F5BIG-IP LC 配置手册
F5配置手册(内部)
[取值范围] 必须符合 DNS 域名标准。 主机部分以字母开头且不少于 2
位的字符串。
[示例] 主机为:ljxc-3600-1
备机为:ljxc-3600-2
可用模式,包括:
Single Device:单机模式 Redundant Pair:双机模
式
[配置值] Redundant Pair
图2-4 重启提示
F5 Netwotks
2. 单击“确定”。 进入 Dossier 生成界面。
3. 选择“Copy/Paste Text”。 页面中“Step1:Dossier”右边的由数字和字母组成的文件即为 Dossier 文件,如图 2-5 所示。
图2-5 生成 Dossier(Copy/Paste Text)
此时 LCD 屏幕上会出现配置好的 IP 地址。
如果通过 LCD 按键修改完 IP 地址以后,地址无法成功变更(例如出现 IP 地址 为全零的情况),可能是管理口 IP 地址与系统内已配臵的 IP 发生冲突。若出现 这种情况,请关机重启后,重新选定 IP 地址或网段来设臵管理网口地址。
----结束
9 / 42
F5 与其它设备互联的 IP 地址,每台 F5 设备的 Internal-Vlan Self IP 均是不同的。
两台 F5 在 Internal-Vlan 上的浮动地址,该地址会漂 移在 Active 的 BIGIP 设备上,主要用于后端服务器 指往下一段 IP 的网关地址,在 Redundence 结构下, 两台 F5 的 Internal Vlan Shared IP 的地址是相同的。
1.1.2 VLAN 划分
根据现网组网模式,F5 上需要划分 3 个 VLAN,如表 1-1 所示。
F5_LC_V11标准配置文档
F5 BIGIP-LC-V11 标准配置文档神州数码-赵威完成时间:20150909目录一.DNS基本原理 (4)二.拓扑图 (5)三.Lc及ltm物理和逻辑组件 (5)四.配置所需的资源 (6)五.配置前的准备工作 (7)六.网络层配置 (10)1.划分Vlan (10)2.配置Self IP (11)3.配置Routes (14)七.应用负载均衡配置 (15)1.配置Pools (15)2.配置Virtual Servers (16)八.链路负载均衡配置 (19)1.Outbound方向 (19)1.1配置f5 Gateway (19)1.2配置运营商地址库 (21)1.3编写irule控制流量的方向 (30)1.4配置Snatpool(非必要) (30)1.5配置Vs并关联Irule (31)2.Inbound方向 (31)2.1配置Listeners (31)2.2配置Links (32)2.3配置Topology算法 (34)2.4配置Wide Ips (40)2.5.LC常用算法介绍 (41)九.修改DNS注册商的域名指向 (41)十.一些应该注意的细节问题 (42)十一.测试过程 (42)十二.总结LC的访问流程 (42)一.DNS基本原理①用户在客户端浏览器的地址栏中输入,则在客户端浏览器本地的DNS客户端首先向本机已经配置或者分配好的DNS服务器发起的域名解析请求,这里客户端配置的DNS服务器我们通常称为Local DNS服务器。
而Local DNS服务器先查询是否在本地的缓存中有有效的的DNS记录,如果发现有在有效期之内的对应DNS记录,则直接返回给Local DNS解析的结果。
②查询后如果发现本地缓存中没有这条记录,则直接从本机预先配置好的根DNS服务器IP地址列表中向某一台根域服务器发起请求,查询。
③在根DNS服务器中,记录了每个顶级域分别是由哪些DNS服务器负责,所以它会向发起请求的Local DNS服务器返回.com域的服务器记录。
F5 BIG-IP LTM 详解(工作原理 配置手册)
Fowarding VS(Forwarding IP)
客户端
查询本地路由表
TMM
转发客户端请求
• 只能使用Fast L4 Profile • 按照连接处理,类似于路由器工作,但不完全一样,在Fast L4
Profile中开启Loose Initial和Loose Close之后更为接近路由工作模式 • 所有穿过Fowarding VS的连接都将产生连接表 • 没有Pool Member,转发完全取决于本地路由 • 可以使用基于4层的Rules
TM/OS
Host OS
Web 界面管理 健康检查 SNMP ……..
独立的管理机 管理CPU SCCP
TMM 0
BridgeLeabharlann SSL加解密HTTP压缩
PVA(Packet Velocity ASIC)
四层交换专用ASIC
万兆/千兆交换端口
Admin
Console
BIGIP 内部结构-Mecury平台16/36/69/89
VS和Rules
Rate Shaping TCP Express
SSL TrafficShield
Caching XML Web Accel 3rd Party
Compression OneConnect TCP Express
Microkernel
TCP Proxy
Client Server Side Side
HTTP_REQUEST HTTP_REQUEST_DATA
RTSP_REQUEST . . . .
TCP Proxy
Client Server Side Side
F5 BIG-IP LTM 详解(工作原理 配置手册)
Host OS
Web 界面管理 健康检查 SNMP ……..
独立的管理机
管理CPU
SCCP
TMM
0
Bridge
SSL加解密
HTTP压缩
PVA(Packet Velocity ASIC) 四层交换专用ASIC Admin
万兆/千兆交换端口
Console
BIGIP 内部结构-Mecury平台16/36/69/89
如ACK、RST等如果不在连接表中,则全部丢弃。
• 在Fast L4 profile打开Loose close和Loose Initial的时候对非Syn包 也可以建立连接表
Performance L4 攻击防护-Syn Cookie
Syn Syn,Ack (syncookie)
Ack(Cookie)
tcplanoptimized除非你非常了解tcp的工作原理否则不要调整除ideltimeout以外的任何参数重要的profileclientssl注意clientsslprofile不一定只能使用在https上使用clientssl的vs不一定使用443端口tmm客户端客户端客户端服务器端服务器端服务器端sslsslssl重要的profileftpftpprofile主要用于处理ftp的主动和被动传输两种模式由于需要配置动态侦听端口因此ftp协议必须进行单独处理通过irules也可以达到同样的目的但由于ftp协议使用非常广泛因此使用ftpprofile来简化配置和处理ftpprofile必须依赖于tcpprofile工作为什么要用cmpclustermultiprocessorcpu的主频增加受到比较大的限制目前的趋势是以多核扩展为主asicapplicationspecificintergratedcircuitsnpnetworkprocessor的处理架构并不适合于复杂灵活的流量处理对于不规范的流量采用硬件加速将导致系统设计僵化很难加入新的功能实现市场需求需要充分利用cpu的多核处理能力来提升系统的整体性能cmp工作原理cmp的硬件支持cmp工作模式流量由hsb进行分配在多个tmm上每个tmm占据一个cpucore每个tmm有自己独立的内存空间每个tmm都具有相同的配置包括vsprofileirulespoolpersistence等tmm之间通过内存高速总线进行通讯共享通用信息如会话保持表snat源端口等6468的硬件平台已经支持cmp在100上自动开启viptmm0viptmm1viptmm2viptmm3hsbhsbsupervip如何查看cmp工作状态tmmshow可以观察每个tmm的状态关于cmp必须了解的内容v9平台启动waweb应用加速器和asm应用安全管理器将disablecmpirules中定义全局变量将disablecmpv9中使用sessionaddsessionlookup命令将disablecmpconnectionlimit和rateshaping的配置是针对每个tmm生效dbprovisiontmmcount任何一个tmmcrash将导致设备间failovertcpdump已经调整为可支持cmp查看virtualserver的cmp工作状态如何查看tmmcpu占用率每颗cpu
F5 BIG-IP LTM标准配置文档
BIG-IP LTM 标准配置文档目录一、设备配置准备工作 (3)1.设备硬件环境准备 (3)2.工作站F5设备连接方式(此处仅作介绍,初始化阶段不需要使用console) (3)二、网络基础配置 (6)1. 激活License (6)2.网络配置 (13)三、服务器负载均衡配置............................................................................. 错误!未定义书签。
1.配置default_gateway_vs ..................................................................... 错误!未定义书签。
2.针对服务建立相应VS ........................................................................ 错误!未定义书签。
一、设备配置准备工作1.设备硬件环境准备首先需要为设备准备IP 地址,在公安局环境中,地址需要保护,设备数量为一台时,需要一个IP 地址作为设备地址,如果设备数量为2台时,则需要3个IP 地址,2个配置在设备作物理地址,一个地址作为HA 地址,两台设备。
1..1口分别接入到核心交换机,1.4口用一条跳线不跨越交换机直连。
Failover 的9针接口用蓝色心跳线连接。
2.工作站F5设备连接方式(此处仅作介绍,初始化阶段不需要使用console )1)Control 方式1. 将Console 线连接工作站COM 口和F5的console 口,网线连接工作站网口和F5的MGMT网口。
2. 如果工作站使用“超级终端”,COM 口设置如下:如果工作站使用SecureCRT ,设置如下:F5的MGMT网口默认的IP地址为192.168.1.245/24,因此,配置工作站网口的地址为192.168.1.200/24,以便与F5设备连接3.工作站上ssh工具如SecureCRT设置如下:默认用户名为root,密码为default二、网络基础配置首先设备需要激活才能进行正常配置,激活可以通过HTTPS的方式,以下做介绍1. 激活License通过https://192.168.1.245,默认用户名为admin,密码为admin1.登录F5 BIG-IP LTM设备并输入key,获取dossior.do文件在工作站使用IE浏览器,输入https://192.168.1.245登录BIG-IP点击“是”确认证书。
F5BIGIP配置文档
F5BIGIP配置⽂档BIGIP标准配置⽂档⽬录1. 连接BIGIP (4)1.1 Console⽅式 (4)1.2 ⽹络连接⽅式 (4)1.2.1 基于WEB⽅式 (4)1.2.2 基于SSH⽅式 (7)2.⽹络配置 (9)2.1 ⽹络配置步骤及流程 (9)2.1.1 L2 Vlan 配置 (10)2.1.2 L3 self ip 配置 (11)2.2 服务器直连模式⽹络配置 (12)2.2.1 ⽹络连接拓扑图 (12)2.2.2 VLAN划分 (12)2.2.3 IP地址划分 (13)2.3 服务器⾮直连模式⽹络配置 (14)2.3.1 ⽹络拓扑结构 (14)2.3.2 VLAN划分 (14)2.3.3 IP地址划分 (15)2.4 透明模式⽹络配置 (16)2.4.1 ⽹络拓扑结构 (16)2.4.2 VLAN划分 (16)2.4.3 IP地址划分 (16)2.5 静态路由的添加 (17)3.负载均衡配置 (17)3.2 Pool配置 (19)3.3 Virtual Server配置 (22)3.4 会话保持配置 (24)3.4.1 会话保持的概念 (24)3.4.2 Simple会话保持 (25)3.4.3 Cookie 会话保持 (26)3.5 iRules配置 (27)3.6 Monitor配置 (30)3.6.1 Monitor的添加 (30)3.6.2 Node Address Monitor配置 (33) 3.6.3 Node Association Monitor配置 (35)3.6.4 Monitor 的验证 (36)4. SNAT配置 (37)4.1 SNAT的概念 (37)4.2 NAT配置 (38)4.3 SNAT配置 (39)4.3.1 SNAT IP配置 (39)4.3.2 SNAT AutoMap配置 (41)5. Redundent配置 (42)6. 系统维护部分配置 (46)6.1 SNMP配置 (46)6.2 Syslog配置 (47)6.3 NTP配置 (47)6.4 ⽤户管理 (50)7. BIGIP命令⾏常⽤命令解释 (57)7.1 系统配置相关命令 (57)7.2 系统维护相关命令 (57)1.连接BIGIP1.1Console⽅式基于Console终端配置BIG-IP 的准备安装Windows操作系统的PC⼀台(装有超级终端)BIGIP设备⾃带的Console电缆⼀条使⽤超级终端建⽴⼀个连接,通过Console电缆⼀端连接BIGIP,⼀端连接COM,COM的参数设置如图:1.2⽹络连接⽅式1.2.1基于WEB⽅式在浏览器地址栏键⼊https://(BIGIP 设备IP地址),如下图:回车后,出现以下界⾯:此对话框为浏览器与BIGIP通讯交换的证书提⽰,点击“是”继续输⼊⽤户名和密码点击确定继续点击Configure your BIGIP Using Configration Utility进⼊BIGIP配置主界⾯。
