Applies To:

Show Versions Show Versions

Manual Chapter: BIG-IP® Network and System Management Guide: 1 - Introducing BIG-IP Network and System Management
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>


1

Introducing BIG-IP Network and System Management


Introducing the BIG-IP system

The BIG-IP® system is a port-based, multilayer switch that supports virtual local area network (VLAN) technology. Because hosts within a VLAN can communicate at the data-link layer (Layer 2), a BIG-IP system reduces the need for routers and IP routing on the network. This in turn reduces equipment costs and boosts overall network performance. At the same time, the BIG-IP system's multilayer capabilities enable the system to process traffic at other OSI layers. The BIG-IP system can perform IP routing at Layer 3, as well as manage TCP, UDP, and other application traffic at Layers 4 through 7. The following modules provide comprehensive traffic management and security for many traffic types. The modules are fully integrated to provide efficient solutions to meet any network, traffic management, and security needs.

  • BIG-IP® Local Traffic Manager
    The BIG-IP® system includes local traffic management features that help make the most of network resources. Using the powerful Configuration utility, you can customize the way that the BIG-IP system processes specific types of protocol and application traffic. By using features such as virtual servers, pools, and profiles, you ensure that traffic passing through the BIG-IP system is processed quickly and efficiently, while meeting all of your security needs. For more information, see the Configuration Guide for BIG-IP® Local Traffic Management.
  • BIG-IP® Global Traffic Manager
    The BIG-IP® Global Traffic Manager provides intelligent traffic management to your globally available network resources. Through the Global Traffic Manager, you can select from an array of load balancing modes, ensuring that your clients access the most responsive and robust resources at any given time. In addition, the Global Traffic Manager provides extensive monitoring capabilities so the health of any given resource is always available. For more information, see the Configuration Guide for BIG-IP® Global Traffic Management.
  • BIG-IP® Link Controller
    BIG-IP® Link Controller seamlessly monitors availability and performance of multiple WAN connections to intelligently manage bi-directional traffic flows to a site, providing fault tolerant, optimized Internet access regardless of connection type or provider. The Link Controller ensures that traffic is always sent over the best available link to maximize user performance and minimize bandwidth cost to a data center. For more information, see the Configuration Guide for BIG-IP® Link Controller.
  • BIG-IP®Application Security Manager
    The BIG-IP Application Security Manager provides web application protection from application-layer attacks. The BIG-IP Application Security Manager protects Web applications from both generalized and targeted application-layer attacks including buffer overflow, SQL injection, cross-site scripting, and parameter tampering. For more information, see the Configuration Guide for BIG-IP® Application Security Management.

Overview of BIG-IP network management features

In a typical configuration, the BIG-IP system functions as a device on the network, directing different types of protocol and application traffic to an appropriate destination server. The system accomplishes this by either forwarding the traffic directly to a load balancing server pool, or by sending it to a next-hop router or a pool of routers. The most basic configuration of the BIG-IP system includes two virtual local area networks (VLANs) with one or more BIG-IP system interfaces (ports) assigned to each VLAN. Using the BIG-IP system's browser-based Configuration utility, you can assign multiple interfaces to each VLAN, or you can configure the BIG-IP system to send traffic for multiple VLANs through the same interface.

The BIG-IP system consists of several fundamental network components that you can configure in the way that best utilizes BIG-IP system capabilities.

Interfaces, spanning tree protocols, and trunks

A BIG-IP system has several interfaces for switching or routing traffic from various hosts or other devices on the network. Interfaces are the hardware ports that the BIG-IP system uses to send and receive traffic. When you create a virtual local area network (VLAN) on the BIG-IP system, you can assign multiple interfaces to that VLAN. You can also assign the same interface to multiple VLANs. For more information, see Chapter 8, Working with Interfaces .

When you connect multiple switches to the BIG-IP system in parallel, you can configure your hosts to make use of spanning tree protocols. Spanning tree protocols provide path redundancy while preventing unwanted loops in the network. You can view spanning tree instances, configure global spanning tree options, and configure spanning tree settings for each interface. For optimal performance, you can use spanning tree protocols in conjunction with the trunks feature. For more information, see Chapter 13, Configuring Spanning Tree Protocols .

