Technical Boot Camp Exercises - V_11.5.1.07

(1)

F5 Technical Boot Camp

Effectively Communicating F5 Solutions

Participant and Hands-on Exercise Guide

Document version 11.5.1.07

Written for: TMOS® Architecture v11.5.1

VMware Workstation 9.0.0

Virtual images:

BIGIP-11.5.1.0.0.110.ALL-scsi.ova

LAMP_3.4

Windows_7_VMwareFusion or Windows_7_VMwareWorkstation

Last Updated: 7/30/2014

(2)

(3)

T

ABLE OF

C

ONTENTS

vLab Configuration Exercises ... 5

Exercise 1.1 – Configure a new BIG-IP System Image ... 5

Exercise 1.2 – Configure a Second BIG-IP System Image ... 13

LTM Hands-On Exercises ... 19

Exercise 2.1 – Configuring Device and Traffic Groups ... 19

Exercise 2.2 – Using Policies to Manage Traffic ... 29

GTM Hands-On Exercises ... 35

Exercise 3.1 – Creating a DNS Services Listener ... 35

Exercise 3.2 – Data Centers and Servers ... 43

Exercise 3.3 –Virtual Servers, Pools and Wide IPs ... 47

Exercise 3.4 – GSLB Load Balancing Methods ... 51

BIG-IP Hardware and Design Exercises ... 55

Exercise 4.1 – BIG-IP Hardware Exercise ... 55

Exercise 4.2 – BIG-IP LTM Design Exercise ... 61

AFM Hands-On Exercises ... 65

Exercise 5.1 – Viewing AFM Log Details ... 65

Exercise 5.2 – Creating AFM Rules ... 71

Exercise 5.3 – Configuring DoS Protection ... 79

ASM Hands-On Exercises ... 85

Exercise 6.1 – Verify Web Site Vulnerabilities ... 85

Exercise 6.2 – Creating a Security Policy ... 89

Exercise 6.3 – Updating a Security Policy ... 95

Exercise 6.4 – Advanced Security Policy Tuning ... 103

APM Hands-On Exercises ... 111

Exercise 7.1 – Using the APM Configuration Wizard ... 111

Exercise 7.2 – Configuring SSL VPN Network Access ... 115

Exercise 7.3 – Webtops and Resources ... 123

(4)

SWG Hands-On Exercises ... 141

Exercise 8.1 – Configure a New image for BIG-IP SWG ... 141

Exercise 8.2 – Enabling Explicit Forward Proxy ... 147

Exercise 8.3 – Configuring Secure Web Gateway ... 155

Appendices ... 163

Appendix A – Exercise Question and Answer Key ... 163

(5)

Exercise 1.1 – Configure a New BIG-IP System Image

V

L

AB

C

ONFIGURATION

E

XERCISES

E

XERCISE

1.1 –

C

ONFIGURE A NEW

BIG-IP

S

YSTEM

I

MAGE

 These installation instructions are written for a Windows environment.

 Estimated completion time: 25 minutes

TASK 1 – Open the BIG-IP System VMware Image

Use VMware to open the BIG-IP VE image file.

 In the VMware library, go to File > Open.

 Navigate to the location where you saved the BIG-IP image file, then select the

BIGIP-11.5.1.0.0.110.ALL-scsi.ova image file, and then click Open.

 Name the new virtual machine BIGIP_A_v11.5.1.

 Enter or browse to a location with at least 4GB of free disk space and click Import.

 Click the Accept button.

 After the import completes, select BIGIP_A_v11.5.1 from the Library menu, and then click Edit virtual machine settings.

 Adjust the Memory to 8192 MB.

 Select Hard Disk (SCSI), and then on the right-side of the window go to Utilities > Expand.

 Set the Maximum disk size (GB) to 80, and then click Expand.

 Select Hard Disk 2 (SCSI), and then on the right-side of the window go to Utilities > Expand.

 Set the Maximum disk size (GB) to 20, and then click Expand.