F5 BIG-IP负载均衡器 接入指南
如何创建网元目录目录1 创建外购件网元――F5 BIG-IP负载均衡器 ............................................................................. 1-21.1 组网图....................................................................................................................................................... 1.1-21.2 创建过程简介........................................................................................................................................... 1.2-21.3 准备工作................................................................................................................................................... 1.3-31.3.1 设备侧 .......................................................................................................................................... 1.3.1-31.3.2 I2000网管侧 ................................................................................................................................. 1.3.2-31.4 创建步骤................................................................................................................................................... 1.4-31.4.1 配置设备的SNMP Agent ............................................................................................................ 1.4.1-31.4.2 在I2000客户端创建网元 ........................................................................................................... 1.4.2-71.4.3 正确性检查................................................................................................................................... 1.4.3-81.5 常见问题处理........................................................................................................................................... 1.5-91.5.1 创建网元时系统提示无法连接设备........................................................................................... 1.5.1-91.5.2 创建设备成功,但收不到设备的告警信息............................................................................... 1.5.2-91 创建外购件网元――F5 BIG-IP负载均衡器本文描述了将一个F5接入网管的过程,通过创建网元操作使设备在I2000的拓扑视图中正常显示,且能够接受I2000的管理。
F5 BIG-IP配置指导书
F5 BIG-IP负载均衡器配置指导书目录一、ISMG网络结构与IP地址规划 (3)二、配置BIGIP3400负载均衡设备 (4)2.1设置负载均衡器管理网口地址 (4)2.2登录BIGIP的WEB管理界面 (5)2.3激活License (5)2.4初始化设置 (7)2.4.1BIG-IP 1上的平台(Platform)通用属性设置 (7)2.4.2修改系统时间 (8)2.4.4重新启动bigip (9)2.5配置网络层 (9)2.5.1划分vlan (9)2.5.2定义IP地址 (11)2.5.3配置路由 (13)2.6配置双机设置(High Availability) (14)2.6.1配置Redundant Pair的IP地址 (14)2.6.2配置双机自动切换机制FailSafe配置 (16)2.7配置服务器负载均衡 (17)2.7.1配置Monitor (17)2.7.2配置Profile (18)2.7.3配置负载均衡Pool (19)2.7.5建立Virtual server,实现对服务器的负载均衡 (20)2.7.5设置SNAT (23)2.8两台BIGIP配置同步 (26)2.9备份配置 (26)三、系统运行状态检查及维护 (27)3.1检查系统日志信息: (27)3.2检查Node状态 (28)3.3查看流量信息 (29)3.4查看系统当前性能参数 (29)3.5密码的更改 (30)3.6添加“只读”权限的管理员帐号 (30)3.7如何查询设备的序列号: (31)3.8如何采集信息提供他人进行故障诊断 (31)3.8对某一Virtual Server用TCPDUMP命令无法抓到包如何处理? (32)一、网络结构与IP地址规划网络拓扑结构如下图所示:略相关的IP地址规划如下:注:以上的IP地址规划是测试环境的IP地址设置,需要根据现网环境中的IP地址规划进行修改。
注:以下接口连接表还没有更新,需要由现场工程师更新的。
F5 BIGIP配置方法
BY 杜贝典
1.1 OSI七层模型图
1.2 OSI参考模型每层的任务
• 7.应用层:提供用户接口 • 6.表示层:表述数据;对数据的操作诸如加密,压缩等等 • 5.会话层:建立会话,分隔不同应用程序的数据 • 4.传输层:提供可靠和不可靠的数据投递;在错误数据重新
传输前对其进行更正 • 3.网络层:提供逻辑地址,用于routers的路径选择 • 2.数据链路层:把字节性质的包组成帧;根据MAC地址提供
1.5 IP Routing 的含义
• 路由协议(routing protocol):用于routers动态寻找 网络最佳路径,保证所有routers拥有相同的路由表. 一般,路由协议决定数据包在网络上的行走的路径. 这类协议的例子有OSPF,RIP,IGRP,EIGRP等
• 可路由协议(routed protocol):当所有的routers知 道了整个网络的拓扑结构以后,可路由协议就可以 用来发送数据.一般的,可路由协议分配给接口,用 来决定数据包的投递方式.这类例子有IP和IPX
对传输介质的访问;实行错误检测,但是不实行错误更正 • 1.物理层:在设备之间传输比特(bit);定义电压,线速,针脚等
物理规范
1.3 OSI参考模型每层的功能
• 7.应用层:提供文件,打印,数据库,和其他应用 程序等服务
• 6.表示层:数据加密,压缩和翻译等等 • 5.会话层:会话控制 • 4.传输层:提供端到端的连接 • 3.网络层:路由(routing) • 2.数据链路层:组成帧 • 1.物理层:定义物理拓扑结构
1.4 常见协议
• 动态主机配置协议(Dynamic Host Configuration Protocol ,DHCP)
F5 BIG-IP LC 配置准备情况表
VLAN名称
端口划分和IP分配
LC01
Ctc_Link
端口
IP地址/掩码
61.164.138.226/28
Floating IP
网关
61.164.138.225
Cnc_Link
端口
IP地址/掩码
60.12.38.138/29
Floating IP
网关
60.12.38.137
Internal
端口
表4、FQDN及VIP对应表
61.148.68.114
113
202.106.0.20
61.164.138.227:25
Mail_25_pool
Mail_110_vs
61.164.138.227:110
Mail_110_pool
表3、Virtual Server及VIP对应表
6、填写FQDN、Virtual Server、VIP对应表
FQDN
Virtual Server
VIP
网关
Internal
端口
IP地址/掩码
Floating IP
HA
端口
IP地址/掩码
MGT
端口
Mgmt
IP地址/掩码
192.168.1.245/24
表1、LC自身端口划分和地址分配对应表
4、确定服务pool采用的负载均衡方式,完成Pool及Node对应表:
Pool
LB _ Method
Node
Default_gateway_pool
F5LC实施情况准备表
为了更迅速地完成F5 LC的实施,需要预先了解并确定以下内容:
1、F5设备硬件详细信息:
F5详细配置手册
F5详细配置⼿册F5 BIG-IP负载均衡器配置指导书⽬录添加“只读”权限的管理员帐号.............................................................................................对某⼀Virtual Server⽤TCPDUMP命令⽆法抓到包如何处理............................................⼀、⽹络结构与IP地址规划本⼿册以移动W AP/彩信⽹关为例⽹络拓扑结构如下图所⽰:整个数据⽹络设备,采⽤两台防⽕墙、两台BIG-IP 3400负载均衡器、及两台交换机、⽹络设备都采⽤主、备设备,以实现设备、链路的冗余备份,以消除单点故障。
这⾥部署负载均衡器的⽬的主要是为了增加服务器的数量,以提升系统的处理能⼒。
但对外仍然是⼀个IP地址。
相关的IP地址规划如下:注:以上的IP地址规划是测试环境的IP地址设置,需要根据现⽹环境中的IP地址规划进⾏修改。
⼆、配置BIGIP3400负载均衡设备本章将主要描述BIGIP3400负载均衡设备的配置⽅法及配置内容。
旁路/直连的选择2.1.1路由/直连模式的介绍⽹络连接的物理结构如下结构:Ip规划说明:图中bigip为负载均衡交换机,bigip上⾯使⽤公开的ip地址,bigip下⾯同负载均衡的服务器使⽤不公开的ip地址。
但对外提供服务则使⽤公开的ip。
2.1.2旁路模式的介绍⽹络连接的物理结构如下结构:Ip规划说明:图中bigip为负载均衡交换机,bigip和负载均衡的服务器均使⽤公开的ip 地址。
2.1.3 路由/直连模式同旁路模式的⽐较(1)流量⾛向不⼀样;路由/直连模式的流量⾛向如下:如上图,bigip同客户端的流量在bigip的上联接⼝,bigip同服务器的流量在下⾯的接⼝。
旁路模式的流量⾛向如下:如上图,bigip⽆论同客户端还是同服务器的通讯流量均在bigip的⼀个接⼝上。
F5详细配置手册
F5 BIG-IP负载均衡器配置指导书目录一、网络结构与 IP 地址规划 ....................................错误 ! 不决义书签。
二、配置 BIGIP3400 负载均衡设备 ...............................错误 ! 不决义书签。
旁路 / 直连的选择 ..........................................错误 ! 不决义书签。
路由 / 直连模式的介绍..................................错误 ! 不决义书签。
旁路模式的介绍 .......................................错误 ! 不决义书签。
路由 / 直连模式同旁路模式的比较.......................错误 ! 不决义书签。
设置负载均衡器管理网口地址...............................错误 ! 不决义书签。
登录 BIGIP 的 WEB管理界面 .................................错误 ! 不决义书签。
激活 License .............................................错误 ! 不决义书签。
初始化设置 ...............................................错误 ! 不决义书签。
1 上的平台 (Platform)通用属性设置 . ....................错误 ! 不决义书签。
更正系统时间 .........................................错误 ! 不决义书签。
设置缺省管理权限策略.................................错误 ! 不决义书签。
重新启动 bigip .......................................错误 ! 不决义书签。