Trunks are a feature you can use to aggregate your links. When you create trunks, you group interfaces together to function as one larger interface and to provide redundancy if one interface in the trunk becomes unavailable. When that occurs, traffic can be processed on another interface in the trunk. For more information, see Chapter 11, Working with Trunks .

VLANs and self IP addresses

A virtual local area network, or VLAN, is a logical collection of hosts on the network. Each VLAN has one or more BIG-IP system interfaces associated with it. VLANs have these primary advantages:

  • VLANs define boundaries for a broadcast domains.
    Traditionally, network administrators have deployed routers within the same IP network, to define smaller broadcast boundaries. A better solution is to use VLANs. When a host in a VLAN sends a broadcast message to find the MAC address of a destination host, the message is sent to only those hosts in the VLAN. Using VLANs to control the boundaries of broadcast domains prevents messages from flooding the network, thus enhancing network performance.
  • VLANs ease system and network maintenance.
    Normally, the way to enable hosts to share network resources, such as storage devices and printers, has been to group hosts into the same physical location. Continually moving and re-cabling hosts to other locations on the network, as well as manually updating routing tables, can be a costly and time-consuming task for a system or network administrator. Using VLANs, you can avoid these problems. All hosts that you group within a VLAN can share network resources, regardless of their physical location on the network.

To enhance performance and flexibility, the BIG-IP system comes with two existing virtual local area networks (VLANs), one for your external network, and one for your internal network. Each of these VLANs has a BIG-IP system interface already assigned to it. You can use these two VLANs as is, you can assign additional interfaces to these VLANs, or you can create more VLANs. A key feature of the BIG-IP system is that a single interface can forward traffic for multiple VLANs. For more information, see Chapter 6, Configuring VLANs and VLAN Groups .

Each VLAN you create has its own self IP address. The BIG-IP system uses this address as the source IP address when sending requests to hosts in a VLAN, and hosts in a VLAN use this IP address as the destination IP address when sending responses to the BIG-IP system.

When you first ran the Setup utility, you assigned a self IP address to the internal VLAN, and another self IP address to the external VLAN. As you create other VLANs, you assign self IP addresses to them, too. Also, units of a redundant system can share a self IP address, to ensure that the BIG-IP system can process server responses successfully when failover has occurred. For more information, see Chapter 7, Configuring Self IP Addresses .

IP routing and ARP

Another feature that should be familiar to network administrators for managing the BIG-IP system's Layer 3 functions is the routing table. Using the routes feature, you can explicitly add routes that you want the BIG-IP system to use when functioning as a Layer 3 device to forward packets around the network, or you can view the dynamic routes that the BIG-IP system automatically adds to its routing table.

The Address Resolution Protocol, or ARP, feature gives you the ability to view or add entries to the ARP cache, which the BIG-IP system uses to match IP addresses to Media Access Control (MAC) addresses when using Layer 3 to send packets to destination hosts. When you want to eliminate the need to use IP routing to send ARP requests from one VLAN to another, you can enable the proxy ARP feature. A host configured with the proxy ARP feature can send ARP requests to another VLAN using Layer 2 forwarding instead of IP routing. For more information, see Chapter 10, Configuring Address Resolution Protocol .

Packet filtering

A powerful security feature that the BIG-IP system offers is packet filtering. Using packet filtering, you can control and restrict the types of traffic passing through the BIG-IP system. Besides defining the action that the BIG-IP system should take when receiving a packet (accept, discard, or reject), you can exempt certain types of traffic from packet filtering, based on protocol, IP address, MAC address, or VLAN. For more information, see Chapter 12, Configuring Packet Filters .

Overview of BIG-IP system management features

This guide addresses some of the system management options that are common to all BIG-IP systems. These options include creating and maintaining administrative user accounts, configuring System Network Management Protocol (SNMP), and configuring and maintaining redundant systems.

You partially configure some of these options by running the Setup utility on the BIG-IP system. Once you have run the Setup utility, you can use the Configuration utility to complete the configuration of these options and to manage the BIG-IP system on an ongoing basis.