 Map the network adapters to the appropriate VMware networks using the following table: Network Adapter Custom (VMnet1)

Network Adapter 2 Custom (VMnet2) Network Adapter 3 Custom (VMnet3) Network Adapter 4 Bridged (Automatic)

(6)

Exercise 1.1 – Configure a New BIG-IP System Image

TASK 2 –Configure the BIG-IP System Management Interface Settings

Power on the BIG-IP system image and then configure the management port interface settings.

 Click BIGIP_A_v11.5.1 from the Library menu, and then click Power on this virtual machine

 After the BIG-IP system has powered on, log in to the BIG-IP system using the following credentials:

Username: root Password: default

 At the CLI prompt, type:

config

 Configure the management interface using the following information:

IP Address 10.128.1.245

Network Mask 255.255.255.0

Default Route 10.128.1.1

TASK 3 –Generate an Evaluation License Key

Use the Eval Key Generator on the F5 Licensing Tools Web page to generate a BIG-IP VE system license.

 Use a Web browser to access the F5 Licensing Tools Web site at http://license.f5net.com.

 Click Eval Key Generator, and log in using your Olympus credentials.

→NOTE: Ensure you are not selecting Dev Key Generator.

 Leave the Generate Eval Base Keys option selected.

 From the Product Line list box, select BIG-IP.

(7)

Exercise 1.1 – Configure a New BIG-IP System Image

 Select all of the checkbox options below, and then click Next.

The evaluation key is emailed to your F5.com address.

TASK 4 – Access the BIG-IP System and Complete the Setup Utility

Use a Web browser to access the management port of your BIG-IP system, and then complete the steps of the Setup Utility, including activating the BIG-IP system.

 Use a Web browser to access https://10.128.1.245.

 Log into the BIG-IP system using the following credentials:

Username: admin Password: admin

 On the Welcome page click Next.

 On the License page click Activate.

 Open the email from F5 Networks with your Evaluation Registration Key and copy the

Registration Key text.

 In the Setup Utility, in the Base Registration Key field, paste the registration key text.

 For Activation Method, select Manual, and then click Next.

 Select and copy all of the dossier text to your clipboard. (NOTE: Use Ctrl + A and then Ctrl + C.)

 Select Click here to access F5 Licensing Server.

 On the Activate F5 Product page, paste the dossier text in the field, and then click Next.

 Select to accept the legal agreement, and then click Next.

(8)

Exercise 1.1 – Configure a New BIG-IP System Image

 On the Setup Utility > License page, paste the license key text into the Step 3: License field, and then click Next.

The BIG-IP VE system configuration updates. This takes several seconds.

 After the configuration changes complete, log in to the BIG-IP system.

 On the Resource Provisioning page, ensure only Local Traffic (LTM) is set to Nominal and click Next.

 On the Device Certificate page click Next.

 On the Platform page, configure these settings using the following information, and then click Next.

Host Name bigipA.f5demo.com

Root Account (Password and Confirm) default

Admin Account (Password and Confirm) admin

You are prompted to log out and log back in to the BIG-IP VE system.

 Click OK, and then log back in to the BIG-IP VE system.

 Under Standard Network Configuration click Next.

 On the Redundant Device Wizard Options page, click Next.

 In the Internal Network Configuration and Internal VLAN Configuration sections, configure these settings using the following information, and then click Next.

Self IP: Address 10.128.20.241

Self IP: Netmask 255.255.255.0

Self IP: Port Lockdown Allow Default

Floating IP: Address 10.128.20.240

Floating IP: Port Lockdown Allow Default

VLAN Interfaces Untagged: 1.2

 In the External Network Configuration and External VLAN Configuration sections, configure these settings using the following information, and then click Finished.

External VLAN Create VLAN external

Self IP: Address 10.128.10.241

Self IP: Netmask 255.255.255.0

(9)

Exercise 1.1 – Configure a New BIG-IP System Image

 On the High Availability Network Configuration page, configure these settings using the following information, and then click Next.

