Applies To:

Show Versions Show Versions

Manual Chapter: Introducing Local Traffic Manager
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

The BIG-IP® Local Traffic ManagerTM system is specifically designed to manage your local network traffic. Local traffic management refers to the process of managing network traffic that comes into or goes out of a local area network (LAN), including an intranet.
This configuration guide applies to the set of Local Traffic Manager features that are part of the BIG-IP system family of products.
A commonly-used feature of the BIG-IP system is its ability to intercept and redirect incoming network traffic, for the purpose of intelligently tuning the load on network servers. However, tuning server load is not the only type of local traffic management. The BIG-IP system includes a variety of features that perform functions such as inspecting and transforming header and content data, managing SSL certificate-based authentication, and compressing HTTP responses. In so doing, the BIG-IP system not only directs traffic to the appropriate server resource, but also enhances network security and frees up server resources by performing tasks that web servers typically perform.
Note: BIG-IP® Local Traffic Manager is one of several products that constitute the BIG-IP product family. All products in the BIG-IP product family run on the powerful Traffic Management Operating System, commonly referred to as TMOS®. For an overview of the complete BIG-IP product offering, see the introductory chapter of the TMOS® Management Guide for BIG-IP® Systems. For information on getting started with BIG-IP system configuration, see the BIG-IP® Systems: Getting Started Guide.
Once you have set up your base network and you have administrative access to the BIG-IP system, and at least a default VLAN assignment for each interface, the next step is to configure a network for managing traffic targeted to your internal servers. For more information, see the BIG-IP® Systems: Getting Started Guide.
At the heart of the BIG-IP system are virtual servers and load balancing pools. Virtual servers receive incoming traffic, perform basic source IP and destination IP address translation, and direct traffic to servers, which are grouped together in load balancing pools.
To configure a basic local traffic management system, you use the Configuration utility. With this utility, you can create a complete set of configuration objects that work together to perform local traffic management. Each object has a set of configuration settings that you can use as is or change to suit your needs.
To configure local traffic objects, you can configure each type of object individually, or, in some cases, you can use the application templates feature to configure all required objects in a single operation. For more information on using application templates, see Understanding application templates.
Once you have configured local traffic objects on the system, either by configuring the objects individually or by using the using an application template, you can use the network map to display those objects. The network map displays a visual representation of the local traffic configuration that you have implemented, such as virtual servers and their associated pools. The network map also displays statistics about existing virtual servers, pools, nodes, and iRules®. For more information on the network map, see Using the network map feature.
The BIG-IP system has a number of time-outs that can be set to promote active connection management. The system manages each load-balanced connection explicitly by keeping track of the connection in the connection table while the connection is still active. The connection table contains state information about client-side and server-side connections, as well as the relationships between them.
Each connection in the connection table consumes system resources to maintain the table entry and monitor connection status. The BIG-IP system must determine when a connection is no longer active and then retire the connection to avoid exhausting critical system resources. Resources such as memory and processor cycles are at risk if the connection table grows and remains unchecked.
Connections that close or reset in a normal way are retired from the connection table automatically. A significant number of connections, however, often remain idle without closing normally, for any number of reasons. Consequently, the BIG-IP system must reap these connections once they have been determined to be inactive. Reaping is the process of retiring or recycling connections that would otherwise remain idle.
To promote proactive reaping, you can configure several different timeout settings to tear down connections that have seen no active traffic after a specified period of time. While a few of these timeout settings are not user-configurable, you can actively configure most of these timeout settings, to meet the needs of any application.
Since you can configure timeout settings in multiple places, it is important to understand that sometimes more than one timeout setting affects the same connection. The optimal timeout configuration is one that retains idle connections for an appropriate amount of time (variable by application) before deciding that the connections are inactive and should be retired, to conserve system resources.
Idle connections can be timed out by protocol profiles or SNATs associated with the virtual server handling the connection. Connections that a virtual server does not manage can be timed out based on SNAT automap or VLAN group settings.
Table 1.1 shows a list of objects containing idle connection timeout settings that affect reaping. For each object type, the table lists the default value and whether that value is user-configurable.
The shortest timeout value that applies to a connection is the value that always takes effect. In some cases, however, you might want to change this behavior.
For example, you might have configured a forwarding virtual server that is intended to carry long-standing connections, and these connections might become idle for long periods of time (such as SSH sessions). In this case, you can configure a long idle timeout value on the related protocol profile (in this case, TCP).
However, if the SNAT automap feature is also enabled, the default 300-second static timeout value still takes effect.
