Applies To:

Show Versions Show Versions

Manual Chapter: Administrator Guide for the BIG-IP WebAccelerator Module: 3 - Configuration and Maintenance
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>


3

Configuration and Maintenance


Overview of the configuration tasks

This chapter provides the information that you need to configure and maintain the WebAccelerator system. These tasks include:

  • Essential configuration tasks
    These configuration tasks are required for the WebAccelerator system to accelerate traffic to your applications.
  • Additional configuration tasks
    Optional tasks that you can perform to fine-tune and customize the WebAccelerator system's configuration.
  • Maintenance tasks
    Tasks that you perform periodically after you complete the initial configuration.

Configuring the BIG-IP system

Before you perform the tasks described in this chapter, review the following required and recommended configuration tasks for the BIG-IP system.

Required configuration tasks

You must first perform the following tasks on the BIG-IP system, before you configure the WebAccelerator system.

  • Install and activate the license.
  • Configure the appropriate network settings.

Recommended configuration tasks

In addition to the required configuration tasks, F5 Networks also recommends that you perform the following tasks on the BIG-IP system, before you configure the WebAccelerator system.

  • Configure name resolution (DNS or entries to the host file).
  • Configure an NTP server.
Important

For the WebAccelerator module to properly maintain its cache, the time on the BIG-IP system must be synchronized with the time on the origin servers. Therefore, F5 Networks recommends that you configure an NTP server on the BIG-IP system.

If you have not yet completed the required configuration on the BIG-IP system, refer to the Installation, Licensing, and Upgrades for BIG-IP® Systems guide, and the BIG-IP® Network and System Management Guide for additional information. Both of these guides are available on the Technical Support web site, http://tech.f5.com.

Essential configuration tasks

The following essential configuration task are required for the WebAccelerator system to start accelerating traffic. These tasks include:

  • Enabling the WebAccelerator module
    To initiate the configuration process, you must first enable the WebAccelerator module on the BIG-IP system.
  • Creating an HTTP class profile with the WebAccelerator module enabled
    The HTTP class profile classifies traffic using HTTP header, cookie, host, path, and other HTTP items.
  • Defining a virtual server and pool associated with the WebAccelerator-enabled HTTP class profile
    The virtual server on the BIG-IP system load balances pools that host the web application that you are accelerating. You configure the virtual server and one or more pools.
  • Configuring an application
    The main tasks to configure an application are:
    • Creating an application profile, which provides key application information to the WebAccelerator system so that it can appropriately handle requests to the applications.
    • Creating a host map, by identifying the domain as it appears on the HTTP HOST request header.
    • Verifying the host map.
Important

Before completing the following tasks, you must first perform the configuration tasks outlined in Configuring the BIG-IP system .

Enabling the WebAccelerator module

Before configuring the WebAccelerator system, you must have a license for the WebAccelerator module and you must enable it on the BIG-IP system.

To enable the WebAccelerator module

  1. Using the command line of the BIG-IP system, type the following command:
  2. bigpipe db module.wa enable
  3. To confirm the module is enabled, type the following command:
  4. bigpipe db module.wa

    The output should display as enable.

Creating an HTTP class profile

The HTTP class profile uses the HTTP header, cookie, host, and path, and other HTTP items to classify traffic. To configure the WebAccelerator system to accelerate traffic for applications that are running on a virtual server, the first task is to configure the HTTP class profile with WebAccelerator module enabled.

To create an HTTP class profile with the WebAccelerator module enabled

  1. On the Main tab of the navigation pane, expand WebAccelerator, and then click Classes.
    The HTTP Class Profile screen opens.
  2. Click the Create button.
    The New HTTP Class Profile screen opens.
  3. In the Name box, type a name for the HTTP class profile.
  4. From the Parent Profile list, select httpclass.
  5. In the Configuration section, verify that WebAccelerator system is set to Enabled. Leave all other settings at Match all.
  6. Click the Finished button.
    The system adds the new HTTP class profile and displays the HTTP Class Profiles screen.
Note

The HTTP class profile exists in both the WebAccelerator and the Local Traffic sections of the Configuration utility. The difference between the two is that in the WebAccelerator section of the Configuration utility, the WebAccelerator system is enabled by default. In the Local Traffic section of the Configuration utility, you must check the Custom check box and explicitly enable the WebAccelerator module. If you create the HTTP class profile from the Local Traffic menu and you do not enable the WebAccelerator module, you effectively disable web acceleration for the associated virtual server.

Defining a virtual server and pool

The next configuration task is to define a virtual server and pool on the local traffic management system, and associate the WebAccelerator-enabled HTTP class profile.