High Availability VLAN Select existing VLAN

Select VLAN internal

Self IP: Address 10.128.20.241

Self IP: Netmask 255.255.255.0

 On the ConfigSync Configuration page, leave 10.128.20.241 (internal) selected and click Next.

 On the Failover Unicast Configuration page, leave the default settings and click Next.

 On the Mirroring Configuration page, leave the default settings and click Next.

 On the Active/Standby Pair page, under Advanced Device Management Configuration click Finished.

 Open the Network > Self IPs page and click 10.128.10.241.

 Add TCP port 22 to the Custom List and click Update.

TASK 5 – Import an SSL Certificate and Key

Import the wildcard.vlab.f5demo.com certificate and key, and then import the entrust_chain.crt certificate chain.

 Open the System > File Management > SSL Certificate List page, and then click Import.

 From the Import Type list, select Certificate.

 In the Certificate Name box type f5demo.

 Click the Browse button.

 Select the wildcard.vlab.f5demo.com.crt file, then click Open, and then click Import.

 Click the Import button again.

 From the Import Type list box, select Key.

 In the Key Name box, type f5demo.

 Select the wildcard.vlab.f5demo.com.pem file, and then click Open, and then click Import.

 From the Import Type list box, select Certificate.

 In the Key Name box, type chain.

(10)

Exercise 1.1 – Configure a New BIG-IP System Image

TASK 6 – Create a Client SSL Profile

Create a new client SSL profile using the f5demo certificate and key.

 Open the Local Traffic > Profiles > SSL > Client page, and then click Create.

 Create a client SSL profile using the following information:

Name f5demo_client_ssl

Certificate f5demo

Key f5demo

Chain chain

Pass Phrase Flibbidysass!

 Click Add, and then click Finished.

TASK 7 – Configure System Settings

Configure system preferences, DNS settings, and a default node monitor.

 Open the System > Preferences page, and update the following settings, and then click Update. o Idle Time Before Automatic Logout: 100000 seconds

o Security Banner Text:

Welcome to the F5 BIG-IP VE (Virtual Edition) vLab environment.

The vLab environment is intended for F5 Networks training and demonstration purposes only. You are not authorized to distribute the vLab to any other parties.

 Open the System > Configuration > Device > DNS page.

 For DNS Lookup Server List, enter 4.2.2.2, then click Add, and then click Update.

 Open the Local Traffic > Nodes > Default Monitor page.

(11)

Exercise 1.1 – Configure a New BIG-IP System Image

TASK 8 – Update Your Local Hosts File

Add several entries for your local hosts file..

 Right-click on Notepad in the Start menu, and then select to Run as Administrator.

 Open the C:\Windows\System32\drivers\etc\hosts file.

 Add the following entries:

10.128.10.35 dvwa.vlab.f5demo.com 10.128.10.36 epc.vlab.f5demo.com 10.128.10.37 webtop.vlab.f5demo.com 10.128.10.38 sso.vlab.f5demo.com 10.128.10.39 webscraping.vlab.f5demo.com 10.128.10.40 iapp.f5demo.com 10.128.10.40 iapp.vlab.f5demo.com 10.128.10.41 rdp.vlab.f5demo.com 10.128.10.45 access.vlab.f5demo.com 10.128.10.80 ssloffload.vlab.f5demo.com 10.128.10.81 ssliapp.vlab.f5demo.com 10.128.10.84 iapp84.f5demo.com 10.128.10.85 iapp85.f5demo.com 10.128.10.86 iapp86.vlab.f5demo.com

 Save and close the hosts file.

TASK 9 – Verify BIG-IP Network Configuration

 In the VMware library, click LAMP_3.4 from the menu, and then click Power on this virtual machine

 Open a Windows command prompt and type:

ping 10.128.10.241

 Use an SSH client to access 10.128.10.241.

 At the CLI prompt type:

ping 10.128.20.11

Both of the ping commands should succeed. If they do not, you should verify your VMware network settings. You can refer back to the LTM Fundamentals Hands-On Exercise Guide to review the settings.

TASK 10 – Create an Archive File and a VMware Snapshot

Create an archive file and a VMware snapshot which you’ll use as the starting point in all exercises.