The BIG-IP system includes two other idle timeout settings, but these settings do not affect connection reaping. These settings appear in the OneConnectTM and persistence profile types. Table 1.2 shows the default values for these settings and whether the settings are user-configurable.
Cookie Hash, Destination Address Affinity, Hash, SIP, Source Address Affinity, and Universal persistence profiles
The OneConnect timeout value controls the length of time that an idle server-side connection is available for re-use; that is, this timeout value might cause the system to close a server-side connection after becoming idle for a certain period of time. In this case, since that connection was never actively in use, no active client-side connections are affected, and the system transparently selects or establishes another server-side connection for new connections. The OneConnect timeout setting need not be coordinated with the idle timeout settings of other profiles.
Persistence timeout settings are actually idle timeout settings for a session, rather than for a single connection. Thus, persistence timeout settings should typically be set to a value slightly larger than the applicable connection idle timeout settings, to allow sessions to continue even if a connection within the session has expired.
In addition to using the Setup utility to set up the management network and initial traffic management software configuration, you use the Configuration utility to customize and maintain the BIG-IP system. In the Configuration utility, you can also monitor current system performance, and view a network map that shows the virtual servers that you have created, along with the pools (and pool members) that the virtual servers reference.
For information on setting user preferences for the Configuration utility, see the TMOS® Management Guide for BIG-IP® Systems. For information on supported browsers, see the applicable release notes on the AskF5SM Knowledge Base web site, http://support.f5.com.
The Configuration utility includes a feature known as the network map. The network map feature shows a summary of local traffic objects, as well as a visual map of the virtual servers, pools, and pool members on the BIG-IP system. For both the local traffic summary and the network map, you can customize the display using a search mechanism that filters the information that you want to display, according to criteria that you specify. The system highlights in blue all matches from a search operation.
You can filter the results of the network map feature by using the Type and Status lists in the filter bar, as well as a Search box. With the Search box, you can optionally type a specific string. Figure 1.1 shows the filtering options on the Network Map screen.
When using the Search box, you can specify a text string that you want the system to use in a search operation. The default is asterisk ( * ). The settings of the Status and Type fields determine the scope of the search. The system uses the specified search string to filter the results that the system displays on the screen.
For example, if you constrain the search to include only unavailable nodes whose IP address includes 10.10, the operation returns those nodes, along with the members of the pool, the pool itself, the associated virtual server, and any iRules that you explicitly applied to that virtual server. The system sorts results alphabetically, by virtual server name.
The system supports searching on names, IP address, and IP address:port combinations, in both IPv4 and IPv6 address formats. The system processes the string as if an asterisk wildcard character surrounds the string. For example, you specify 10, the system effectively searches as if you had typed *10*. You can also specifically include the asterisk wildcard character. For example, you can use the following search strings: 10.10.10.*:80, 10.10*, and *:80. if you specifically include a wildcard character, the system treats the string accordingly. For example, if you specify 10*, the system assumes you want to search for objects whose IP addresses begin with 10.
Tip: Browsers have limits as to how much data they can render before they become sluggish and halt processing. Mapping large configurations might approach those limits; therefore, memory constraints might prevent the system from producing a network map of the whole configuration. If this might happen, the system posts an alert indicating that you can use the Network Map summary screen to determine the complexity of the configuration, which can give you an indication of the size of the resulting map. You can modify the search criteria to return fewer results, producing a map that does not encounter those limits.
When you first open the Network Map screen, the screen displays a summary of local traffic objects. This summary includes the type of objects specified with the search mechanism, the number of each type of object, and, for each object type, the number of objects with a given status.
Note: A local traffic summary includes only those objects that are referenced by a virtual server. For example, if you have configured a pool on the system but there is no virtual server that references that pool, the local traffic summary does not include that pool, its members, or the associated nodes in the summary.
Figure 1.2, shows an example of a network map screen that summarizes local traffic objects on the system.
For each object type listed in the summary, the system shows the number of objects with each type of status. Table 1.3 shows the various status indicators that the summary screen can display for a local traffic object.
Status indicator
The objects are enabled but are currently unavailable. However, the objects might become available later, with no user action required.
An example of an object showing this status is a virtual server whose connection limit has been exceeded. When the number of connections falls below the configured limit, the virtual server becomes available again.
The objects are enabled but offline because an associated object has marked the object as unavailable. To change the status so that the object can receive traffic, you must actively enable the object.
1.
On the Main tab of the navigation pane, expand Local Traffic, and click Network Map.
The Network Map screen opens.
2.
From the Status list, select a status.