The virtual server processes and routes incoming traffic in accordance with the settings that you configure in the associated HTTPS class profile. The pool hosts the actual web application content that you want to accelerate with the application profile policy.

Note

The following procedure outlines only the basic virtual server and pool configuration. For detailed information about virtual servers, pools, and the other local traffic components, refer to the Configuration Guide for BIG-IP Local Traffic Management on the AskF5 Technical Support web site, http://tech.f5.com.

To configure a virtual server and pool

  1. On the Main tab of the navigation pane, expand Local Traffic, and then click Virtual Servers.
    The Virtual Servers list screen displays.
  2. Click the Create button.
    The New Virtual Server screen displays.
  3. In the Name box, type a name for the virtual server.
  4. For the Destination Type, click the Host button and type an IP address in the Address box.
  5. In the Service Port box, type 80.
    Alternately, you can select HTTP from the Service Port list.
  6. In the Configuration section, select http from the HTTP Profile list.
  7. In the Resources section, select the WebAccelerator-enabled HTTP class profile that you created from the HTTP Class Profiles Available list, and click the Move button (<<) to add the profile to the Enabled list.
  8. Next to the Default Pool list, click the Add (+) button.
    The New Pool screen opens.
  9. In the Name box, type a name for the pool.
  10. For Health Monitors, select http from the Available list and click the Move button (<<) to add the monitor to the Active list.
  11. In the Resources section, select a Load Balancing Method from the list.
  12. Leave Priority Group Activation set to Disabled.
  13. Into the Address and Port boxes, type the address and port for the pool members.
  14. Click the Add button.
  15. Click Finished.
    The screen refreshes and opens the New Virtual Server screen, where you see the new pool in the Default Pool list.
  16. Click Finished again.
    The system updates the configuration, and the Virtual Server list screen displays and you can see the virtual server that you created.

Configuring an application

After you create the HTTP class profile and configure the virtual server and pool, you configure the applications that you want the WebAccelerator system to accelerate. The two main parts to an application are:

  • Application profile
  • Host map

Application profiles

An application profile provides the key information that the WebAccelerator system needs to appropriately handle requests to the applications on your site, and consists of a host map and a specified acceleration policy.

Host maps

When a browser sends an HTTP request to the WebAccelerator system, the WebAccelerator system compares the host on the request to those in its host map to determine which application and associated application policy set to use to handle the request.

When you create a host map, you identify the domain as it appears on the HTTP HOST request header. These domains are called requested hosts. When you specify the host name for the requested host in a host map, you can use an asterisk (*), followed by a period, as a wildcard for the first character in the domain. The asterisk can represent one or more subdomains. Using a wildcard enables you to map several subdomains to one origin web server in one step. This saves time if your site has several subdomains.

Note

The WebAccelerator system is also capable of managing requests for unmapped domains, which are called unmapped requests. For more information, see Processing unmapped requests .

Following are examples of valid requested host names that use wildcards.

  • *.sales.siterequest.com maps to the following (all to the same destination host):
    • direct.sales.siterequest.com
    • marketing.sales.siterequest.com
    • marcom.marketing.sales.siterequest.com
  • *siterequest.com maps to the following (all to the same destination host):
    • www.siterequest.com
    • engineering.siterequest.com
    • direct.sales.siterequest.com
    • marketing.sales.siterequest.com
    • marcom.marketing.sales.siterequest.com
  • *.com maps all incoming requests that end in .com to one destination host.
  • * maps all incoming requests to one destination host.

If the WebAccelerator system can map multiple requested host names to a request, it chooses the host name that most closely matches the request. Consider the following defined host names:

  • a.com
  • www.a.com
  • *.b.a.com
  • *.a.com

If the WebAccelerator system receives requests that contain these URLs, it maps to the requested hosts as follows:

  • A request to www.a.com is mapped to www.a.com, not to *.a.com.
  • A request to a.com maps to a.com.
  • Requests to c.a.com and b.a.com both map to *.a.com.
  • A request to c.b.a.com maps to *.b.a.com.
Important

Before you configure an application, you must select an acceleration policy. You can choose a pre-defined acceleration policy or, you can create your own and select it. For information about creating acceleration policies, see the Policy Management Guide for the BIG-IP WebAccelerator Module.

To configure an application

  1. On the Main tab of the navigation pane, expand WebAccelerator, and then click Applications.
    The Applications screen opens.
  2. Click the New Application button.
    The New Application screen opens.
  3. In the Application Name box, type a name for the application.
  4. From the Policies list, select an application policy.
  5. In the Hosts section at the bottom of the screen, click the Add Host button.
    The screen refreshes and displays a Requested Host box.
  6. In the Requested Host box, type a valid host name for each origin server.
  7. Click the Save button.

