F5 培訓(xùn)教材(共92張)_第1頁
F5 培訓(xùn)教材(共92張)_第2頁
F5 培訓(xùn)教材(共92張)_第3頁
F5 培訓(xùn)教材(共92張)_第4頁
F5 培訓(xùn)教材(共92張)_第5頁
已閱讀5頁,還剩87頁未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進(jìn)行舉報或認(rèn)領(lǐng)

文檔簡介

1、7 / 20 / 20077 / 20 / 20073Introduction to F5Application Delivery NetworkingEnsures network applications are: Secure, Fast and AvailableF5 Products:BIG-IP Local Traffic ManagerBIG-IP Link ControllerBIG-IP Global Traffic ManagerFirePassBIG-IP Application Security Manager WanJet / Web Accelerator4BIG-

2、IP Local Traffic ManagerInternet Load Balance Servers Monitor Server Status5BIG-IP Global Traffic Manager (3-DNS)Internet Monitor Server Status228300GTM = ?226ISP #1ISP #2BIG-IP Link ControllerInternetLoad Balance ServersLB Inbound LinksLB Outbound Lin

3、ks3 Types of Load Balancing7BIG-IP Enterprise ManagerLTMGTM Centralized version and backup management Centralized view of SSL certificates Device Inventory and Control Support for up to 300 devices 8FirePassFirepassFile ServersWeb Serverstelnet to HostsE-mail ServersTerm Services / CitrixDesktopSSL

4、VPNPDACell phoneAuthenticationAuthorizationOr Full SSL VPNRemote Access thru Browser Authorization by Group9BIG-IP Application Security Manager (TrafficShield)Application Layer Firewall Blocks Known & Unknown Web Attacks Reverse Proxy Application Cloaking Scrubs Outgoing Content7:80In

5、ternet510WanJetRemote OfficeMain Office Optimize the WAN LAN-like results Accelerate applications Configurable site-to-site encryption using SSL 11Web AcceleratorCustomerWeb Server Accelerates all web applications Faster end-user response times Extends server capacity Reduces system load

6、 Reduces network bandwidth needs Transparent to applications & users12Course Outline Day 11. Installation2. Load Balancing3. Monitors4. Profiles13Module 1 - InstallationInternetBIG-IP LTMsClientsServers14Module 1 - OutlineBIG-IP Platform OverviewInstallation (Setup Utility)Configuration Utilitie

7、s and User Access15BIG-IP Hardware Platforms Server Appliance Application Switch16Application Switch 3400 Processor boardSwitch boardA. ProcessorB. SSL cardBAD. SCCPE.ASIC2F.Switch chipsDEFC. CF & HDC17Switch Platforms6800 / 64001500Platform Differences 8800 (2U) Dual Dual Core CPU, 4G Ram, ASIC

8、10 12 10/100/1G & 4Gbg ports 6800 / 6400 (2U) Dual CPU, 2G Ram, ASIC2 16 10/100/1G & 4Gbg ports 3400 (1U) Single CPU, 1G Ram, ASIC2 8 10/100/1G & 2Gbg ports 1500 (1U) Single CPU, 768M Ram 4 10/100/1G & 2Gbg ports18PriceFunction / Performance2 x 2.4 GHz Opteron16 10/100/1000 + 4 SFPLa

9、yer 4 ASIC (PVA2)160GB HD + 512 CFSSL 20K TPS/ 2 Gb BulkFIPS SSL optionHW Compression optionASM /WA option4 Gbps TrafficBIG-IP 68002x 2.80GHz Opteron16 10/100/1000 + 4 SFP160GB HD + 512 CFLayer 4 ASIC (PVA2)HW Compression optionASM /WA optionSSL 15K TPS/2Gb Bulk2Gbps TrafficBIG-IP 64002 x 2.6 GHz Op

10、teron 12 10/100/1000 or 12 SFPLayer 4 ASIC (PVA10)160 GB HD + 512 CFSSL 33K TPS/ 3 Gb BulkHW Compression optionASM /WA option6-10Gbps TrafficBIG-IP 84002 x 2.6 GHz Dual Core Opteron 12 10/100/1000 or 12 SFPLayer 4 ASIC (PVA10)160 GB HD + 512 CFSSL 48K TPS/ 6 Gb BulkHW Compression optionASM /WA optio