F5负载均衡BigIP配置手册
外网F5配置步骤:一、登录到F5 BIG-IP管理界面:1、初次使用:①、打开F5 BIG-IP电源,用一根网线(直连线和交叉线均可)连接F5 BIG-IP的管理网口和笔记本电脑的网口,将笔记本电脑的IP地址配置为“,子网掩码配置为“ .255.0 ”。
②、用浏览器访问F5 BIG-IP的出厂默认管理IP地址或③、输入出厂默认用户名:admin,密码:admin④、点击Activate 进入F5 BIG-IP License 申请与激活页面,激活License。
⑤、修改默认管理密码。
2、以后登录:通过F5 BIG-IP的自身外网IP登录。
①、假设设置的F5自身外网IP为,就可以通过登录。
②、还可以通过SSH登录,用户名为root,密码跟Web!理的密码相同。
二、创建两个VLAN internal 和external,分别表示内网和外网。
1、创建VLAN internal (内网)在“ Network—VLANs 页面点击“ create ” 按钮:①、Name栏填写:internal (填一个英文名称)②、Tag栏填写:4093 (填一个数字)③、Interfaces 栏:将Available 列的“1.1 ”拉到Untagged列。
表示F5 BIG-IP的第一块网卡。
2、创建VLAN external (外网)在“ Network—VLANs页面点击“ create ”按钮创建VLAN①、Name栏填写:external (填一个英文名称)②、Tag栏填写:4094 (填一个数字)③、Interfaces 栏:将Available 列的“ 1.2 ”拉到Untagged列。
表示F5 BIG-IP的第二块网卡。
三、创建F5 BIG-IP的自身IP :分别对应internal (内网)和external (外网)1、创建自身内网IP :在“ Network—Self IPs ”页面点击“ create ” 按钮:①、IP Address栏填写:(填内网IP地址)②、Netmask栏填写:(填内网子网掩码)③、VLAN栏选择:internal2、创建自身外网IP :在“ Network—Self IPs "页面点击“ create "按钮:①、IP Address栏填写:(填外网IP地址)②、Netmask栏填写:(填外网子网掩码)③、VLAN栏选择:external④、Port Lockdown 栏选择:Allow Default (默认值)四、创建默认网关路由1、创建默认网关路由在“ Network—Routes"页面点击“ create "按钮:①、Type 栏选择:Default Gateway (默认值)②、Resource栏选择:Use Gateeay...,在其后的输入框填写网关IP地址:(这里假设此IP为外网网关地址)五、创建服务器自定义健康检查1、创建自定义HTTF健康检查:monitor_http在“ Local Traffic —Monitors "页面点击“ create "按钮:①、Name栏填写:monitor_http (填一个英文名称)②、Type栏选择:HTTP③、Import Settings 栏选择:HTTP④'Interval栏填写:5 (表示每5秒钟进行一次健康检查)⑤、Timeout栏填写:16 (表示健康检查的连接超时时间为16秒)⑥、Send String栏填写:GET / (也可以根据自己的需求发送其他方法的请求,例如HEAD威者GET/)⑦、Receive String 栏填写:(填写对应的返回字符串,默认不填写)六、创建服务器池(pool )1、创建Squid服务器池:pool_dzsq在“ Local Traffic —Pools "页面点击“ create "按钮:①、Name栏填写:pool_squid (填一个英文名称)②、Health Monitors 栏:将第四步创建的自定义HTTP®康检查“ monitor_http "由Available 列拉到Active列③、Load Balancing Method栏选择:Round Robin (这里选择的负载均衡方式是轮询,也可以选择其他方式)④、New Member栏:先选择New Address,再添加两台Squid服务器的IP地址、、、以及它们的端口80.内网F5配置步骤:一、登录到F5 BIG-IP管理界面:1、初次使用:①、打开F5 BIG-IP电源,用一根网线(直连线和交叉线均可)连接F5 BIG-IP的管理网口和笔记本电脑的网口,将笔记本电脑的IP地址配置为“,子网掩码配置为“ .255.0 ”。
F5 BIG-IP Local Traffic Manager 用户指南说明书
Windows PCClearing Web Browser and Java Caches User GuideR002StandardMarch 2016ContentsChapter 1: Document History (4)Chapter 2: About this Guide (5)Notice (5)Purpose and Scope (5)Assumptions (5)Copyright (5)Copyright Release (5)Trademarks (5)Terms and conditions (6)Chapter 3: Clearing Web Browser Cache (7)How to clear Microsoft Internet Explorer cache (7)How to clear Mozilla FireFox cache (9)How to clear Google Chrome cache (11)Chapter 4: Clearing Java Cache (12)How to clear Java cache (12)Chapter 5: Technical Support (16)Getting Help (16)Technical Support (16)Chapter 6: Glossary (17)FiguresFigure 1: Microsoft IE Tools menu (7)Figure 2: Microsoft IE Internet Options Window (8)Figure 3: Microsoft IE Delete Browsing History window (8)Figure 4: Mozilla FireFox main menu (9)Figure 5: Mozilla FireFox History menu (9)Figure 6: Mozilla FireFox Clear All History window (10)Figure 7: Google Chrome More tools menu (11)Figure 8: Google Chrome Clear browsing data window (11)Figure 9: Windows Control Panel home page (Category view) (12)Figure 10: Windows Control Panel home page (Icon view) (13)Figure 11: Windows Control Panel Programs page (13)Figure 12: Java Control Panel window (14)Figure 13: Java Temporary File Settings window (14)Figure 14: Java Delete Files and Applications window (15)Chapter 1: Document HistoryDocument Revision Date CommentR002 March 2016 Updated with Viavi rebranding and minor changes.R001 March 2015 First release.Chapter 2: About this GuideNoticeEvery effort was made to ensure that the information in this manual was accurate at the timeof printing. However, information is subject to change without notice, and Viavi reserves theright to provide an addendum to this manual with information not available at the time thatthis manual was created.Purpose and ScopeThe purpose of this guide is to help you clear the web browser cache (also known as thebrowsing history) and Java cache (also known as temporary internet files) on a PC runningthe Windows 7 operating system. This guide includes instructions for performing these tasks. AssumptionsThis document is intended for users who need to clear the web browser and/or Java cacheson their PC.Copyright© Copyright March 2016 Viavi Solutions Inc. All rights reserved. Viavi and the Viavi logo aretrademarks of Viavi Solutions Inc. (“Viavi”). All other trademarks and registered trademarksare the property of their respective owners. No part of this guide may be reproduced ortransmitted, electronically or otherwise, without written permission of the publisher. Copyright ReleaseReproduction and distribution of this guide is authorized for US Government purposes only. TrademarksVIAVI is a trademark of Viavi Solutions in the United States and other countries. Microsoft,Windows, Windows CE, Windows NT, MS-DOS, Excel, Word and Microsoft Internet Explorerare either trademarks or registered trademarks of Microsoft Corporation in the United Statesand/or other countries. All trademarks and registered trademarks are the property of theirrespective companies.About this GuideTerms and conditionsTerms and conditionsSpecifications, terms, and conditions are subject to change without notice. The provision ofhardware, services, and/or software are subject to Viavi’s standard terms and conditions,available at /terms.Chapter 3: Clearing Web BrowserCacheThis chapter describes procedures for clearing the cache (browsing history) from a web browserinstalled on a PC running the Windows 7 operating system. However, the procedures should besimilar for other operating systems.How to clear Microsoft Internet Explorer cacheThis procedure was written using Microsoft Internet Explorer 11 (11.0.9600.18163) but in generalis applicable to other release versions1) Close all open Internet Explorer windows2) Open Internet Explorer and select “Internet Options” from the Tools menuFigure 1: Microsoft IE Tools menuHow to clear Microsoft Internet Explorer cache3) Clic k the “Delete…” button under Browsing historyFigure 