Lights-out management

With the lights out management feature, you can remotely manage certain aspects of the operation of the hardware unit and the BIG-IP traffic management operating system in the event that the traffic management software becomes incapacitated. For more information, see Chapter 2, Lights-Out Management .

Partitions and user roles

You can create administrative partitions for local traffic-management objects (such as virtual servers and pools) and then give BIG-IP system administrators access to individual partitions. This imposes a finer granularity of access control on BIG-IP system users.

User accounts can reside either locally on the BIG-IP system, or remotely on a separate authentication server such as a Lightweight Directory Access Protocol (LDAP), Active DirectoryTM, or Remote Authentication Dial-in User Service (RADIUS) server. You can also manage the three special user accounts root, admin, and support.

For each new user account that you create, you can assign a user role that defines the type and level of access granted to that user. The available user roles are: Administrator, Manager, Application Editor, Application Security Policy Editor, Operator, Guest, and No Access.

For more information, see Chapter 4, Configuring Administrative Partitions , and Chapter 5, Managing User Accounts .

System Network Management Protocol (SNMP)

System Network Management Protocol (SNMP) is an industry-standard protocol that allows you to manage the BIG-IP system remotely, along with other devices on the network. The BIG-IP system provides the SNMP agent and the MIB files that you need to manage the system remotely using SNMP. For more information, see Chapter 15, Configuring SNMP .

Redundant systems

To ensure high-availability of the BIG-IP system, you can set up a redundant-system configuration. Then, if one BIG-IP system becomes unavailable, another BIG-IP system can immediately take over to process the traffic.

When you first run the Setup utility on a BIG-IP system, you specify whether the system is a unit of a redundant pair. When you configure two BIG-IP systems to function as units of a redundant system, a process known as failover occurs when one of those units becomes unavailable for any reason. Failover ensures that the BIG-IP system can still process traffic when a unit is unavailable.

Every redundant system has a mode that you specify, either active/standby or active-active. If you choose active/standby mode and failover occurs later, then by default the standby unit becomes active, and remains active, until failover occurs again. If you choose active-active mode, the surviving unit begins processing connections targeted for the failed unit, while continuing to process its own connections. In this way, users experience no interruption in service in the event of system unavailability. For more information, see Chapter 14, Setting up a Redundant System .

Logging

Using the Syslog-ng utility, the BIG-IP system logs many different types of events, related to the operating system, packet filtering, local traffic management, and auditing. You can use the Configuration utility to display each type of event. For specific types of local traffic events, because each individual event is associated with a severity, you can set a minimum log level on an event type. Setting a minimum log level on an event type affects which messages the system displays, based on event severity. For example, you can set a minimum log level of Warning on ARP-related events, which then causes the system to display only those ARP-related events that have a severity of Warning or higher (that is, more severe). For more information, see Chapter 17, Logging BIG-IP System Events .

BIG-IP system services

The BIG-IP system includes several different services. Some of these services, such as MCPD and TMM, must be running in order to process application traffic, while others are optional, such as postfix or radvd.

A core set of services have heartbeats and are associated with failover in a redundant system. When you configure a redundant system, you can specify the action that you want the BIG-IP system to take if it fails to detect a heartbeat. For example, you can configure the BIG-IP system to reboot if it fails to detect a heartbeat for the MCPD service. Finally, there are times when you might need to stop a service in order to perform a specify system-management task. For example, we recommend that you stop the TMM service when installing a new version of the BIG-IP system. For more information, see Chapter 18, Configuring BIG-IP System Services .

Archives

Every BIG-IP system includes a set of essential configuration data that you create when you initially configure your system. To protect this data in the event of a system problem, you can create an archive, also known as a.ucs file. An archive is a backup copy of your configuration data that you create and store on the BIG-IP system. If your original configuration data becomes corrupted for some reason, you can use the archive to restore the data. As an added layer of protection, you can download your archives to a remote system, in case the BIG-IP system itself becomes unavailable. When the system is up and running again, you can upload the data back onto the system. For more information, see Chapter 16, Saving and Restoring Configuration Data .