 In the Configuration Utility, open the System > Archives page.

 Create a new archive file named bc_bigipA_clean_install_v11.5.1.

You will use this archive file as the starting point for all exercise guides and demonstration guides.

(12)

(13)

Exercise 1.2 – Configure a Second BIG-IP System Image

E

XERCISE

1.2 –

C

ONFIGURE A

S

ECOND

BIG-IP

S

YSTEM

I

MAGE

 These installation instructions are written for a Windows environment.

TASK 1 – Open the BIG-IP System VMware Image

Use VMware Workstation to open and install the BIG-IP system OVA file.

 In the VMware library, go to File > Open.

 Navigate to the location where you saved the BIG-IP image file, then select the

BIGIP-11.5.1.0.0.110.ALL-scsi.ova image file, and then click Open.

 Name the new virtual machine BIGIP_B_v11.5.1.

 Enter or browse to a location with at least 4GB of free disk space and click Import.

 Click the Accept button.

 After the import completes, select BIGIP_B_v11.5.1 from the Library menu, and then click Edit virtual machine settings.

 Adjust the Memory to 2048 MB.

 Map the network adapters to the appropriate VMware networks using the following table: Network Adapter Custom (VMnet1)

Network Adapter 2 Custom (VMnet2) Network Adapter 3 Custom (VMnet3) Network Adapter 4 Bridged (Automatic)

 Click OK.

TASK 2 –Configure the BIG-IP System Management Interface Settings

Power on the BIG-IP system image and then configure the management port interface settings.

 Click BIGIP_B_v11.5.1 from the Library menu, and then click Power on this virtual machine

 After the BIG-IP system has powered on, log in to the BIG-IP system, and at the CLI prompt, type:

config

 Configure the management interface using the following information:

IP Address 10.128.1.246

Network Mask 255.255.255.0

(14)

Exercise 1.2 – Configure a Second BIG-IP System Image

TASK 3 – Access the BIG-IP System and Complete the Setup Utility

Use a Web browser to access the management port of your BIG-IP system, and then complete the steps of the Setup Utility, including activating the BIG-IP system.

 Use a Web browser to access https://10.128.1.246.

 Log into the BIG-IP system using the following credentials:

Username: admin Password: admin

 On the Welcome page click Next.

 On the License page click Activate.

 Open the email from F5 Networks with your Evaluation Registration Key and copy the

Registration Key text.

 In the Setup Utility, in the Base Registration Key field, paste the registration key text.

 For Activation Method, select Manual, and then click Next.

 Select and copy all of the dossier text to your clipboard. (NOTE: Use Ctrl + A and then Ctrl + C.)

 Select Click here to access F5 Licensing Server.

 On the Activate F5 Product page, paste the dossier text in the field, and then click Next.

 Select to accept the legal agreement, and then click Next.

 Select and copy all of the license key text to your clipboard (NOTE: Use Ctrl + A and then Ctrl + C.), and then close the Activate F5 Product page.

 On the Setup Utility > License page, paste the license key text into the Step 3: License field, and then click Next.

The BIG-IP system configuration updates. This takes several seconds.

 After the configuration changes complete, log in to the BIG-IP system.

 On the Resource Provisioning page, ensure only Local Traffic (LTM) is set to Nominal and click Next.

 On the Device Certificate page click Next.

 On the Platform page, configure these settings using the following information, and then click Next.

Host Name bigipB.f5demo.com

Root Account (Password and Confirm) default

Admin Account (Password and Confirm) admin

(15)

Exercise 1.2 – Configure a Second BIG-IP System Image

 In the Internal Network Configuration and Internal VLAN Configuration sections, configure these settings using the following information, and then click Next.

Self IP: Address 10.128.20.242

Self IP: Netmask 255.255.255.0

Self IP: Port Lockdown Allow Default

Floating IP: Port Lockdown Allow Default

 In the External Network Configuration and External VLAN Configuration sections, configure these settings using the following information, and then click Finished.