11、n7-10Gbps Traffic(7G L7, 6GSSL & Compress)BIG-IP 88001.8GHz Core2Duo4 10/100/1000 + 2 SFP160GB HDSSL 5K TPS/750Mb Bulk 750bps Traffic BIG-IP 1600DAGHSBCPUCPUCPUCPUDAGHSBCPUCPUCPUCPUDAGHSBCPUCPUCPUCPUDAGHSBCPUCPUCPUCPUFabricFabricFabricFabricBIG-IP 36002.13 GHz Opteron8 10/100/1000 + 2 SFP160 GB

12、HD + 8GB CFSSL 10K TPS/ 2 Gb BulkFIPS SSL optionASM /WA option1.5Gbps Traffic19Legacy Platforms51002400Switch Platforms 5100/5110 24 10/100 & 4G 2400 16 10/100 & 2G 1000 8 10/100 & 1G Integrated SSL Acceleration520 / 540Server Appliance 520/540 2 10/100 NICs No Integrated SSL Mainly 3-DN

13、S 20Current BIG-IP LTM Software LevelsPlatformV4.xV9.01600,3600NV9.46800, 6400, 3400, 1500NY5100, 2400, 1000YY520, 540YV9.221Initial BIG-IP LTM Setup1. Config utilityIP Address for Management interface2. License3. Setup utilityRoot passwordIP Address for VLANsAssign interfaces to VLANsWeb Admin pass

14、wordSSH Access22Interface Naming (3400 chassis)1.12.110/100/1000 Ports numbered: top to bottom, left to right1.8Mini Gbg Ports start at 2.1mgmteth0Management Port is eth0usbconsolefailoverMgmt URLHttps:/45Admin/admin23InternetLicense Process Automated Run Setup

15、utility Enter Registration KeyPCBIG-IPLicense the box Get License from F5 Select parametersF5 License Server activate.FReboot (v9.2)24License Process Manual PCBIG-IPF5 License Server activate.FInternetCopy Product Dossier to PCPaste Product Dossier to F5Move PC to InternetDownload License to PCUploa

16、d & Install License fileRun Setup utilityManually License the boxPChttps:/activate.FMove PC backReboot (v9.2)25Setup Utilityhttps:/Management IP Address26Setup Utility Network 27Web Configuration utility28Setup / Configuration AccessTwo methods1. Web Interface https (remote)2. Command Line ssh (

17、remote) Serial Terminal29BIG-IP LTM Backup ProcessStores configuration in one fileIf copied to another system, then re-license30User Authentication Process31BIG-IP LTM Admin Users32Module 2 Load Balancing12345678Internet33Module 2 OutlineVirtual Servers, Members & Nodes Configuring Virtual Serve

18、rs & PoolsVirtual Server & Pool LabLoad Balancing ModesConfiguring Load BalancingLoad Balancing Labs34Pools, Members and NodesNode = IP address:80:80:80Pool Member = Node + PortPool = Group of pool members35Pool Members and NodesInternet:8080172.16

19、.20.1:80:4002:80Pool Members Nodes refer to Pool Members IP Address only36Virtual ServerInternet:8080:4002:80Virtual Server IP Address + Service (Port) Combination “Listens” for and manages traffic 7:80 Normally Associated with a Pool

20、37Virtual Server - Address TranslationBIG-IP LTM performs network address translation to real server addresses such that all machines are viewed as one Virtual ServerReal Server AddressNetwork Address TranslationVirtual Server AddressInternet7:80:8080:80:4

21、002:8038Network Flow - Packet #1Internet:8080:80:4002:80DNS Server7:8039Network Flow - Packet #1LTM translates Dest Address to Node based on Load BalancingInternetPacket # 1 Src - 0:4003Dest 7:80:8080

22、:80:4002:80Packet # 1 Src 0:4003Dest :8007:8040Network Flow Packet #1 Return LTM translates Src Address back to Virtual Server AddressInternetPacket # 1 - return Dest - 0:4003Src 7:80:808

23、0:80:4002:80Packet # 1 - return Dest 0:4003Src :8007:8041Network Flow - Packet #2InternetPacket # 2 Src - 1:4003Dest 7:80:8080:80:4002:80Packet # 2 Src 20

24、1:4003Dest :400217:8042Network Flow Packet #2 Return InternetPacket # 2 - return Dest - 1:4003Src 7:80:8080:80:4002:80Packet # 2 - return Dest 1:4003Src :4002207.17.1

25、17.217:8043Network Flow - Packet #3InternetPacket # 3 Src - 5:4003Dest 7:80:8080:80:4002:80Packet # 3 Src 5:4003Dest :808057:8044Network Flow Packet #3 Return InternetPacket #

26、3 - return Dest - 5:4003Src 7:80:8080:80:4002:80Packet # 3 - return Dest 5:4003Src :80805745Configuring Pools46Configuring Virtual ServersScroll down47Statistics Summary Virtual Servers P