2: Microsoft IE Internet Options Window4) Ensure “Preserve Favorites website data” is unchecked, and “Temporary Internet files andwebsite files”, “Cookies and website data” and “History” are checked, then click the “Delete”buttonFigure 3: Microsoft IE Delete Browsing History window5) Click the “OK” button on the Internet Options windowHow to clear Mozilla FireFox cacheThis procedure was written using Mozilla FireFox 45.0.1 but in general is applicable to otherrelease versions1) Close all open FireFox windows2) Open FireFox, click the “Open menu” button, and click “History”Figure 4: Mozilla FireFox main menu3) Select “Clear Recent History…” from the History menuFigure 5: Mozilla FireFox History menu4) Select “Everything” for “Time range to clear:”, and ensure “Browsing & Download History”,“Cookies”, “Cache”, “Active Logins” and “Offline Website Data” are checked under Details Figure 6: Mozilla FireFox Clear All History window5) Click the “Clear Now” buttonClearing Web Browser CacheHow to clear Google Chrome cacheHow to clear Google Chrome cacheThis procedure was written using Google Chrome Version 49.0.2623.87 but in general isapplicable to other release versions1) Close all open Chrome windows2) Open Chrome, click on the Customize and control Google Chrome menu next to the URLfield, select “More tools”, and then select “Clear browsing data”Figure 7: Google Chrome More tools menu3) Select “the beginning of time” for “Obliterate the following items from:”, and ensure the“Browsing History”, “Download History”, “Cookies and other site and plug-in data” and“Cached images and files” are checkedFigure 8: Google Chrome Clear browsing data window4) Click the “Clear browsing data” buttonChapter 4: Clearing Java CacheThis chapter describes the procedure for clearing the Java cache (temporary internet files) on aPC running Microsoft Windows 7, but in general is applicable to other OS versions.How to clear Java cacheThis procedure was written using Java Version 8 Update 73 but in general is applicable to otherrelease versions1) Close all open browsers and running Java applications (i.e. Viavi GUIs, etc.)2) Open the “Control Panel” from the Windows Start menu. It will be in Category or Icon viewdepending on how it was last used.Figure 9: Windows Control Panel home page (Category view)Figure 10: Windows Control Panel home page (Icon view)3) If in Category view, click “Programs”Figure 11: Windows Control Panel Programs page4) Click the Java icon to open the Java Control PanelFigure 12: Java Control Panel window5) Click the “Settings…” button under Temporary Internet FilesFigure 13: Java Temporary File Settings window6) Click the “Delete Files…” buttonFigure 14: Java Delete Files and Applications window7) Click the “OK” button on the Temporary File Settings window8) Click the “OK” button on the Java Contr ol Panel window.9) Close the Windows Control Panel.Chapter 5: Technical SupportGetting HelpIf you need assistance or have questions related to the use of this product, call or e-mail ViaviSolutions Technical Assistance Center for technical support.You may visit the Viavi Solutions Technical Assistance page using the following link. Select yourcountry and product to find the technical assistance phone number and email for your region./en-us/services-and-support/support/technical-assistanceFor more information, contact Viavi Solutions or your local sales representative. Technical SupportPhone and EmailNorth America Visit the Technical Assistance page at Latin America Visit the Technical Assistance page at *************************EMEA +49 7121 86 1345*********************************APAC Visit the Technical Assistance page at ***************************Chapter 6: GlossaryTerm DefinitionAPAC Asia-PacificCache Repository for stored data that is used to expedite the process of retrieving data Chrome Open-source web browser software application developed by GoogleEMEA Europe, Middle East, and AfricaFireFox Open-source web browser software application developed by MozillaFolder Storage location on a computer drive for grouping together files and folders as ameans of organizing the file system. A term used by Windows and other operatingsystems, and synonymous with “directory”.Internet Explorer Web browser software application developed by Microsoft.Java General purpose programming language designed to develop programs to run onvirtually any computer, and for use in the distributed environment of the InternetJava Cache Cache, typically on local hard drive, used for storage of Java applets so they are notdownloaded each time they are referencedLA Latin AmericaNA North AmericaPC Personal Computer (i.e. desktop workstation or laptop)TAC Technical Assistance CenterWeb Browser Software application used for accessing, navigating, searching, and displaying content from the World Wide Web (Internet).Browser Cache Cache, typically on local hard drive, used for temporary storage of files downloadedfrom web sites (i.e. HTML pages, images, etc.) so they can be quickly loaded when thepage is re-visitedWindows Computer operating system with a graphical user interface, developed by Microsoft。
F5 BIG-IP LC 配置手册
25
Outbound的高级配置-根据运营商选择线路
中国电信的地址段Class(部分): class telcom_class { network 58.32.0.0 mask 255.224.0.0 network 59.32.0.0 mask 255.224.0.0 network 60.63.0.0 mask 255.255.0.0 network 60.160.0.0 mask 255.224.0.0 network 61.128.0.0 mask 255.252.0.0 network 61.132.0.0 mask 255.255.0.0 network 61.133.128.0 mask 255.255.128.0 }
F5 Link Controller配置指南
2008年4月 夏文渊
1
关于Link Controller的说明(简称LC)
F5的负载均衡有三大产品 LTM(Local Traffic Management):服务器负载均衡 GTM(Global Traffic Management):全局多站点负载均衡 LC(Link Controller):链路负载均衡 LTM通常部署在server farm前面,实现对web或者应用服务器的负 载均衡 GTM的功能可以总结为一个智能的DNS服务器,其内核用的就是 Linux Bund9,通过GTM做域名解析来将用户的访问数据流导向不 同的站点或者数据中心,同时GTM还可以作为DNS服务器来使用 Link Controller:LC是LTM和GTM的结合体,LC可以实现简单的4 层服务器负载均衡的功能和简单的GTM的功能;因此,LC对内可以 实现服务器的负载均衡,对外可以实现多ISP链路接入的负载均衡, 通过LC的职能DNS解析功能返回给不同的客户不同的DNS解析结 果,这样就可以实现根据一定的策略使不同的用户从不同的ISP线路 访问站点
F5-LC双机配置操纵说明材料