External VLAN Create VLAN external

Self IP: Address 10.128.10.242

Self IP: Netmask 255.255.255.0

Self IP: Port Lockdown Allow 443

Default Gateway 10.128.10.2

Floating IP: Port Lockdown Allow 443

 On the High Availability Network Configuration page, configure these settings using the following information, and then click Next.

High Availability VLAN Select existing VLAN

Select VLAN Internal

Self IP: Address 10.128.20.242

Self IP: Netmask 255.255.255.0

 On the ConfigSync Configuration page click Next.

 On the Failover Configuration page, leave default settings and click Next.

 On the Mirroring Configuration page, leave default settings and click Next.

 On the Active/Standby Pair page click Finished.

 Open the Network > Self IPs page and click 10.128.10.242.

(16)

Exercise 1.2 – Configure a Second BIG-IP System Image

TASK 4 – Import an SSL Certificate and Key

Import the wildcard.vlab.f5demo.com certificate and key, and then import the Entrust certificate chain.

 Open the System > File Management > SSL Certificate List page, and then click Import.

 From the Import Type list, select Certificate.

 In the Certificate Name box type f5demo.

 Select the wildcard.vlab.f5demo.com.crt file, then click Open, and then click Import.

 From the Import Type list box, select Key.

 In the Key Name box, type f5demo.

 Select the wildcard.vlab.f5demo.com.pem file, and then click Open, and then click Import.

 From the Import Type list box, select Certificate.

 In the Key Name box, type chain.

 Select the entrust_chain.crt file, and then click Open, and then click Import.

TASK 5 – Create a Client SSL Profile

Create a new client SSL profile using the f5demo certificate and key.

 Open the Local Traffic > Profiles > SSL > Client page, and then click Create.

 Create a client SSL profile using the following information:

Name f5demo_client_ssl

Certificate f5demo

Key f5demo

Chain chain

Pass Phrase Flibbidysass!

(17)

Exercise 1.2 – Configure a Second BIG-IP System Image

TASK 6 – Configure System Settings

Configure system preferences, DNS settings, and a default node monitor.

 Open the System > Preferences page, and update the following settings, and then click Update. o Idle Time Before Automatic Logout: 100000 seconds

o Security Banner Text:

Welcome to the F5 BIG-IP VE (Virtual Edition) vLab environment.

The vLab environment is intended for F5 Networks training and demonstration purposes only. You are not authorized to distribute the vLab to any other parties.

 Open the System > Configuration > Device > DNS page.

 For DNS Lookup Server List, enter 4.2.2.2, then click Add, and then click Update.

 Open the Local Traffic > Nodes > Default Monitor page.

 Click icmp, and then click << to move it to the Active list, and then click Update.

TASK 7 – Verify BIG-IP Network Configuration

 In the a Windows command prompt window type:

ping 10.128.10.242

 Close the Command Prompt window.

 At the CLI prompt type:

ping 10.128.20.12

Both of the ping commands should succeed. If they do not, you should verify your VMware network settings. You can refer back to the LTM Fundamentals Hands-On Exercise Guide to review the settings.

 Close the SSH sessions.

TASK 8 – Create an Archive File and a VMware Snapshot

Create an archive file and a VMware snapshot which you’ll use as the starting point in all exercises.

 In the Configuration Utility, open the System > Archives page.

 Create a new archive file named bc_bigipB_clean_install_v11.5.1.

You will use this archive file as the starting point for all exercise guides and demonstration guides.

 In the VMware library, shut down the BIGIP_B_v11.5.1 image.

(18)

Exercise 1.2 – Configure a Second BIG-IP System Image

TASK 9 – Download the DoS_Tool Virtual Image

Download and unzip the DoS_Tool VMware back-end server image.

 Access and log in to the F5 product download page at https://downloads.f5.com/esd/productlines.jsp.

 Click Virtual Lab Environment (vLab).

 Ensure that 3.0 is selected in the version list box.

 Click vLab_files, and then accept the software terms and conditions.

 Download the DoS_Tool_3.0.zip file.