Choosing a configuration tool

The BIG-IP system offers a browser-based utility for managing the BIG-IP system, and, as an alternative, various command line utilities. Note that all procedures in this guide describe how to manage the system using the browser-based Configuration utility.

The Configuration utility

The Configuration utility is a browser-based application that you use to configure and monitor the BIG-IP system. Once you complete the instructions for the Setup utility, you can use the Configuration utility to perform additional configuration steps necessary for your chosen load balancing solution. In the Configuration utility, you can also monitor current system performance, and download administrative tools such as the SNMP MIBs or the SSH client. For a list of browser versions that the Configuration utility supports, see the release notes for this product on the AskF5SM web site, http://tech.f5.com.

One of the tasks you can perform with the Configuration utility is setting user preferences. Setting user preferences customizes the way that the Configuration utility displays information for you. For example, when you display a list of objects such as the virtual servers that you have created, the utility normally displays ten objects, or records, per screen. However, you can change this value so that the utility displays more, or fewer, than ten records per screen.

Table 1.1 lists and describes the preferences that you can configure to customize the display of the Configuration utility. Following this table is the procedure for configuring these preferences.

Table 1.1 Configuration utility preferences
Setting
Description
Default Value
Records per Screen
Specifies, for all list screens, the number of records that the system displays by default. The default setting is 10.
10
Start Screen
Specifies the screen that displays when you open a new browser session for this system. Possible values are: Welcome, Traffic Summary, Performance, Statistics, and Virtual Servers.
Welcome
Advanced by Default
Specifies, when checked, that the system expands the configuration options from Basic to Advanced. The Basic setting displays the most common and more frequently-edited settings for a feature, while the Advanced setting displays all of the settings for a feature.
Note: This is a display feature only; when you select Basic, any options that remain hidden still apply to the configuration, with their default values.
Advanced
Display Host Names When Possible
Specifies, when checked, that the system displays host names, rather than IP addresses, if the IP address has host name associated with it.
Disabled (unchecked)
Statistics Format
Specifies the format for the statistical data. Select Normalized if you want the system to display rounded values. Select Unformatted if you want the system to display the actual values to all places. Note that you can override the default format on the individual statistics screens.
Normalized
Default Statistics Refresh
Specifies the default rate at which the system refreshes statistical data. Possible values are: 10 seconds, 20 seconds, 30 seconds, 60 seconds, 3 minutes, and 5 minutes.
Note that you can override the default refresh rate on the individual statistics screens.
Disabled
Archive Encryption
Specifies whether the BIG-IP encrypts all archives (.ucs files) that you create. Possible values are:
On Request -- Causes the encryption of archives to be optional.
On -- Causes the BIG-IP system to automatically encrypt all archives that you create. When you select this value, you must create a passphrase when you create an archive.
Off -- Prevents you from encrypting any archive that you create. When you select this value, the Encryption setting on the New Archive screen becomes unavailable.
On Request

 

To configure user preferences

  1. On the Main tab of the navigation pane, expand System, and click Preferences.
    The Preferences screen opens.
  2. Configure each preference or retain the default value.
  3. Click Update.

Command-line utilities

In addition to using the Configuration utility, you can also manage the BIG-IP system using command line utilities such as the bigpipe utility. To monitor the BIG-IP system, you can use certain bigpipe commands, or you can use the bigtop™ utility, which provides real-time system monitoring. You can use the command line utilities directly on the BIG-IP system console, or you can run commands using a remote shell, such as the SSH client or a Telnet client. For more information on command line utilities, see the BIG-IP® Command Line Interface Guide or the online man pages.

About this guide

Before you use this guide, we recommend that you run the Setup utility on the BIG-IP system to configure basic network and network elements such as static and floating self IP addresses, interfaces, and VLANs, to name a few.

After running the Setup utility, you can further customize your system by using the Configuration utility to create local traffic management objects such as virtual servers, load balancing pools, and profiles.

Finally, you can return to this guide to adjust the elements you have configured, or to add additional ones as your needs change.

Before you continue with adjusting or customizing your BIG-IP system configuration, complete these tasks:

  • Choose a configuration tool.
  • Familiarize yourself with additional resources such as product guides and online help.
  • Review the stylistic conventions that appear in this chapter.

