Applies To:
Show Versions
BIG-IP versions 1.x - 4.x
- 4.2 PTF-10, 4.2 PTF-09, 4.2 PTF-08, 4.2 PTF-07, 4.2 PTF-06, 4.2 PTF-05, 4.2 PTF-04, 4.2 PTF-03, 4.2 PTF-02, 4.2 PTF-01, 4.2.0
Introduction
- Getting started
- Using the Administrator Kit
- What's new in version 4.2
- Learning more about the BIG-IP product family
Getting started
Before you start installing the BIG-IP, we recommend that you browse the BIG-IP Solutions Guide and find the load balancing solution that most closely addresses your needs. If the BIG-IP® unit is running the 3-DNS software module, you may also want to browse the 3-DNS Administrator Guide to find a wide area load balancing solution. Briefly review the basic configuration tasks and the few pieces of information, such as IP addresses and host names, that you should gather in preparation for completing the tasks.
Once you find your solution and gather the necessary network information, turn back to the Configuration Worksheet and Hardware Orientation poster for hardware installation instructions, and then return to the BIG-IP Solutions Guide to follow the steps for setting up your chosen solution.
Choosing a configuration tool
The BIG-IP offers both web-based and command line configuration tools, so that users can work in the environment that they are most comfortable with.
The Setup utility
All users need to use the Setup utility (formerly known as First-Time Boot utility). This utility walks you through the initial system set up. You can run the Setup utility from the command line, or from a web browser. The Setup utility prompts you to enter basic system information including a root password and the IP addresses that will be assigned to the network interfaces. For more information, see Chapter 2 of this guide.
The Configuration utility
The Configuration utility is a web-based application that you use to configure and monitor the load balancing setup on the BIG-IP. Once you complete the installation instructions described in this guide, you can use the Configuration utility to perform the configuration steps necessary for your chosen load balancing solution. In the Configuration utility, you can also monitor current system performance, and download administrative tools such as the SNMP MIB or the SSH client. The Configuration utility requires Netscape Navigator version 4.7, or Microsoft Internet Explorer version 5.0 or later.
The bigpipe and bigtop command line utilities
The bigpipeTM utility is the command line counter-part to the Configuration utility. Using bigpipe commands, you can configure virtual servers, open ports to network traffic, and configure a wide variety of features. To monitor the BIG-IP, you can use certain bigpipe commands, or you can use the bigtopTM utility, which provides real-time system monitoring. You can use the command line utilities directly on the BIG-IP console, or you can run commands using a remote shell, such as the SSH client (encrypted communications only), or a Telnet client (for countries restricted by cryptography export laws). For detailed information about the command line syntax, see Chapter 7, bigpipe Command Reference.
Using the Administrator Kit
The BIG-IP Administrator Kit provides all of the documentation you need in order to work with the BIG-IP. The information is organized into the guides described below. The following printed documentation is included with the BIG-IP unit.
- Hardware Orientation Poster
This poster includes information about the BIG-IP unit. It also contains important environmental warnings. - Configuration Worksheet
This worksheet provides you with a place to plan the basic configuration for the BIG-IP.
The following guides are available in PDF format from the CD-ROM provided with the BIG-IP. These guides are also available from the first Web page you see when you log in to the administrative web server on the BIG-IP.
- BIG-IP Solutions Guide
This guide provides examples of common load balancing solutions. Before you begin installing the hardware, we recommend that you browse this guide to find the load balancing solution that works best for you. - BIG-IP Reference Guide
This guide provides detailed configuration information for the BIG-IP. It also provides syntax information for bigpipe commands, other command line utilities, configuration files, system utilities, and monitoring and administration information. - 3-DNS Administrator and Reference Guides
If your BIG-IP includes the optional 3-DNS module, your administrator kit also includes manuals for using the 3-DNS module. The 3-DNS Administrator Guide provides wide area load balancing solutions and general administrative information. The 3-DNS Reference Guide provides information about configuration file syntax and system utilities specific to the 3-DNS module.
Stylistic conventions
To help you easily identify and understand important information, our documentation uses the stylistic conventions described below.
Using the solution examples
All examples in this documentation use only non-routable IP addresses. When you set up the solutions we describe, you must use IP addresses suitable to your own network in place of our sample addresses.
Identifying new terms
To help you identify sections where a term is defined, the term itself is shown in bold italic text. For example, a virtual server is a specific combination of a virtual address and virtual port, associated with a content site that is managed by a BIG-IP or other type of host server.
Identifying references to objects, names, and commands
We apply bold text to a variety of items to help you easily pick them out of a block of text. These items include web addresses, IP addresses, utility names, and portions of commands, such as variables and keywords. For example, with the bigpipe pool <pool_name> show command, you can specify a specific pool to show by specifying a pool name for the <pool_name> variable.
