Applies To:

Show Versions Show Versions

Manual Chapter: Understanding Profiles
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

The BIG-IP® local traffic management system can manage application-specific network traffic in a variety of ways, depending on the protocols and services being used. For example, you can configure the BIG-IP system to compress HTTP response data, or you can configure the system to authenticate SSL client certificates before passing requests on to a target server.
For each type of traffic that you want to manage, the BIG-IP system contains configuration tools that you can use to intelligently control the behavior of that traffic. These tools are called profiles. A profile is a system-supplied configuration tool that enhances your capabilities for managing application-specific traffic. More specifically, a profile is an object that contains user-configurable settings, with default values, for controlling the behavior of a particular type of network traffic, such as HTTP connections. After configuring a profile, you associate the profile with a virtual server. The virtual server then processes traffic according to the values specified in the profile. Using profiles enhances your control over managing network traffic, and makes traffic-management tasks easier and more efficient.
You can associate multiple profiles with a single virtual server. For example, you can associate a TCP profile, an SSL profile, and an HTTP profile with the same virtual server.
The BIG-IP system provides several types of profiles. While some profile types correspond to specific protocols, such as HTTP, SSL, and FTP, other profiles pertain to traffic behaviors applicable to multiple protocols. Examples of these are connection persistence profiles and authentication profiles. Table 5.1 lists the available profile types, with descriptions.
Defines the behavior of Session Initiation Protocol (SIP) traffic.
The BIG-IP system routes SIP traffic based on this SIP profile, which persists on Call-ID; however, you can specify that SIP traffic persist on a value other than Call-ID by creating a SIP persistence profile, as shown following, under Persistence profiles.
Implements session persistence based on the destination IP address specified in the header of a client request. Also known as sticky persistence.
Implements session persistence in a way similar to universal persistence, except that the BIG-IP system uses a hash for finding a persistence entry.
Microsoft® Remote Desktop
Implements session persistence for Microsoft® Remote Desktop Protocol sessions.
Implements SIP message handling. Also, implements SIP persistence based on a specified SIP header field. Note that in order to use a SIP persistence profile, you must also create a SIP profile, as shown previously, under Services profiles.
Implements session persistence based on the source IP address specified in the header of a client request. Also known as simple persistence.
Allows the BIG-IP system to authenticate traffic based on authentication data stored on a remote Lightweight Directory Access Protocol (LDAP) server.
Allows the BIG-IP system to control a clients access to server resources based on data stored on a remote LDAP server. Client authorization credentials are based on SSL certificates, as well as defined user groups and roles.
Allows the BIG-IP system to check on the revocation status of a client certificate using data stored on a remote Online Certificate Status Protocol (OCSP) server. Client credentials are based on SSL certificates.
Manages status of Certificate Revocation Lists (CRLs) using the industry-standard Certificate Revocation List Distribution Point ((CRLDP) technology.
Enables client requests to reuse server-side connections. The ability for the BIG-IP system to reuse server-side connections is known as Connection PoolingTM.
The BIG-IP system includes one or more default profiles for each profile type listed in Table 5.1. A default profile is a system-supplied profile that contains default values for its settings. An example of a default profile is the http default profile. You can use a default profile in several ways:
You can use a default profile as is.
You simply configure your virtual server to reference the default profile.
You can modify the default profile settings (not recommended).
When you modify a default profile, you lose the original default profile settings. Thus, any custom profiles you create in the future that are based on that default profile inherit the modified settings.
You can create a custom profile, based on the default profile (recommended).
This allows you to preserve the default profile, and instead configure personalized settings in the custom profile. Custom profiles inherit some of the setting values of a parent profile that you specify. After creating a custom profile, you can configure your virtual server to reference the custom profile instead of the default profile. For more information on custom profiles, see Custom and parent profiles, following.
A custom profile is a profile that is derived from a parent profile that you specify. A parent profile is a profile from which your custom profile inherits its settings and their default values.
When creating a custom profile, you have the option of changing one or more setting values that the profile inherited from the parent profile. In this way, you can pick and choose which setting values you would like to change and which ones you would like to retain. An advantage to creating a custom profile is that by doing so, you preserve the setting values of the parent profile.
Note: If you do not specify a parent profile when you create a custom profile, the BIG-IP system automatically assigns a related default profile as the parent profile. For example, if you create a custom HTTP type of profile, the default parent profile is the default profile http.
A typical profile that you can specify as a parent profile when you create a custom profile is a default profile. For example, if you create a custom TCP-type profile called my_tcp_profile, you can use the default profile tcp as the parent profile. In this case, the BIG-IP system automatically creates the profile my_tcp_profile so that it contains the same settings and default values as the default profile tcp. The new custom profile thus inherits its settings and values from its parent profile. You can then retain or change the inherited setting values in the custom profile to suit your needs.
When creating a custom profile, you can specify another custom profile, rather than the default profile, as the parent profile. The only restriction is that the custom profile that you specify as the parent must be of the same profile type as the profile you are deriving from the parent. Once you have created the new custom profile, its settings and default values are automatically inherited from the custom profile that you specified as the parent.