Verifying the application profile host map

After you set up an application profile, you must verify that the WebAccelerator system is able to able to properly send and receive data to and from the origin servers.

To verify the application profile host map

  1. On a machine separate from the WebAccelerator system, and from which you can run a browser, edit the /etc/hosts file and change it so that the host name that you use to access the web site application points to the IP address for the BIG-IP virtual server.
  2. For example, if you can access the web site at the www.siterequest.com domain and the BIG-IP virtual server is at IP address 11.1.11.3, change the line in the /etc/hosts file on the browser machine to:

    11.1.11.3 www.siterequest.com

    All network traffic from the web browser machine for www.siterequest.com subsequently goes to the BIG-IP virtual server.

    Note: On Microsoft® Windows® 2000 and Windows® XP machines, the /etc/hosts file is located at c:\WINNT\system32\drivers\etc\hosts.
  3. From the web browser machine, request a page from www.siterequest.com.
  4. You should see the page that you would have received if your browser had accessed the origin servers directly. If the browser times out the request, it means that either the WebAccelerator system is not running, or the firewall is blocking access to port 80 on the WebAccelerator system.

  5. If you receive an Access denied by intermediary error, perform the following tasks:
    • Verify that the /etc/hosts file is correct.
    • Verify that the host map for the application profile is correct.
    • Verify that you used a domain in the request that matches a requested host in the host map, and that it maps to the destination host that you entered in the WebAccelerator system's /etc/hosts file.
  6. After you confirm the host mapping, remove any entries that you changed or added.

Additional configuration tasks

After you complete the essential configuration tasks, you can fine-tune the configuration with these additional options:

  • Processing unmapped requests
  • Defining destination hosts values
  • Configuring Express Connect options

Processing unmapped requests

A request for a domain that is not listed in the requested host list is called an unmapped request. If you create a matching application policy that is based on a host name that is not identified in a host map, you will have an unmapped host map. By default, the WebAccelerator system replies to clients that request unmapped hosts with an HTTP 403 response code. F5 Networks recommends that you reconcile unmapped requests by adding the host name to the host map for the applications that are using the specified application policy set.

Another option is to allow the WebAccelerator system to process unmapped requests, instead of responding with an error; however, the following security implication is associated with processing unmapped requests.

Security implication

If you configure the WebAccelerator system to process unmapped requests and you do not specify a proxy server, you enable the WebAccelerator system to act as a relay. F5 Networks recommends that you do not enable unmapped request processing unless your network meets one of the following conditions.

  • The WebAccelerator system and the origin servers are private and protected.
  • You specify a proxy server to forward the unmapped requests to, and you configure that proxy server to properly deal with unwanted or unsanctioned requests.

To enable unmapped request processing

  1. On the Main tab of the navigation pane, click Applications.
    The Application screen opens.
  2. In the navigation pane, click Unmapped hosts.
    The Unmapped Hosts screen opens.
  3. Check the box next to Process requests for unmapped hosts.
    The screen refreshes and additional unmapped hosts settings display.
  4. From the Policies list, select an application policy for which you want to process unmapped requests.
  5. If you want to forward unmapped host requests to a specific proxy server, select the button next to Forward unmapped host requests to a proxy server, and type an address in the Server Address box.
  6. In the Connection Properties section, for Protocol Security, select the button next to one of the following choices:
    • Same as Original Request
      The WebAccelerator system uses the same protocol to send and receive data to and from the origin servers, as is used for the client request.
    • HTTP only
      The WebAccelerator system uses only HTTP for sending and receiving data, even if HTTPS is used for the original request. Use this option only if the WebAccelerator system and origin servers are on the same protected network and you want to avoid the overhead of HTTPS connections.
  7. In the Connection Timeout box, type the number of seconds that the WebAccelerator system should wait to establish a connection.
  8. In the Read/Write Timeout box, type the number of seconds that you want the WebAccelerator system to wait for a read or write operation to the origin servers to complete. Once the WebAccelerator system reaches this limit, the operation times out.
  9. In the Retries box, type the number of times the WebAccelerator system should attempt to connect to the origin servers, in the event of a connection failure.
  10. In the Lifetime box, type a number, and select minutes or seconds from the associated menu, to specify the amount of time that the WebAccelerator system should hold a persistent connection open to the origin servers.
  11. Each time the WebAccelerator system requests and receives data from the origin servers, it checks to see if the connection has been open for a period of time that is longer than defined for this field. If it has been, the WebAccelerator system drops the connection and reconnects to the origin server before attempting to request data.