密级:文档编号:第版分册名称:第册/共册F5_BIGIP_LC双机操作手册北京信诺瑞得信息技术有限公司目录第1章前言 (3)第2章拓扑示意图 (3)第3章拓扑说明 (3)第4章V9版本的配置方法 (4)4.1修改F5的证书为10年 (4)4.2WEB界面配置 (5)4.3配置双机同步 (5)4.4测试效果 (6)第5章V10.2.1版本的配置方法 (6)5.1修改F5的证书为10年(同V9一样) (6)5.2WEB界面配置 (8)5.3配置双机同步 (8)5.4测试效果 (10)第6章说明 (12)第1章前言我们在配置LC双机的时候,不管是在V9版本,还是在V10的版本,经常会遇到Link Controller部分无法自动同步的问题,今天我把相关的注意事项与配置方法和大家共享一下。
第2章拓扑示意图第3章拓扑说明192.168.2.1这台设备的unit号为1192.168.2.2这台设备的unit号为2网络层的配置这里省略,注意两台设备的admin/root密码要一样,同时,两台设备的时间不能超过30s。
第4章V9版本的配置方法4.1 修改F5的证书为10年通过SSH登陆设备。
1.进入到目录:/config/httpd/conf/ssl.crt。
命令是:cd /config/httpd/conf/ssl.crt2.转换server.crt证书为一个新的证书请求:.csr。
命令是:openssl x509 -x509toreq -in server.crt -out server.csr -signkey /config/httpd/conf/ssl.key/server.key3.使用新的CSR,并指定证书的有效天数,这里使用10年。
命令是:openssl x509 -req -in server.csr -signkey /config/httpd/conf/ssl.key/server.key -days 3650 -out server.crt4.重新启动web server守护进程。
F5命令行配置配置手册
bigstart Restarts the SNMP agent bigsnmpd. bigtop Displays real-time statistics.Config Configures the IP address, network mask, and gateway on the management (MGMT) port.Use this command at the BIG-IP system prompt prior to licensing the the BIG-IP system, and do not confuse it with the bigpipe config command or the BIG-IP Configuration utility.halt Shuts down the BIG-IP software application.hostname Displays the name you have given to the BIG-IP system.printdb Prints the values of one or more entries in the bigdbTM database. reboot Reboots the BIG-IP system.ssh and scp Access command line interfaces on other SSH-enabled devices, and copy files to or from a BIG-IP system.自定义Bigpipe shell名称bp> shell prompt <string>bp> shell prompt BIG-IP>系统Shell名称将变成:BIG-IP>此特性避开此限制,在Linux命令前加”!”.BIG-IP>!ls //查看目录BIG-IP>!ifconfig //查看接口配置•Routes•Self IP addresses•Packet Filters•Trunks (802.3ad Link Aggregation)•Spanning Tree Protocol (STP)•VLANs and VLAN groups•ARP配置Packet Filtering命令: bigpipe packet filter你可以定义一个包过滤规则来提供访问控制,速率shaping,审计. 配置路由命令:route (<route key list> | all | inet | inet6)F5的Show Tech[root@XXXX:Standby] config # qkviewGetting systemwide backup configuration files.Getting AOM information.Getting last 175 lines of log files.Getting last 175 lines of gzipped log files.Getting md5 sum information.Getting core file list.Getting Public Certificate information.Getting tmctl information.completed... 6 of 161 checks produced no dataDiagnostic information has been saved in file /var/tmp/-tech.out Please send this file to **************.bigtop - display real-time statistics-bytes display counts in bytes (vs bits)-pkts display counts in packets (vs bits)-reqs display counts in requests (vs connections)-vips <n> number of virtual servers to print-nodes <n> number of nodes to print-once print once and exit-delay <n> number of seconds between samples (default 4)-scroll disable full-screen mode-nosort disable sorting-conn sort by connection count (vs byte count)-delta sort by count since last sample (vs total)-n print IP address and services in numeric format-vname display virtual servers by name (vs IP address)-help, -h print this message日志文件系统1. Access the BIG-IP system prompt.2. Stop the BIG-IP system or put the system into a safe condition such as standby mode using the bigstart stop command.3. Type the following command:resize-logFSThis command prompts you for the desired file size in gigabytes.4. At the prompt, type an integer.The minimum allowed value is 1, and the maximum allowed value is 10.A prompt appears that allows you to confirm the specified file size.5. Type Y.A message appears, notifying you of the need for the BIG-IP system to perform a reboot, followed by a prompt, which allows you to permit the reboot operation. Note: Prior to rebooting, the BIG-IP system verifies that the integer you typed in step 3 is within the allowed range, and checks to ensure that enough disk space exists for the specified size.6. Type Y.A confirmation prompt appears.7. Type Y.The system displays messages indicating that the reboot operation is about to occur.8. Wait for the reboot operation to finish.When the system becomes available again, the newly-specified disk space for the log file will be in effect.WARNINGDo not delete the files: /shared/.LoopbackLogFS and /shared/LogFS_README, because this action deletes all of your log files.启用/禁用虚拟服务或虚拟地To enable or disable a virtual server, use the appropriate command syntax:bp> virtual <virtual addr>:<virtual port> enable | disableTo enable or disable a virtual address, use the appropriate command syntax:bp> virtual address <virtual addr> enable | disable从服务中移出单个的NodeYou can remove an individual node from service, or return an individual node to service from the bigpipe shell command line.To remove an individual node from service, use the following command:bp> node <node addr>:<node port> downTo return an individual node to service, use this command:bp> node <node addr>:<node port> up查看修改F5系统配置文件器来编辑或者查看这些文件,当你没有条件使用浏览器时,有时候修改配置文件很有必要.这就需要F5的无浏览器配置模式和命令行配置模式Important:在你编辑完bigip.conf or bigip_base.conf 重启MCPD service之前, 你必须运行bigpipe load 确保MCPD service 使用的是当前的配置数据alert.conf Stores definitions of SNMP traps (system default alerts).user_alert.conf Stores definitions of SNMP traps (user-defined alerts)./config/bigip.conf Stores all configuration objects for managing local application traffic, such as virtual servers, load balancing pools, profiles, and SNATs.Note that after you edit bigip.conf, and before you restart the MCPD service, you must run the bigpipe load command./config/bigip_base.conf Stores BIG-IP self IP addresses and VLAN and interface configurations. Note that after you edit bigip_base.conf, and before you restart the MCPD service, you must run the bigpipe load command./config/bigip.license Stores authorization information for the BIG-IP system./etc/bigconf.conf Stores the user preferences for the Configuration utility./config/bigconfig/openssl.conf Holds the configuration information for how the SSL library interacts with browsers, and how key information is generated./config/user.db Holds