 Unzip the file in the local directory you created when setting up vLab.

TASK 10 – Install the DoS_Tool VMware Image

Use VMware Workstation to open and install the DoS_Tool VMware server images.

 In the VMware library, select File > Open.

 Navigate to the location where you saved the DoS_Tool image, then select DoS_Tool_3.0.vmx, and then click Open.

 Click Take Ownership.

 Select DoS_Tool_3.0 from the Library bar, and then select Edit virtual machine settings.

 Map the network adapters to the correct networks using the following table: Network Adapter Connect at power on (yes) Custom (VMnet3)

 Click OK.

 Right-click DoS_Tool_3.0 in the Library bar and select Snapshot > Take Snapshot. Name the snapshot DoS_Tool_3.0_Clean, and then click Take Snapshot.

(19)

Exercise 2.1 – Configuring Device and Traffic Groups

LTM

H

ANDS

-O

N

E

XERCISES

E

XERCISE

2.1 –

C

ONFIGURING

D

EVICE AND

T

RAFFIC

G

ROUPS

 You will need both the BIGIP_A_v11.5.1 and BIGIP_B_v11.5.1 images for this exercise. Each task states on which BIG-IP system you should complete the task.

TASK 1 – Configure the Device Settings on Both BIG-IP Systems

Configure the device settings for both BIG-IP systems.

 In the VMware library, power on the BIGIP_A_v11.5.1, BIGIP_B_v11.5.1, and LAMP_3.4 images.

On bigipA.f5demo.com

 Access and log in to BIGIP_A_v11.5.1.

 Open the Device Management > Devices page, and then click bigipA.f5demo.com (Self).

 Edit the HA Capacity to 5, and then click Update.

 Open the Device Connectivity > ConfigSync page.

 From the Local Address list, ensure that 10.128.20.241 (internal) is selected and click Update.

 Open the Device Connectivity > Network Failover page.

 In the Failover Unicast Configuration section, ensure that both 10.128.1.245 and 10.128.20.241 are listed.

→NOTE: These values were assigned during the Setup Utility.

On bigipB.f5demo.com

 Access and log in to BIGIP_B_v11.5.1.

 Open the Device Management > Devices page, and then click bigipB.f5demo.com (Self).

 Edit the HA Capacity to 5, and then click Update.

(20)

Exercise 2.1 – Configuring Device and Traffic Groups

 Open the Device Connectivity > Network Failover page.

 In the Failover Unicast Configuration section, ensure that both 10.128.1.246 and 10.128.20.242 are listed.

 Before moving on, note the status of both BIG-IP systems

TASK 2 – Configure the Device Trust

On bigipB.f5demo.com, set up the device trust that will be used by both BIG-IP systems.

 Open the Device Management > Device Trust > Peer List page, and then click Add.

 In the Device IP Address field, type 10.128.1.245.

 Enter admin for the Administrator Username and Administrator Password.

 Click Retrieve Device Information.

 Verify that the Device Properties: Name value is bigipA.f5demo.com and click Finished.

TASK 3 – Verify the Device Trust

On bigipA.f5demo.com, verify the device trust you created in the previous task.

(21)

Exercise 2.1 – Configuring Device and Traffic Groups

TASK 4 – Configure the Device Group

On bigipB.f5demo.com, set up the new device group that will be used by both BIG-IP systems.

 Open the Device Management > Device Groups page, and then click Create. (ENSURE you are on bigipB.f5demo.com.)

 Create a device group using the following information, and then click Finished.

Name new_device_group

Group Type Sync-Failover

Members bigipA.f5demo.com bigipB.f5demo.com

Network Failover Yes (selected)

Automatic Sync No

Full Sync No

 Note the status of bigipB.f5demo.com.

 Click Awaiting Initial Sync.

 In the Devices section, click bigipB.f5demo.com (Self).

 Leave the Sync Device to Group option selected.

 Select the Overwrite Configuration checkbox, and then click Sync.

 Click OK.

(22)

Exercise 2.1 – Configuring Device and Traffic Groups

 Note the status of bigipB.f5demo.com.