Identifying references to other documents
We use italic text to denote a reference to another document. In references where we provide the name of a book as well as a specific chapter or section in the book, we show the book name in bold, italic text, and the chapter/section name in italic text to help quickly differentiate the two. For example, you can find information about bigpipe commands in Chapter 7, bigpipe Command Reference of this guide.
Identifying command syntax
We show complete commands in bold Courier text. Note that we do not include the corresponding screen prompt, unless the command is shown in a figure that depicts an entire command line screen. For example, the following command shows the configuration of the specified pool name:
bigpipe pool <pool_name> show
or
b pool <pool_name> show
Table Intro.1 explains additional special conventions used in command line syntax.
Finding additional help and technical support resources
You can find additional technical information about this product in the following locations:
- Release notes
Release notes for the current version of this product are available from the product web server home page, and are also available on the technical support site. The release notes contain the latest information for the current version, including a list of new features and enhancements, a list of fixes, and, in some cases, a list of known issues. - Online help
You can find help online in three different locations:
- The web server on the product has PDF versions of the guides included in the Administrator Kit.
- The web-based Configuration utility has online help for each screen. Simply click the Help button.
- Individual bigpipe commands have online help, including command syntax and examples, in standard UNIX man page format. Simply type the command followed by the word help, and the BIG-IP displays the syntax and usage associated with the command.
- Third-party documentation for software add-ons
The web server on the product contains online documentation for all third-party software, such as GateD. - Technical support through the World Wide Web
The F5 Networks Technical Support web site, http://tech.F5.com, provides the latest technical notes, answers to frequently asked questions, updates for administrator guides (in PDF format), and the AskF5 natural language question and answer engine. To access this site, you need to obtain a customer ID and a password from the F5 Help Desk.
What's new in version 4.2
The BIG-IP offers the following major new features in version 4.2, in addition to many smaller enhancements.
Support for the Controller and IP Application Switch platforms
This release includes support for both the BIG-IP Controller and the IP Application SwitchTM hardware platforms.
The Setup utility
This release includes a new Setup utility for initially configuring your BIG-IP system. The Setup utility replaces the web-based and console-based First-Time Boot utility. For more information, see Chapter 2, Using the Setup Utility.
Enhanced pools support
This release contains several new attributes that you can assign to load-balancing pools. These new attributes include support for Session Initiation Protocol (SIP) Call-ID persistence and Windows Terminal Server (WTS) persistence, enhanced ability to redirect HTTP requests, the ability to insert client IP addresses into HTTP requests, and the ability to set specific Quality of Service (QoS) and Type of Service (ToS) levels within a packet. Furthermore, this release allows you to configure a pool to automatically disable a SNAT or NAT connection, or to bypass the load balancing of a connection by automatically forwarding the connection, using IP routing. In addition to using these new pool attributes, you can also specify a pool of multiple default gateways, used for handling administrative traffic such as SSH, telnet, FTP, and HTTPS connections. For more information, see the Pools section in Chapter 4, Configuring the High-Level Network.
New filter for rewriting HTTP redirections
This release provides an ISAPI filter, called redirectfilter.dll, which allows IIS servers running Netscape to rewrite HTTP redirections. Rewriting HTTP redirections helps to ensure that SSL connections remain on a secure channel. By installing this filter on your IIS server, you offload the task of rewriting HTTP redirections from your SSL Accelerator proxy to your IIS server. For more information, see Rewriting HTTP redirection, on page 4-41.
New global variables
Two new global variables, open_failover_ports and self_conn_timeout, are included in this release. The open_failover_ports variable allows you to restrict network failover traffic on specific VLANs. The self_conn_timeout variable acts as a tracking mechanism for UDP connections For more information, see Chapter 7, bigpipe Command Reference.
Enhanced rules support
With this release comes a number of new variables and operators, to enhance the ways that you can select pools for load balancing. Using rule statements, you can now select pools based on such criteria as the IP protocol of a packet, TCP/UDP port numbers, and QoS and ToS levels. A rule can also now balance traffic based on whether the client IP address is a member of a specific class. For SSL Accelerator proxies, you can use rules to rewrite HTTP redirection to ensure that traffic remains on an SSL-secured channel. For more information, see the Rules section in Chapter 4, Configuring the High-Level Network.