For example, if you create a profile called my_tcp_profile2, you can specify the custom profile my_tcp_profile as its parent. The result is that the default setting values of profile my_tcp_profile2 are those of its parent profile my_tcp_profile.
If you subsequently modify the settings of the parent profile (my_tcp_profile), the BIG-IP system automatically propagates those changes to the new custom profile.
For example, if you create the custom profile my_tcp_profile and use it as a parent profile to create the custom profile my_tcp_profile2, any changes you make later to the parent profile my_tcp_profile are automatically propagated to profile my_tcp_profile2. Conversely, if you modify any of the settings in the new custom profile (in our example, my_tcp_profile2), the new custom profile does not inherit values from the parent profile for those particular settings that you modified.
Profiles are a configuration tool that you can use to affect the behavior of certain types of network traffic. By default, the BIG-IP system provides you with a set of profiles that you can use as is. These profiles contain various settings that define the behavior of different types of traffic. Profiles also give you a way to enable connection and session persistence, and to manage client application authentication. Once you have assigned a profile to a virtual server, the BIG-IP system manages any traffic that corresponds to that profile type according to the settings defined in that profile.
There are two possible types of profiles: default profiles, which the BIG-IP system supplies, and custom profiles, which you typically create.
To help you better manage HTTP and TCP traffic specifically, the BIG-IP system includes a set of F5-created custom profiles. These profiles contain recommended configurations that you would most likely want to use. By using these profiles, you do not need to create them yourself.
Default profiles are useful when the values contained in them are sufficient for your needs. Custom profiles are useful when you want your values to differ from those contained in the default profile. To ease your task of configuring and maintaining profiles, the BIG-IP system ensures that a custom profile automatically inherits settings and values from a parent profile.
You do not need to take any action to use the default profiles that are enabled by default. The BIG-IP system uses them to automatically direct the corresponding traffic types according to the values specified in the those profiles.
You can create a custom profile, using the default profile as the parent profile, modifying some or all of the values defined in that profile.
As described in the previous section, profiles are a configuration tool to help you manage your application traffic. To make use of profiles, you can either use the default profiles that the BIG-IP system provides, or you can create your own custom profiles. You can also modify existing profiles as needed.
Note: You can manage only those profiles that you have permission to manage, based on your user role and partition access assignment.
The following sections contain the procedures for creating and modifying profiles. To understand individual profile settings and their effect on different types of traffic, see either the remainder of this chapter, or one of the following chapters:
The BIG-IP system provides a default profile that you can use as is for each type of traffic. A default profile includes default values for any of the properties and settings related to managing that type of traffic. To implement a default profile, you simply assign the profile to a virtual server, using the Configuration utility. You are not required to configure the setting values. For more information, see Implementing a profile.
Using the Configuration utility, you can modify the values of a default profile. We do not recommend this. Although modifying a default profile appears to be simpler and quicker than creating a custom profile, be aware that in so doing, you lose the original values. If you want to reset the profile back to its original state, you must do this manually by modifying the settings of the default profile again to specify the original values. (To find the original default values, see the relevant profile chapter in this guide, or see the online help.)
Note: All default profiles reside in partition Common. For more information, see the TMOSTM Management Guide for BIG-IP® Systems.
Second, you must associate that profile with a virtual server. For information on associating a profile with a virtual server, see Implementing a profile.
1.
On the Main tab of the navigation pane, expand Local Traffic, and click Profiles.
The HTTP Profiles screen opens.
If you are modifying the http profile, click the name http.
This displays the properties and settings of the default http profile.
If you are modifying a default profile other than the http profile, click the appropriate profile menu on the menu bar and choose a profile type. Then click a profile name.
This displays the properties and settings of that default profile.
4.
Click Update.
If you do not want to use a default profile as is or change its settings, you can create a custom profile. Creating a custom profile and associating it with a virtual server allows you to implement your own specific set of traffic-management policies.
When you create a custom profile, the profile is a child profile and automatically inherits the setting values of a parent profile that you specify. However, you can change any of the values in the child profile to better suit your needs. For background information on custom profiles and inheritance of setting values, see Custom and parent profiles.
If you do not specify a parent profile, the BIG-IP system uses the default profile that matches the type of profile you are creating.
Important: When you create a custom profile, the BIG-IP system places the profile into your current administrative partition. For information on partitions, see the TMOSTM Management Guide for BIG-IP® Systems.
Second, you must associate that profile with a virtual server. For information on associating a profile with a virtual server, see Implementing a profile.
Important: Within the Configuration utility, each profile creation screen contains a check box to the right of each profile setting. When you check a box for a setting and then specify a value for that setting, the profile then retains that value, even if you change the corresponding value in the parent profile later. Thus, checking the box for a setting ensures that the parent profile never overwrites that value through inheritance.
1.