  12. Click the Save button.

Defining destination host values

In most cases, the default settings are efficient for the destination host that you define for the origin servers. You can, however, fine-tune your configuration by changing connection and timeout values, after you initially configure your host map. If you change destination host values, you must recheck the configuration as described in the section titled, Verifying the application profile host map .

To change the destination host values

  1. On the Main tab of the navigation pane, click Applications.
    The Application screen opens.
  2. In the navigation pane, click Destination Hosts.
    The Destination Hosts screen opens with a list of configured destination hosts.
  3. Click Edit next to the destination host that you want to modify.
  4. For Protocol Security, select the button next to one of the following options:
    • Same as Original Request
      The WebAccelerator system uses the same protocol to request data from the origin servers, as is used for the client request.
    • HTTP
      The WebAccelerator system uses only HTTP for sending and receiving data, even if HTTPS is used for the original request. Use this option only if the WebAccelerator system and origin servers are on the same protected network, and you want to avoid the overhead of HTTPS connections.
  5. In the Connection Timeout box, type the number of seconds that you want the WebAccelerator system to wait for a response from the origin servers, when requesting for content.
  6. In the Read/Write Timeout box, type the number of seconds that you want the WebAccelerator system to wait for a read or write operation to the origin servers to complete. Once the WebAccelerator system reaches this limit, the operation times out.
  7. In the Retries box, type the number of times the WebAccelerator system should attempt to connect to the origin servers, in the event of a connection failure.
  8. In the Lifetime box, type a number, and select minutes or seconds from the associated menu, to specify the amount of time that the WebAccelerator system should hold a persistent connection open to the origin servers.
  9. Each time the WebAccelerator system requests information from the origin server, it checks to see if the connection has been open for a period of time that is longer than defined for this field. If it has been, the WebAccelerator system drops the connection and reconnects to the origin server before attempting to retrieve the requested data.

  10. Click the Save button.

Configuring the Express Connect feature

Most browsers create a limited number of persistent TCP connections when they are requesting data. The WebAccelerator system provides an option called Express Connect that modifies embedded URLs with unique subdomains, which prompts the browser to open more persistent connections (up to two per subdomain generated by the WebAccelerator system). These connections browsers result in faster data downloads.

When Express Connect is configured, the browser opens two more persistent connections than it normally opens, for every additional subdomain you request. Therefore, if you request one subdomain for the HTTP protocol, a browser can open up to four persistent connections to the WebAccelerator system when requesting pages over the HTTP protocol. The WebAccelerator system uses these additional subdomains only on embedded URLs or links that request images or scripts.

The Express Connect feature is disabled by default. To use this feature, you must configure DNS with the additional entries and map those entries to the same IP address as the base origin server (www.siterequest.com in this example). Note that the origin servers never get a request from these additional domains. These domains are used only for requests and/or responses between the client and the WebAccelerator system.

When configuring Express Connect, you must assign specific prefixes to the additional subdomains. For example, if the requested host for the mapping is www.siterequest.com and you request two additional subdomains for the HTTP protocol, you assign a subdomain prefix of wa. Once configured, the WebAccelerator system changes the domain on qualifying embedded URLs and links to use the following domains:

  • wa1.www.siterequest.com
  • wa2.www.siterequest.com

To configure the Express Connect feature

  1. On the Main tab of the navigation pane, expand WebAccelerator, and then click Applications.
    The Applications screen opens.
  2. Click the Edit link next to the application for which you want to configure Express Connect options.
    The Edit Applications screen opens.
  3. In the Host section at the bottom of the screen, click the Options link next to the Requested Host box.
    The screen refreshes and displays the Express Connect options.
  4. From the HTTP subdomains and HTTPS subdomains lists, select a number of subdomains that you want the WebAccelerator system to generate for each protocol.
  5. In the Subdomain Prefix box, type a prefix or leave it at the default of wa.
  6. Click the Save button.

For more information about the Express Connect feature, see the Policy Management Guide for the BIG-IP WebAccelerator Module.

Maintenance tasks

After you have finished configuring the WebAccelerator system, and are processing traffic, you can perform the following maintenance procedures as required.

  • Check system processes
  • Invalidating cached content
  • Monitoring
  • Configuring log file rotation

Checking the WebAccelerator system processes

The process that you use to initially configure the WebAccelerator system confirms that the basic functionality of the WebAccelerator system software is working. After you complete the WebAccelerator system's initial installation process and configuration, you can perform additional checks to verify that the software is working correctly and that you selected and configured your initial acceleration policies and host maps correctly.