This causes the system to limit the search results to objects with that status. Possible values are Any Status (the default value), Available, Unavailable, Offline, and Unknown.
3.
From the Type list, select an object type.
This causes the system to limit the search results to objects of that type. Possible values are All Types (the default value), Virtual Servers, iRules, Pools, Pool Members, and Nodes.
4.
If you want to further limit the search results, type a string in the Search box.
For example, you can limit the search to only those objects that include the string 10.10 in their names.
Note: For performance reasons, the system does not normally search within iRule text for the specified search string. If you want the search results to include iRules that contain the specified string, see step 5. Otherwise, see step 6.
Note: Enabling this setting could affect system performance while the system performs the search operation.
6.
Click the Update Summary button.
This action refreshes the local traffic summary displayed on the screen.
The network map presents a visual hierarchy of the names and status of virtual servers, pools, pool members, nodes, and iRules defined on the system. The map shows all objects in context, starting with the virtual servers at the top. The Status, Type, and Search settings at the top of the screen determine the objects that the map includes.
When you position the cursor over an object on the map, the system presents hover text containing information about the object. When you position the cursor over the status icon accompanying an object, the system presents hover text containing information about the object's status, text which also appears on the pool's Properties screen.
Due to the way that a network map presents objects in context, the updated screen also shows objects of other statuses, types, and names that relate to those objects. This is because a network map always shows objects in context with the objects that depend on them, and the objects they depend on.
For example, if you have an available virtual server with an available pool and two pool members, one available and one offline, then selecting Offline from the Status list causes the system to show the offline pool member in context with the available virtual server and the available pool. This is because the available virtual server and the available pool depend on the offline pool member.
1.
On the Main tab of the navigation pane, expand Local Traffic, and click Network Map.
The Network Map screen opens.
2.
From the Status list, select a status.
This causes the system to limit the search results to objects with that status. Possible values are Any Status (the default value), Available, Unavailable, Offline, and Unknown.
3.
From the Type list, select an object type.
This causes the system to limit the search results to objects of that type.
4.
If you want to further limit the search results, type a string in the Search box.
For example, you can limit the search to only those objects that include the string 10.10 in their names.
Note: For performance reasons, the system does not normally search within iRule text for the specified search string. If you want the search results to include iRules that contain the specified string, see step 5. Otherwise, see step 6.
Note: Enabling this setting could affect system performance while the system performs the search operation.
6.
Click the Show Map button.
This action displays the requested network map on the screen.
An application template is a wizard-like feature that queries the user for information related to a specific application. The BIG-IP system then automatically configures the BIG-IP system to process traffic for that application, based on that information.
An example of an application template is the Microsoft IIS template, which creates BIG-IP objects for managing traffic destined for a Microsoft IIS server.
Application templates ease the process of configuring the BIG-IP system. Instead of having to individually create each object that pertains to the type of application traffic you want the BIG-IP system to manage, you can run an application template. The application template automatically creates BIG-IP system objects that are customized for that application. These objects can be either local traffic objects, TMOS objects, or both, depending on the template you are using.
For example, when you run the Microsoft IIS application template, the BIG-IP system uses the information you provide to create a virtual server, pool, HTTP profile, and health monitor, all tailored to control Web traffic destined for an IIS server.
The remainder of the Understanding application templates section provides generic information about the application templates feature. For application-specific deployment information, visit the web site www.f5.com and on the menu bar, click Solutions.
Important: All local traffic objects that an application template creates reside in the current administrative partition. For information on administrative partitions, see the TMOS® Management Guide for BIG-IP® Systems.
2.
On the Main tab of the navigation pane, expand Local Traffic, and click Templates and Wizards.
The Templates screen opens, displaying a list of templates.
3.
In the Application column, click a template name.
The screen for that application opens.
5.
Click Finished.
A list of all objects that the template created displays on the screen.
Note that for any given application template, such as Microsoft IIS, you can create multiple deployments of that template. For example, using the Microsoft IIS template, you can create a separate deployment for each of three virtual servers, naming the deployments my_iis1, my_iis2, and my_iis3.
To operate as efficiently as possible, the BIG-IP system allows multiple deployments of an application template to share certain HTTP profiles that the template might create. This avoids multiple deployments of a template having to create and maintain identical sets of HTTP profiles.
Most application templates create sharable HTTP profiles. The indication that an HTTP profile is sharable by multiple deployments is the profile name, which is appended with the string _shared_http.