On the Main tab of the navigation pane, expand Local Traffic, and click Profiles.
The Profiles screen opens and, by default, displays a list of any existing HTTP profiles.
3.
On the right side of the screen, click Create.
This displays the screen to create a new profile.
Note: If the Create button is unavailable, this indicates that your user role does not grant you permission to create a profile.
4.
In the Name box, type a unique name for your profile.
5.
For the Parent Profile setting, select a profile from the list.
You can select either the default profile or another custom profile.
If you want to specify or modify a value, locate the setting, click the box in the Custom column on the right side of the screen, and then type or modify a value.
If you want to retain a value inherited from the parent profile, leave the setting as is. Do not check the box in the Custom column.
7.
Click Finished.
Tip: An alternative way to access the New Profile screen in the Configuration utility is to locate the Main tab, expand Local Traffic, click the Create button adjacent to the Profiles menu item, and select a profile type.
Once you have created a custom profile, you can use the Configuration utility to adjust the settings of your custom profile later if necessary. If you have already associated the profile with a virtual server, you do not need to perform that task again.
Important: Within the Configuration utility, each profile creation screen contains a check box to the right of each profile setting. When you check a box for a setting and then specify a value for that setting, the profile then retains that value, even if you change the corresponding value in the parent profile later. Thus, checking the box for a setting ensures that the parent profile never overwrites that value through inheritance.
1.
On the Main tab of the navigation pane, expand Local Traffic, and click Profiles.
The HTTP Profiles screen opens.
2.
From the menu for the type of profile you want to modify (Services, Persistence, Protocols, SSL, or Authentication), choose a profile type.
This displays a list of existing profiles of that type.
3.
In the Name column, click the name of the profile you want to modify.
This displays the settings and values for that profile.
If you want to modify a value, locate the setting, click the box in the Custom column on the right side of the screen, and then modify the value.
If you want to retain a value inherited from the parent profile, leave the setting as is. Do not check the box in the Custom column.
If you want to reset a value back to the parent profile value, clear the check box in the Custom column on the right side of the screen.
5.
Click the Update button.
Note: You can manage only those profiles that you have permission to manage, based on your user role and partition access assignment.
You can view a list of existing profiles. When you display a list of profiles, the Configuration utility displays the following information about each profile:
Tip: When listing existing profiles, you can use the Search box that appears directly above the profile list. With the Search box, you can specify a string to filter the list, thereby showing only those objects that match the string. The default setting is an asterisk (*), which means show all objects.
1.
On the Main tab of the navigation pane, expand Local Traffic, and click Profiles.
The HTTP Profiles screen opens.
3.
On the menu bar, click the category of profile you want to view. For example, if you want to view a list of TCP profiles, click Protocol.
4.
From the menu, choose a profile type.
The list screen opens for that profile type.
3.
Click Delete.
A confirmation screen appears.
4.
Click Delete.
Once you have created a profile for a specific type of traffic, you implement the profile by associating that profile with one or more virtual servers.
You associate a profile with a virtual server by configuring the virtual server to reference the profile. Whenever the virtual server receives that type of traffic, the BIG-IP system applies the profile settings to that traffic, thereby controlling its behavior. Thus, profiles not only define capabilities per network traffic type, but also ensure that those capabilities are available for a virtual server.
1.
On the Main tab of the navigation pane, expand Local Traffic, and click Virtual Servers.
The Virtual Servers screen opens.
2.
In the Name column, click a virtual server name.
This displays the properties and settings for that virtual server.
3.
Locate the setting for the type of profile you want to assign and select the name of a default or custom profile.
Because certain kinds of traffic use multiple protocols and services, users often create multiple profiles and associate them with a single virtual server.
For example, a client application might use the TCP, SSL, and HTTP protocols and services to send a request. This type of traffic would therefore require three profiles, based on the three profile types TCP, Client SSL, and HTTP.
Each virtual server lists the names of the profiles currently associated with that virtual server. You can add or remove profiles from the profile list, using the Configuration utility. Note that the BIG-IP system has specific requirements regarding the combinations of profile types allowed for a given virtual server.
In directing traffic, if a virtual server requires a specific type of profile that does not appear in its profile list, the BIG-IP system uses the relevant default profile, automatically adding the profile to the profile list. For example, if a client application sends traffic over TCP, SSL, and HTTP, and you have assigned SSL and HTTP profiles only, the BIG-IP system automatically adds the default profile tcp to its profile list.
At a minimum, a virtual server must reference a profile, and that profile must be associated with a UDP, FastL4, Fast HTTP, or TCP profile type. Thus, if you have not associated a profile with the virtual server, the BIG-IP system adds a UDP, FastL4, Fast HTTP, or TCP default profile to the profile list.
The default profile that the BIG-IP system chooses depends on the configuration of the virtual servers protocol setting. If the protocol setting is set to UDP, the BIG-IP system adds the udp profile to its profile list. If the protocol setting is set to anything other than UDP, the BIG-IP system adds the FastL4 profile to its profile list.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)