F5 BIG-IP LTM – F5 Networks Configuring BIG-IP® LTM: Local Traffic Manager

Prerequisites:

Administering BIG-IP, OSI model, TCP/IP addressing and routing, WAN, LAN environments, and server redundancy concepts; or having achieved TMOS Administration Certification.

Target Audience:

This course is intended for system and network administrators responsible for installation, setup, configuration, and administration of the BIG-IP LTM system.

Course Objectives:

• Back up the BIG-IP system configuration for safekeeping
• Configure virtual servers, pools, monitors, profiles, and persistence objects
• Test and verify application delivery through the BIG-IP system using local traffic statistics
• Configure priority group activation on a load balancing pool to allow servers to be activated only as needed to process traffic
• Compare and contrast member-based and node-based dynamic load balancing methods
• Configure connection limits to place a threshold on traffic volume to particular pool members and nodes
• Differentiate between cookie, SSL, SIP, universal, and destination address affinity persistence, and describe use cases for each
• Describe the three Match Across Services persistence options and use cases for each
• Configure health monitors to appropriately monitor application delivery through a BIG-IP system
• Configure different types of virtual services to support different types of traffic processing through a BIG-IP system
• Configure different types of SNATs to support routing of traffic through a BIG-IP system
• Configure VLAN tagging and trunking
• Restrict administrative and application traffic through the BIG-IP system using packet filters, port lockdown, and virtual server settings
• Configure SNMP alerts and traps in support of remote monitoring of the BIG-IP system
• Use an F5-supplied iApp template to deploy and manage a website application service
• Use iRules and local traffic policies appropriately to customize application delivery through the BIG-IP system
• Configure the BIG-IP to detect and mitigate some common attacks at the network and application layers using LTM features such as SYN check, eviction policies, iRules and Local Traffic Policies

Course Outline:

Lesson 1: Setting Up the BIG-IP System

• Introducing the BIG-IP System
• Initially Setting Up the BIG-IP System
• Archiving the BIG-IP Configuration
• Leveraging F5 Support Resources and Tools

Lesson 2: Reviewing Local Traffic Configuration

• Reviewing Nodes, Pools, and Virtual Servers
• Reviewing Address Translation
• Reviewing Routing Assumptions
• Reviewing Application Health Monitoring
• Reviewing Traffic Behavior Modification with Profiles
• Reviewing the TMOS Shell (TMSH)
• Reviewing Managing BIG-IP Configuration Data

Lesson 3: Load Balancing Traffic with LTM

• Exploring Load Balancing Options
• Using Priority Group Activation and Fallback Host
• Comparing Member and Node Load Balancing

Lesson 4: Modifying Traffic Behavior with Persistence

• Reviewing Persistence
• Introducing Cookie Persistence
• Introducing SSL Persistence
• Introducing SIP Persistence
• Introducing Universal Persistence
• Introducing Destination Address Affinity Persistence
• Using Match Across Options for Persistence

Lesson 5: Monitoring Application Health

• Differentiating Monitor Types
• Customizing the HTTP Monitor
• Monitoring an Alias Address and Port
• Monitoring a Path vs. Monitoring a Device
• Managing Multiple Monitors
• Using Application Check Monitors
• Using Manual Resume and Advanced Monitor Timer Settings

Lesson 6: Processing Traffic with Virtual Servers

• Understanding the Need for Other Virtual Server Types
• Forwarding Traffic with a Virtual Server
• Understanding Virtual Server Order of Precedence
• Path Load Balancing

Lesson 7: Processing Traffic with SNATs

• Overview of SNATs
• Using SNAT Pools
• SNATs as Listeners
• SNAT Specificity
• VIP Bounceback
• Additional SNAT Options
• Network Packet Processing Review

Lesson 8: Modifying Traffic Behavior with Profiles

• Profiles Overview
• TCP Express Optimization
• TCP Profiles Overview
• HTTP Profile Options
• OneConnect
• Offloading HTTP Compression to BIG-IP
• HTTP Caching
• Stream Profiles
• F5 Acceleration Technologies

Lesson 9: Selected Topics

• VLAN, VLAN Tagging, and Trunking
• Restricting Network Access
• SNMP Features
• Segmenting Network Traffic with Route Domains

Lesson 10: Deploying Application Services with iApps

• Simplifying Application Deployment with iApps
• Using iApps Templates
• Deploying an Application Service
• Leveraging the iApps Ecosystem on DevCentral

Lesson 11: Customizing Application Delivery with iRules and Local Traffic Policies

• Getting Started with iRules
• Triggering an iRule
• Introducing iRule Constructs
• Leveraging the DevCentral Ecosystem
• Deploying and Testing iRules
• Getting Started with Local Traffic Policies
• What Can You Do with a Local Traffic Policy?
• How Does a Local Traffic Policy Work?
• Understanding Local Traffic Policy Workflow
• Introducing the Elements of a Local Traffic Policy
• Specifying the Matching Strategy
• What Are Rules?
• Understanding Requires and Controls
• Configuring and Managing Policy Rules
• Configuring a New Rule
• Including Tcl in Certain Rule Settings

Lesson 12: Securing Application Delivery with LTM

• Understanding Today’s Threat Landscape
• Integrating LTM Into Your Security Strategy
• Defending Your Environment Against SYN Flood Attacks
• Defending Your Environment Against Other Volumetric Attacks
• Addressing Application Vulnerabilities with iRules and Local Traffic Policies

Lesson 13: Final Lab Project

• About the Final Lab Project
• Possible Solution to Lab 14.0