or disabling SNAT translation addresses

SNAT examples

Example 1 - Establishing a standard SNAT that uses a SNAT pool

Example 2 - Establishing an intelligent SNAT

14. Configuring Rate Shaping

Introducing rate shaping

Creating and implementing rate classes

Configuring rate class settings

Specifying a name

Specifying a base rate

Specifying a ceiling rate

Specifying a burst size

Specifying direction

Specifying a parent class

Specifying a queue discipline

Managing rate classes

15. Writing iRules

Introducing iRules

What is an iRule?

Basic iRule elements

Specifying traffic destinations and address translations

Creating iRules

Controlling iRule evaluation

Configuration prerequisites

Specifying events

Using iRule commands

Statement commands

Query and manipulation commands

Utility commands

Working with profiles

Reading profile settings

Overriding profile settings

Enabling session persistence with iRules

Creating, managing, and using data groups

Using the matchclass command

Creating data groups

Storage options

Displaying data group properties

Managing data group members

A. Additional Monitor Considerations

Implementing monitors for Dynamic Ratio load balancing

Implementing a Real Server monitor

Implementing a WMI monitor

Implementing an SNMP DCA or SNMP DCA Base monitor

Implementing an MSSQL monitor

Glossary