various configuration information. This file is known as the bigdb database. /config/bigconfig/httpd.conf Holds configuration information for the web server./config/bigconfig/users The web server password file. Contains the user names and passwords of the people permitted to access whatever is provided by the webserver./etc/hosts Stores the hosts table for the BIG-IP system./etc/hosts.allow Stores the IP addresses of workstations that are allowed to make administrative shell connections to the BIG-IP system./etc/hosts.deny Stores the IP addresses of workstations that are not allowed to make administrative shell connections to the BIG-IP system./etc/rateclass.conf Stores rate class definitions./etc/ipfwrate.conf Stores IP filter settings for filters that also use rate classes. /etc/snmpd.conf Stores SNMP configuration settings./etc/snmptrap.conf Stores SNMP trap configuration settings./config/ssh Contains the SSH configuration and key files./etc/sshd_config This is the configuration file for the secure shell server (SSH). It contains all the access information for people trying to get into the system by using SSH./config/routes Contains static route information.[root@ISAG-2:Standby] config # find_keysISAG-2 koradsatn. omtitra eodISAG-2 junl trig Cmi nevl5scnsdt md.6koradsatn. omtitra eodFound license key JTPBO-CHRSX-DGBIO-HOAHJ-MOZJEVALicense file location is: /sda.1/config/bigip.licenseFound license key JTPBO-CHRSX-DGBIO-HOAHJ-MOZJEVAUnmounting unneeded partitions... ISAG-2 junl trig Cmi nevl5scnsn Cmi nevl5scnsree aamd.<>junl trig Cmi nevl5scns<6>EXT3-fs: mounted filesystem with ordered data mode.ISAG-2 junl trig Cmi nevl5scns<6>kjournald starting. Commit interval 5 secondscompleteAbove information can be found in /tmp/keys.outManaging Local Application Traffic•Setting up load balancing•Controlling HTTP traffic•Implementing HTTP and TCP optimization profiles•Authenticating application traffic•Implementing persistence•Enhancing the performance of the BIG-IP system•Managing health and performance monitors•Implementing iRules设置VirtualServer负载均衡1. Decide what types of traffic you want the BIG-IP system to manage, as well as whether you want to implement session persistence, connection persistence, and remote authentication.2. For each decision in step 1, decide whether you want to use the corresponding default profile that the BIG-IP system provides, or whether you want to create a custom profile.3. Access the bigpipe shell.4. If you want to create custom profiles, use the profile command, specifying the appropriate type of profile as an argument. If you do not want to create custom profiles, skip this step.5. Create one or more load balancing pools, using the pool command.6. Create a virtual server, using the virtual command, and assign to it any profiles and pools that you created. If you are using default profiles, some of those profiles might already be assigned to the virtual server by default.配置克隆Pool克隆Pool设计是用于入侵检测,你可以针对一个VS设置一个克隆Pool,这个克隆的VS接收世的流量和普通Pool一样,你就可以复制流量到入侵检测系统中.1. Access the bigpipe shell.2. Use the virtual command, to create or modify a virtual server, specifying a value for the clone pool argument.配置最后一跳Pool默认,BIG-IP系统自动启用最后一跳特性是,如果你想禁用这个特性.然后自己手工定义一个最后一跳路由器,你可以建立一个最后一跳pool并且指定其属于某个VS当中.1. Access the bigpipe shell.2. Use the pool command to create a last hop pool that contains the router inside addresses.3. Use the lasthop pool argument with the virtual command to assign the last hop pool to a virtual server.If you have not assigned an SSL profile to the virtual server, use the profile argument with the virtual command to assign the profile to the virtual server.配置SNATs这里有两种基础方法来建议一个SNAT,你可以直接将一个转换地址委派给一个或多个源IP地址,或者你可以配置一个SNAT pool,然后委派这个SNAT pool到某个源IP地址,在较新的版本中,BIG-IP自动从SNAT Pool中选择一个转换地址Note that you can assign these types of mappings from within an iRule.To map a single translation address to an original address1. Access the bigpipe shell.2. Designate an IP address as a translation address, using the snat translation command.3. Map the translation address to one or more original IP addresses, using the snat command or the rule command.To map a SNAT pool to an original address1. Access the bigpipe shell.2. Create a pool of translation addresses (that is, SNAT pool), using the snatpool command.3. Map the SNAT pool to one or more original IP addresses, using either the snat command or the rule command.配置HTTP traffic你可以配置BIG-IP来控制HTTP流量:配置HTTP压缩,HTTP请求重定向,HTTP请求重写,插入和插除HTTP头,启用或者禁用cookie加密和SYN cookie支持,配置HTTP 类Profile, HTTP响应数据组块控制.Configuring HTTP compression配置BIG-IP系统压缩HTTP 服务响应1. Access the bigpipe shell.2. Configure the compression-related settings of an HTTP profile,using the profile http command.3. Assign the HTTP profile to a virtual server, using the virtual command.Redirecting HTTP requests你可以配置HTTP Profile来重定向HTTP请求,并且在这个Profile中定义一个Fallback主机1. Access the bigpipe shell.2. Using the profile http command, create or modify an HTTP profile, specifying a value for the fallback argument. You can specify either a URI or the default fallback host, or you can specify that you want no HTTP redirection.3. Verify that the HTTP profile you created or modified is assigned to a virtual server.Rewriting HTTP redirections你可以配置HTTP Profile来重写HTTP的重定向规则1. Access the bigpipe shell.2. Using the profile http command, create or modify an HTTP profile, specifying a value for the redirect rewrite argument.For example, to create a profile that only rewrites URIs matching the originally requested URI (minus an optional training slash), use the following syntax:profile http myHTTPprofile { redirect rewrite matching }3. Verify that the HTTP profile you created or modified is assigned to a virtual server.Inserting and erasing HTTP headers你可以配置HTTP Profile来插入一个头文件到HTTP请求,或者从HTTP请求中移出一个头文件1. Access the bigpipe shell.2. Using the profile http command, create or modify an HTTP profile, specifying a value for either the header insert, header erase, or insert xforwarded for options.3. Verify that the HTTP or Fast HTTP profile you created or modified is assigned to a virtual server.Enabling or disabling cookie encryption你可以使用Profile http中的两个选项来启用或者禁用cookie加密1. Access the bigpipe shell.2. Using the profile http command, create or modify an HTTP profile, specifying a value for the encrypt cookie and cookie secret options.3. Verify that the HTTP profile you created or modified is assigned to a virtual server.Enabling or disabling SYN cookie support为了管理DOS攻击,你可以在一个Fast L4 Profile中配置SYN Cookie选项启用或者禁用SYN Cookie支持功能◆如果BIG-IP系统包含了Packet Velocity ASIC (PVA)技术,使用profile fastl4命令,定义一个hardware syncookie(enable | disable | default)选项,同样,你可以根据需求设置以下的变量通过db命令.