Additional information

In addition to this guide, there are other sources of the documentation you can use in order to work with the BIG-IP system. The information is organized into the guides and documents described below. The following printed documentation is included with the BIG-IP system.

  • Configuration Worksheet
    This worksheet provides you with a place to plan the basic configuration for the BIG-IP system.
  • BIG-IP Quick Start Instructions
    This pamphlet provides you with the basic configuration steps required to get the BIG-IP system up and running in the network.

The following guides are available in PDF format from the AskF5SM web site, http://tech.f5.com. These guides are also available from the first Web page you see when you log in to the administrative web server on the BIG-IP system.

  • Platform Guide
    This guide includes information about the BIG-IP system. It also contains important environmental warnings.
  • Installation, Licensing, and Upgrades for BIG-IP® Systems
    This guide provides detailed information about installing upgrades to the BIG-IP system. It also provides information about licensing the BIG-IP system software and connecting the system to a management workstation or network.
  • Configuration Guide for BIG-IP® Local Traffic Management
    This guide contains any information you need for configuring the BIG-IP system to manage local network traffic. With this guide, you can perform tasks such as creating virtual servers and load balancing pools, configuring application and persistence profiles, implementing health monitors, and setting up remote authentication.

Stylistic conventions

To help you easily identify and understand important information, all of our documentation uses the stylistic conventions described here.

Using the solution examples

All examples in this document use only private class IP addresses. When you set up the solutions we describe, you must use valid IP addresses suitable to your own network in place of our sample addresses.

Identifying new terms

To help you identify sections where a term is defined, the term itself is shown in bold italic text. For example, a floating IP address is an IP address assigned to a VLAN and shared between two computer systems.

Identifying references to objects, names, and commands

We apply bold text to a variety of items to help you easily pick them out of a block of text. These items include web addresses, IP addresses, utility names, and portions of commands, such as variables and keywords. For example, with the bigpipe self <ip_address> show command, you can specify a specific self IP address to show by specifying an IP address for the <ip_address> variable.

Identifying references to other documents

We use italic text to denote a reference to another document. In references where we provide the name of a book as well as a specific chapter or section in the book, we show the book name in bold, italic text, and the chapter/section name in italic text to help quickly differentiate the two. For example, you can find information about SNMP traps in Appendix A, Troubleshooting SNMP Traps .

Identifying command syntax

We show complete commands in bold Courier text. Note that we do not include the corresponding screen prompt, unless the command is shown in a figure that depicts an entire command line screen. For example, the following command shows the configuration of the specified pool name:

bigpipe self <ip_address> show

or

b self <ip_Address> show

Table 1.2 explains additional special conventions used in command line syntax.

Table 1.2 Command line syntax conventions
Item in text
Description
\
Indicates that the command continues on the following line, and that users should type the entire command without typing a line break.
< >
Identifies a user-defined parameter. For example, if the command has <your name>, type in your name, but do not include the brackets.
|
Separates parts of a command.
[]
Indicates that syntax inside the brackets is optional.
...
Indicates that you can type a series of items.

 

Finding help and technical support resources

You can find additional technical documentation and product information in the following locations:

  • Online help for local traffic management
    The Configuration utility has online help for each screen. The online help contains descriptions of each control and setting on the screen. Click the Help tab in the left navigation pane to view the online help for a screen.
  • Welcome screen in the Configuration utility
    The Welcome screen in the Configuration utility contains links to many useful web sites and resources, including:
    • The F5 Networks Technical Support web site
    • The F5 Solution Center
    • The F5 DevCentral web site
    • Plug-ins, SNMP MIBs, and SSH clients
  • F5 Networks Technical Support web site
    The F5 Networks Technical Support web site, http://tech.f5.com, provides the latest documentation for the product, including:
    • Release notes for the BIG-IP system, current and past
    • Updates for guides (in PDF form)
    • Technical notes
    • Answers to frequently asked questions
    • The AskF5SM natural language question and answer engine
    To access this site, you need to register at http://tech.f5.com.



Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)