Enhanced support for virtual servers
This release contains a number of enhancements to the BIG-IP virtual server. First, you can now define multiple wildcard virtual servers instead of a single wildcard virtual server only. For information on configuring multiple wildcard virtual servers, see Creating multiple wildcard servers, on page 4-74. Secondly, you can configure an option known as dynamic connection rebinding, designed for those virtual servers that are load balancing transparent devices such as firewalls or routers. Dynamic connection rebinding causes any connections to a node address or service to be redirected to another node, if the original node transitions to a DOWN state. Finally, you can prevent a virtual server from sending a TCP reset when a connection is timed out. For more information, see the Virtual Servers section in Chapter 4, Configuring the High-Level Network.
SSL Accelerator proxy enhancements
This release includes several important enhancements to the SSL Accelerator proxy. For example, you can now configure options such as specifying ways for an SSL proxy to manage client certificates, inserting headers into HTTP requests, specifying ciphers and protocol versions, and configuring SSL session cache size and timeout values.
This release also supports the SSL-to-Server option, which allows you to re-encrypt traffic after it has been decrypted by the BIG-IP. Previously available on the IP Application Switch only, this feature is now available on the BIG-IP Controller platform also. Moreover, this feature has been enhanced in this release to further ensure the security of SSL connections between the proxy and the server. For a complete description of all new SSL Accelerator proxy options, see the Proxies section in Chapter 4, Configuring the High-Level Network.
Support for the nCipher FIPS 140-1 level 3 certified SSL cryptographic module
For BIG-IP Controller platforms, option is available to install a FIPS 140-1-certified cryptographic network module. The BIG-IP FIPS hardware option is specifically designed for processing SSL traffic within environments that require FIPS 140-1 Level 3 compliant solutions. It comes with the FIPS 140-1 level 3 certified PCI based encryption processing module, attached smart card reader, and 5 smart cards. This product can be installed in any BIG-IP Controller platform (D35) that has BIG-IP software version 4.2 and is authorized by your vendor. For more information, see Configuring FIPS 140 Security World on the BIG-IP in the Documentation section of the Software and Documentation CD.
Enhanced support for Secure Network Address Translations (SNATs)
In previous releases, BIG-IP allowed you to automatically map VLANs to translation IP addresses during SNAT creation. In this release, you can now use this automapping feature not only for VLANs, but for one or more individual IP addresses. For more information, see the Address Translation: NATs, SNATs, and IP Forwarding section in Chapter 4, Configuring the High-Level Network.
Enhanced interface statistics
This release features enhanced statistics for BIG-IP interfaces. The following state information and statistics are now available: MTU, Speed, MAC address, packets in, errors in, packets out, errors out, collisions, dropped packets, bits in, bits out. Previously available on the IP Application Switch, this feature is new for the BIG-IP Controller platform. For more information, see Chapter 11, Monitoring and Administration.
Health monitor enhancements
In addition to the standard SNMP health monitor template included in BIG-IP, this release now includes a second SNMP template, which allows users to collect data on elements other than CPU, disk, and memory usage. For more information, see the Health Monitors section in Chapter 4, Configuring the High-Level Network.
Support for LDAP and RADIUS logins
With this release, BIG-IP can now authenticate SSH users by way of an LDAP or a RADIUS server. For information on configuring this feature, see To configure RADIUS login support, on page 12-14 and Configuring LDAP login support, on page 12-15.
Enhanced system logging
System logging in this release provides more detailed information, such as up or down status for nodes. For more information, see Chapter 11, Monitoring and Administration.
Web-based Configuration utility enhancements
This release includes a number of improvements to the web-based Configuration utility. All new features for this release are supported by the Configuration utility.
Learning more about the BIG-IP product family
The BIG-IP platform offers many different software systems. These systems can be stand-alone, or can run in redundant pairs, with the exception of the BIG-IP e-Commerce Controller, which is only available as a stand-alone system. You can easily upgrade from any special-purpose BIG-IP to the BIG-IP HA software, which supports all BIG-IP features.
- The BIG-IP
The BIG-IP HA, HA+, and 5000 software provides the full suite of local area load balancing functionality. The BIG-IP unit also has an optional 3-DNS software module which supports wide-area load balancing. - The BIG-IP e-Commerce Controller
The BIG-IP e-Commerce Controller uses SSL acceleration technology to increase the speed and reliability of the secure connections that drive e-commerce sites. - The BIG-IP special purpose products
The special purpose BIG-IP provides the ability to choose from three different BIG-IP feature sets. When you run the Setup utility, you specify one of three types:
- The BIG-IP Load Balancer
The BIG-IP Load Balancer provides basic load balancing features. - The BIG-IP FireGuard
The BIG-IP FireGuard provides load balancing features that maximize the efficiency and performance of a group of firewalls. - The BIG-IP Cache Controller
The BIG-IP Cache Controller uses content-aware traffic direction to maximize the efficiency and performance of a group of cache servers.
- The BIG-IP Load Balancer