•pva.SynCookies.Full.ConnectionThreshold (default: 500000)•pva.SynCookies.Assist.ConnectionThreshold (default: 500000)•pva.SynCookies.ClientWindow (default: 0)值得注意的是这个hardware syncookie 特性目前只可用于D84和D88平台.在其实平台设备这个特性无效.所以如果你在D84和D88上设置software syncookie 特性,SYN Cookie只通过软件处理◆如果BIG-IP系统不包含Packet Velocity ASIC(PVA)技术,使用profile fastl4 命令,指定为software syncookie (enable | disable | default) option.Configuring the HTTP Class profileBIG-IP系统包含一种Profile叫做HTTP Class Profile,你可以使用你定义的标准来用分类HTTP流量,当你分类流量的时候,你转地流量的原则是根据审查目标流量的头文件或者内容来定.如果BIG-IP系统包含Application Security Manager (ASM)或者WebAcclerator模块,你可以配置系统来先发送HTTP流量到那个模块,然后再发送到最终目标,例如,你可以使用HTTP Class Profile来对Virtual Server下命令,要求它发送流量先经过ASM然后再转发到负载均衡Pool.Unchunking and rechunking HTTP response data如果你想要监控内容你可以取消或者重新对HTTP响应进行组块操作,只需要配置HTTP Profile来启用unchunking功能.1. Access the bigpipe shell.2. Using the profile http command, create or modify an HTTP profile and specify the response argument.3. Make sure that you have assigned the HTTP profile to a virtual server, using the virtual command.你能够设备的保持有以下几种:实施Session保持•Cookie•Destination Address Affinity•Microsoft Remote Desktop Protocol (MSRDP)•Hash•Session Initiation Protocol (SIP)•Source Address Affinity•SSL•Universal具体操作:1. Access the bigpipe shell.2. Create a persistence profile, using the profile command, that corresponds to the type of persistence you want to implement.3. Assign the persistence profile to a virtual server, using the persist and fallback persist arguments with the virtual command.实施连接保持为了实施连接保持,你可以添加一个Keep-Alive头文件到HTTP /1.0头文件里(如果不存在).(默认HTTP/1.1连接包含Keep-Alive支持),你同样可以启用connection pooling特性,它可以保持服务器端的连接打开,重新用来供其它客户端请求所使用.你可以通过修改HTTP或者Fast HTTP Profile文件来启用keep-alive支持和Connection pools.同样可以修改OncConnect Profile来实现.To add Keep-Alive headers into HTTP requests1. Access the bigpipe shell.2. To ensure that HTTP connections stay open, use the profile http command and specify the oneconnect transformations argument. This ensures that the BIG-IP system inserts aConnection:Keep-Alive header into any HTTP /1.0 request that does not already contain one.3. Make sure that you have assigned the HTTP or Fast HTTP profile to a virtual server, using the virtual command.To enable connection pooling1. Access the bigpipe shell.2. Using the profile oneconnect command, configure a profile for connection pooling.3. Assign the profile to a virtual server, using the profile argument with the virtual command.小提示:你同样可以通过配置Fast HTTP Profile来配置连接保持,在BIGPIPE SHEEL中使用fasthttp命令.加强BIG-IP性能BIG-IP系统.设置连接Qos和数据包TOS等级你可以使用bigpipe工具来设置QoS和TOS等级,你不仅可以对所有具有目标负载均衡Pool的流量做,同时你也可以对自定义的流量做,例如:Layer 4 ,TCP 和UDP流量.1. Decide whether you want to set QoS and ToS levels for traffic targeted for an entire pool or for specific types of traffic, or both.•If you want to set the QoS and ToS levels for an entire pool, access the bigpipe shell and use the pool command with one or more of the following arguments: link qos to client, link qos toserver, ip tos to client, and ip tos to server.•If you want to set the QoS and ToS levels for certain types of traffic, access the bigpipe shell and use the profile command to create or modify a Fast L4, TCP, or UDP profile.2. Verify that the pool or the profile that you created or modified is assigned to a virtual server. To do this, use the following syntax:bp> virtual <virtual server name> list设置空闲超时时间(Idle timeout time)或者修改一个Fast L4,Fast HTTP,TCP,或者UDP Profile.1. Create or modify a Fast L4, Fast HTTP, TCP, or UDP profile, by accessing the bigpipe shell and using the profile command.2. Specify the idle timeout argument to set a timeout value.3. Verify that the profile you created or modified is assigned to a virtual server.实施速率整形Virtual Server或者Packet Filter规则中.1. Access the bigpipe shell.2. Create one or more rate classes, using the rate class command.3. Assign the rate classes to a virtual server or a packet filter rule, using either the virtual command or the packet filter command.Implementing iRulesiRule特性强大而灵活,值得注意的是它可以增强BIG-IP系统能力.一个iRule可以引用任意object,它不管这个被引用的object处理哪个分区里.例如;一个iRule属于分区A,但包含指定一个Pool属于分区B的语句.1. Access the bigpipe shell.2. Create an iRule using the rule command. You must include the name of the Tcl script and the script itself as arguments for the command.3. Assign the iRule to a virtual server, using the virtual command in one of the following ways:•To associate multiple iRules with a virtual server, use this syntax:bp> virtual <virtual_server_name> rule <iRule1_name> \ <iRule2_name> ...•To remove the assignment of an iRule from a virtual server, use this syntax:bp> virtual <virtual_server_name> rule none•To remove the iRule assignments from multiple virtual servers, use the following syntax. Note that you can remove the iRule assignments only from virtual servers that reside in the current Write partition or in partition Common.bp> virtual all rule none•To associate an existing iRule with multiple virtual servers, use the following syntax. Note that you can associate an iRule only with virtual servers that reside in the current Write partition or in partition Common. bp> virtual all rule <iRule_name>Important: In this case, the iRule becomes the only iRule that is associated with each virtual server in the current Write partition. Because this command overwrites all previous iRuleassignments, we do not recommend use of this command.。