For example, when you create the first deployment of the Microsoft IIS template, the template might create a sharable HTTP profile named microsoft_iis_http_acceleration_shared_http. Thereafter, any subsequent deployment of the Microsoft IIS template can re-use that HTTP profile instead of creating a separate but identical HTTP profile.
Once you have finished using the template, each local traffic object that the template created appears on the list screen for that object type. For example, if the application template created a load balancing pool, the pool then appears on the Pools List screen in the Configuration utility, along with all other pools that you are allowed to view on the BIG-IP system.
Identifying the objects that are associated with an application is simple, because each object that the template creates appends a user-specified prefix to the object name. For example, if you create a Microsoft IIS deployment, specifying the prefix IIS, each object that the template subsequently creates includes the prefix IIS in the name. For example, a pool that the template creates might be named IIS_pool, and a virtual server might be named IIS_virtual_server.
After using a particular application template, if you want to delete all objects that the template created, you must access each relevant list screen in the Configuration utility and delete the application object on that screen. Continuing with the previous example, to delete the pool that the Microsoft IIS template created, you display the Pools list screen and delete the object IIS_pool. Similarly, to delete the virtual server, you display the Virtual Servers list screen and delete the object IIS_virtual_server. You continue this process until all relevant objects are deleted from the system.
Tip: You can use the Network Map feature within the Configuration utility to more easily identify template-related objects.
Before you use this guide, we recommend that you run the Setup utility on the BIG-IP system to configure basic network and network elements such as static and floating self IP addresses, interfaces, and VLANs, to name a few. For more information, see the BIG-IP® Systems: Getting Started Guide.
After running the Setup utility, you can further customize your system by using the Configuration utility to create local traffic management objects such as virtual servers, load balancing pools, and profiles.
In addition to this guide, there are other sources of the documentation you can use in order to work with the BIG-IP system.The following documentation pertains to the Local Traffic Manager product and is available in PDF format from the AskF5SM Knowledge Base web site, http://support.f5.com. These guides are also available from the first web page you see when you access the browser-based Configuration utility:
BIG-IP® Systems: Getting Started Guide
This guide contains any information you need to initially install, license, and set up your BIG-IP system.
TMOS® Management Guide for BIG-IP® Systems
This guide contains any information you need to configure and maintain the network and system-related components of the BIG-IP system. With this guide, you can perform tasks such as configuring routes and VLANs, assigning self IP addresses, creating administrative user accounts, and managing a redundant system.
BIG-IP® Local Traffic Manager: Implementations
This guide contains complete procedures for implementing specific goals, such as processing SSL traffic with data compresson, or assigning privileges to remotely-authenticated user accounts. This guide ties together the detailed information contained in the Configuration Guide for BIG-IP® Local Traffic Manager to help you implement specific traffic-management configurations.
Bigpipe Utility Reference Guide
This guide contains syntax information for using the bigpipe utility command line interface.
Traffic Management Shell (tmsh) Reference Guide
This guide contains syntax information for using for the tmsh command line interface.
To help you easily identify and understand important information, our documentation uses the stylistic conventions described below.
All examples in this documentation use only private class IP addresses. When you set up the configurations we describe, you must use valid IP addresses suitable to your own network in place of our sample addresses.
To help you identify sections where a term is defined, the term itself is shown in bold italic text. For example, a virtual server is a specific combination of a virtual address and virtual port, associated with a content site that is managed by a BIG-IP system or other type of host server.
We apply bold text to a variety of items to help you easily pick them out of a block of text. These items include web addresses, IP addresses, utility names, and portions of commands, such as variables and keywords. For example, you can set the Idle Timeout value to 5.
We use italic text to denote a reference to another document or section of a document. We use bold, italic text to denote a reference to a book title. For example, for installation instructions, see the guide titled BIG-IP® Systems: Gettng Started Guide.
We show complete commands in bold Courier text. Note that we do not include the corresponding screen prompt, unless the command is shown in a figure that depicts an entire command line screen. For example, the following command shows the configuration of the specified pool name:
Table 1.4 explains additional special conventions used in command line syntax.
\
< >
Identifies a user-defined parameter. For example, if the command has <your name>, type in your name, but do not include the brackets.
|
[]
Online help for local traffic management
The Configuration utility has online help for each screen. The online help contains descriptions of each control and setting on the screen. Click the Help tab in the left navigation pane to view the online help for a screen.
Welcome screen in the Configuration utility
The Welcome screen in the Configuration utility contains links to many useful web sites and resources, including:
F5 Networks Technical Support web site
The F5 Networks Technical Support web site, http://support.f5.com, provides the latest documentation for the product, including:
The AskF5SM Knowledge Base
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)