27、ools Nodes48Logs49Load Balancing Modes Round Robin Ratio Least Connections Fastest Observed Predictive Dynamic Ratio Priority Group Activation Fallback HostStaticDynamicF a i l u r e Mechanisms50Round RobinClientsRouterBIG-IP LTM ControllerServersClient requests are distributed evenly12345678Interne

28、t51RatioClientsRouterBIG-IP LTM ControllerServersAdministrator sets ratio for distributing Client requests 3:2:1:11234891011Internet57121461352Least ConnectionsClientsRouterBIG-IP LTM ControllerServers12InternetNext requests goes to Node with fewest open connections459460461470Current Connections345

29、653Least ConnectionsClientsRouterBIG-IP LTM ControllerServersInternetSome time later, number of connections change6163280290111112Current Connections6254FastestClientsRouterBIG-IP LTM ControllerServersNext requests go to Node with fastest response time25Internet10ms10ms 10ms17msCurrent Response Time

30、s143655FastestClientsRouterBIG-IP LTM ControllerServersSome time later, response times change102104Internet10ms10ms7ms7msCurrent Response Times10110356ObservedClientsRouterBIG-IP LTM ControllerServersNext requests goes to Node with combination of fewest connections and best response12Internet57Predi

31、ctiveClientsRouterBIG-IP LTM ControllerServers12InternetNext requests goes to Node with combination of fewest connections and best response over time58Priority Group ActivationClientsRouterBIG-IP LTM ControllerServers135246InternetPriority 1Priority 4If you set Priority Group Activation to 2, and 3

32、of the highest priority members are available, then lower priority members will not be used.59Priority Group ActivationClientsRouterBIG-IP LTM ControllerServers15InternetPriority 1Priority 4324678If number of members falls below Priority Group Activation (2), then the next highest priority members a

33、re used also.60Fallback HostClientsRouterBIG-IP LTM ControllerServersInternetIf all members fail, then client is sent an http redirect to and alternate server.61Pool Member vs. NodeLoad Balancing by: Pool Member IP Address & service Node Total services for one IP Address62If using MemberInternet

34、Next http requests goes to Pool Member with fewest http connectionsCurrent Connectionshttp10710899ftp232512If http pool uses Least Connections (member) load balancing method, then63If using Node12InternetNext http requests go to IP Address with fewest total connectionsCurrent Connectionshttp10710899

35、ftp232564Configuring Load Balancing65Ratio & Priority Group Activation66Module 3 MonitorsInternet:8067Module 3 - Outline Monitor Concepts Configuring Monitors Assigning Monitors Node and Member Status Health Monitor Labs68Monitor Concepts Address Check Node IP Address Service Check IP

36、 : port Content Check IP : port plus check data returned Interactive Check Path Check69Address CheckSteps Packets sent to IP Addresses If no response, then no traffic sent to members using that node address Example - ICMPInternetICMP70Service CheckSteps Opens TCP con

37、nection (IP Address : service) Connection closed If TCP connection fails, then no traffic sent to associated Members Example TCP Internet:80:80:80TCP Connection71Content CheckInternet:80:80:80Steps Opens TCP connection (IP Address : s

38、ervice) Sends a request Response returns data Connection closed If Receive Rule not found in data, then no traffic sent to associated Members Example http http GET /72Interactive CheckInternet:80:80:80Steps Opens TCP connection (IP Address : service) Interactive conv

39、ersation to simulate real-world Connection closed If expected results do not occur, then no traffic sent to associated Members Example SQL requestconversation73Path CheckSteps Sends packet through, not to the device Can check IP Address, Service or Content If condition not met, then no traffic sent

40、through associated memberL i n k CntlISP2ISP1ISP174Configuring Monitors System Supplied Monitors (Templates) Address Checks (icmp) Service Checks (tcp) Content Checks (http) Interactive Checks (ftp) Availability: All templates can be customized Some can be Assigned “as-is” Some can only be used as T

41、emplates for Custom Monitors75Creating Custom Monitors76Additional Monitor Parameters Receive Rule If content found, Node marked Up Reverse Receive Rule If content found, Node marked Down Transparent If Path Available, Node marked Up Used for monitoring Links77Monitor Timers Frequency (Interval) Timeout Recommended 3n + 178Assigning Monitors Default for all Nodes Single Node Options Node Default Node Specific None Default all Members of a Pool Single Pool Member Options Inherit from Pool Member Specific None79Assigning Monitors to NodesFor one Node

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

評論

0/150

提交評論