F5-BigIP配置步骤
BigIP配置目录一、网络结构 (3)二、本项目中F5的功能及配置介绍 (4)三、F5配置步骤及项目 (5)1.进入系统 (5)2.激活License (5)3.系统基本配置(hostname,TimeZone,password etc) (5)4.设备网络配置(vlan,self ip,router,floating ip etc) (5)5.负载均衡节点建立配置 (5)6.负载均衡POOL及算法建立配置 (5)7.Virtual Server建立并关联POOL配置 (5)四、F5配置信息列表 (5)1、Pool (6)2、Virtual Server (6)五、F5详细配置步骤 (8)1.进入系统配置GUI (8)2.激活License (10)3.系统基本参数配置步骤 (14)4.基本网络参数配置步骤 (15)c)配置默认路由 (21)5.Monitor的建立 (22)6.负载均衡POOL及均衡算法建立配置 (23)7.Profile的建立 (24)8.iRules建立 (26)9.Virtual Server建立配置 (26)10.配置High Availability (29)1、F5负载均衡算法及原理 (31)2、会话保持的概念 (31)一、网络结构Outside Vlan (IP Segment 172.16.6.0/24)VPN and Management Vlan (IP Segment 172.16.6.X/24)Production HTTP Proxy Vlan (IP segment 192.168.100/0/24)Production APP and DB Servers Vlan (IP segment 192.168.90.0/24) Staging Proxy Vlan (IP segment 192.168.80.0/24)Staging APP and DB Vlan (IP segment 192.168.70.0/24)Test Proxy Vlan (IP segment 192.168.60.0/24)Test APP and DB Vlan (IP segment 192.168.50.0/24)802.1Q Trunk for Vlans of Production Systems 802.1Q Trunk for Vlans of Staging and Test Systems2.12.2Failover 1.1 1.11.21.21.4 1.51.51.61.6Tape DriverManagement Vlan在SW1上预留6个端口G1/0/25G1/0/26G1/0/27G1/0/28G1/0/30G1/0/32G1/0/33G1/0/34G1/0/35G1/0/36G1/0/38 – G1/0/43G1/0/37二、本项目中F5的功能及配置介绍1. F5实现的功能When configured properly, the The BIG-IP local traffic management (LTM) systemcan perform a wide variety of traffic-management functions, such as:• Balancing traffic to tune and distribute server lo ad on the network for scalability.• Off-loading standard server tasks, such as HTTP data compression, SSL authentication, and SSL encryption to improve server performance.• Monitoring the health and performance of servers on the network for availability.• Establishing and managing session and connection persistence.• Handling application-traffic authentication and authorization functions based on username/password and SSL certificate credentials.• Managing packet throughput to optimize performance for specific types of connections.• Improving performance by aggregating multiple client requests into a server-side connection pool. This aggregation of client requests is part of the LTM system’s OneConnectTM feature.• Applying configuration settings to c ustomize the flow of application-specific traffic (such as HTTP and SSL traffic).• Customizing the management of specific connections according to user-written scripts based on the industry-standard Tool Command Language (Tcl).While some of the functions on this list offer the basic ability to balance the load on your network servers, other functions on the list offer specialized abilities that are worth noting. These abilities include managing specific types of application traffic, optimizing server performance, and enhancingthe security of your network. The following sections describe these specialized capabilities. 2. F5配置介绍1. Once you have set up your base network and you have administrative access to the LTM system, and atleast a default VLAN assignment for each interface, the next step is to configure a network for managing traffic targeted to your internal servers.2.At the heart of the LTM system are virtual servers and load balancing pools.Virtual servers receive incoming traffic, perform basic source IP anddestination IP address translation, and direct traffic to servers, which aregrouped together in load balancing pools.The three most important objects in the LTM system that you mustconfigure for local traffic management are:• Virtual servers• Load balancing pools• ProfilesThese objects are:●Virtual ServerVirtual servers receive requests and distribute them to pool members.When you create a virtual server, you specify the type of virtual server you want, that is, a hostvirtual server or a network virtual server. Then you can attach various properties and resources to it, such as application-specific profiles, session persistence, and user-written scripts called iRules thatdefine pool-selection criteria. All of these properties and resources, when associated with a virtualserver, determine how the LTM system manages local traffic.●Load balancing poolsLoad balancing pools contain servers to which requests can be sent for processing.A load balancing pool is a collection of internal servers that you group together to service clientrequests. A server in a pool is referred to as a pool member. Using the default load balancingalgorithm, known as Round Robin, the LTM system sends a client request to a member of that pool.Every pool must be associated with a virtual server. A virtual server sends client requests to thepool or pools that are associated with it.POOL. Pools have settings associated with them, such as IP addresses for pool members, load balancing modes, and health and performance monitors.● NodesNodes represent server IP addresses on your network that you can enable and disable, and forwhich you can obtain status.● ProfileProfiles contain settings that define the behavior of various traffic types.A profile is a group of configuration settings that apply to a specific type of network traffic,such as HTTP connections. If you want the virtual server to manage a type of traffic, you canassociate the applicable profile with the virtual server, and the virtual server applies that profile’ssettings to all traffic of that type.●iRULEiRules can define criteria for pool-member selection, as well as perform content transformations, logging, custom protocol support, and so on.●Rate Shaping:Rate shaping controls bandwidth consumption.●SNAT :Secure Network Address Translations (SNATs) translate the source IP address in a client request, allowing multiple hosts to share the same address.三、F5配置步骤及项目1.进入系统2.激活License3.系统基本配置(hostname,TimeZone,password etc)4.设备网络配置(vlan,self ip,router,floating ip etc)5.负载均衡节点建立配置6.负载均衡POOL及算法建立配置7.Virtual Server建立并关联POOL配置四、F5配置信息列表F5 BigIP-3400-1F5 BigIP-3400-21、Pool2、Virtual Server五、F5详细配置步骤在本次项目中,需要将两台F5 BIGIP 3400配置成Active-Standby的双机冗余模式,除了在L2-L3层的配置和Hostname外,L4-L7及其他配置相同,故以一台BIGIP 3400的配置为例。