To check the WebAccelerator system processes

  1. Log into the BIG-IP system as root.
  2. Type the following command:
  3. bigstart status | more

    Several process should be running. Verify that the following processes are up:

    • comm_srv
    • pvac
    • hds_prune
    • You can move through each page by pressing the space bar.

  4. After you verify that the processes are running, type q to quit.

Invalidating cached content

When you manually invalidate cached content, it prompts the WebAccelerator system to contact the origin servers and obtain fresh content the next time it receives a request for the specified data. You do not need to invalidate cached content often, but you should do so after you perform the following tasks.

  • Change acceleration policy rules
    Always clear the cache for specific applications after you change acceleration policy rules. This ensures that the WebAccelerator system services new requests with fresh content, instead of providing content that was cached under previous rules.
  • Update content on the origin servers
    When you update content on the origin servers, we recommend that you invalidate only the outdated content from the WebAccelerator system's cache. This reduces the number of requests that the WebAccelerator must send to the origin servers.
Note

For additional information about cache invalidation, see Chapter 11, Configuring Cache Invalidation, in the Policy Management Guide.

To invalidate cached content for specific applications

  1. On the Main tab of the navigation pane, expand WebAccelerator, and click Application.
    The Application screen opens.
  2. Click Invalidate Content.
    The Invalidate Content screen opens.
  3. Click the Invalidate all cached content button.
  4. In the Application(s) to apply invalidation section, check the box next to the specific applications for which you want to invalidate cached content.
    Or, check the Select All check box.
  5. Click the Invalidate button.

To invalidate cached content for specific content

  1. On the Main tab of the navigation pane, expand WebAccelerator, and click Application.
    The Application screen opens.
  2. Click Invalidate Content.
    The Invalidate Content screen opens.
  3. Click the Invalidate content that matches the following URI expression button.
  4. In the box, type the appropriate regular expressions.
    For examples of the required format, click the Static Objects Sample or the Documents Example link next to the box.
  5. Click the Invalidate button.

Monitoring the WebAccelerator

You can monitor the WebAccelerator system's performance by viewing statistics and charts from the Performance Report screen. There are three main types of performance reports.

  • Traffic Reports
    Measures the number of requests (hits) received by the WebAccelerator system per the defined period of time.
  • Bytes Reports
    Measures the bytes of content received by the WebAccelerator system per the defined period of time.
  • Response Reports
    Measures the average amount of time it takes the WebAccelerator system to respond to a request from the client per the defined period of time.

From the Performance Reports screen, you can view performance reports as well as edit the report filter. Editing the filter ensures that the reports make sense for the applications on your site.

To view Performance Reports

  1. On the Main tab of the navigation pane, expand WebAccelerator, and click Performance Reports.
    The Performance Reports screen opens.
  2. On the Main tab of the navigation pane, click Traffic Reports, Bytes Reports, or Response Reports.
  3. On the menu bar, click one of the following options to view data:
    • Time
      Data for responses, by minute, by hour, or by day.
    • Transaction Type
      Data for responses, based on the node they matched against in the Request Type Hierarchy during response matching.
    • Content
      Provides the following two options for displaying content:

      - by Content Type
      Represents the object types defined in the global fragment configuration file.

      - by Content Size
      Data for responses, based on the size of the response.
    • The graph displays content according to the parameters that you selected.

To edit the Performance Reports filter

  1. In the navigation pane, click Performance Reports.
    The Performance Reports screen opens in a separate window.
  2. Click the Edit Filter button.
  3. Change the following options as required.
    • Time period
    • Transaction Type
    • Content
    • HTTP Status
    • For more information about the specific options, click the Help tab in the navigation pane.

  4. Click the Update button to save the changes.

The changes that you make to the filter values stay in effect for all reports, until you change them.

Changing log file monitoring parameters

The WebAccelerator system manages log files that contain large amounts of data. By default, the WebAccelerator system monitors these logs every hour and rotates the file any time the size is over 10MB. This log file rotation helps to avoid filling up the disk partition, which could potentially cause the system to crash.

You can change the interval at which the WebAccelerator system monitors the logs from hourly to daily, by issuing the following Linux shell commands:

rm /etc/cron.hourly/wa_logrotate

ln -s /usr/local/wa/scripts/wa_logrotate /etc/cron.daily/wa_logrotate

For more information about these commands, view the rm and ln man pages.




Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)