 Note the status of bigipA.f5demo.com.

→NOTE: If synchronization didn’t succeed, see your instructor.

 Create a pool using the following information, and then click Finished.

Name p80_pool

Health Monitors http

Members Address Service Port

10.128.20.11 80 10.128.20.12 80 10.128.20.13 80

 Create a virtual server using the following information, and then click Finished.

Name p80_virtual

Destination Host: 10.128.10.20:80

HTTP Profile http

Source Address Translation Auto Map

Default Pool p80_ pool

 Note the updated status of bigipB.f5demo.com.

(23)

Exercise 2.1 – Configuring Device and Traffic Groups

 Once the status changes to ONLINE (STANDBY) – In Sync, verify that both p80_virtual and p80_pool are present.

(24)

Exercise 2.1 – Configuring Device and Traffic Groups

TASK 5 – Verify the Traffic Group

On bigipB.f5demo.com, verify the configuration settings of the default traffic group.

 Open the Device Management > Traffic Groups page, and then click traffic-group-1. Questions:

What is the current device? _______________________________ What is the next active device? _______________________________

 Open the Failover Objects page.

Question:

How many failover objects are there? _______________

 Use a new tab to access http://10.128.10.20.

 View the Virtual Server statistics pages for bigipA.f5demo.com and bigipB.f5demo.com. Question:

Which BIG-IP system processed this client request? _______________________

 Reset the virtual server statistics on bigipB.f5demo.com.

TASK 6 – Test Failover

Test failover from the active BIG-IP system to the standby BIG-IP system.

(25)

Exercise 2.1 – Configuring Device and Traffic Groups

Question:

Which BIG-IP system processed this client request? _________________________

 Use a new tab to access https://10.128.10.240, and examine the Hostname value on the logon page (do not log in to the BIG-IP system).

Question:

Which BIG-IP system are you accessing? __________________________________

 Open the Device Management > Traffic Groups page, and then click traffic-group-1.

 Click Force to Standby, and then click OK.

 Refresh the BIG-IP system logon page, and examine the Hostname value. Question:

Which BIG-IP system are you accessing? __________________________________

 Close the BIG-IP system logon page.

TASK 7 – Create an Active/Active Pair

Change from an Active/Standby pair to an Active/Active pair.

 On the Traffic Groups page, click Create.

 Create a traffic group using the following information, and then click Finished.

Name traffic-group-2

MAC Masquerade Address Leave blank

Failover Method HA Order

Auto Failback Disabled (leave cleared)

Failover Order bigipA.f5demo.com bigipB.f5demo.com

(26)

Exercise 2.1 – Configuring Device and Traffic Groups

SSL Profile (Client) clientssl

Default Pool p80_ pool

 Create a self IP address using the following information, and then click Finished.

Name 10.128.20.239

IP Address 10.128.20.239

Netmask 255.255.255.0

VLAN / Tunnel internal

Port Lockdown Allow Default

Traffic Group traffic-group-2 (floating)

 Click Changes Pending.

 Select bigipB.f5demo.com (Self).

 Select the Overwrite Configuration checkbox, then click Sync, and then click OK.

 Once the synchronization is complete, open the Device Management > Traffic Groups page, then click

traffic-group-2, and then open the Failover Objects page.

Question:

How many failover objects are included in this traffic group? _____________

 Open the Local Traffic > Virtual Servers > Virtual Address List page, and then click 10.128.10.21.

 From the Traffic Group list box, select traffic-group-2 (floating), and then click Update.

 Open the Device Management > Traffic Groups page, then click traffic-group-2, and then open the

(27)

Exercise 2.1 – Configuring Device and Traffic Groups

 Click Changes Pending.

→NOTE: If your BIG-IP system displays “Not All Devices Synced”, open the Device Management > Overview page.

 Click bigipB.f5demo.com (Self).

 Select the Overwrite Configuration checkbox, then click Sync, and then click OK.

 Note the status of both BIG-IP systems. You still have an Active/Standby pair.

 Open the traffic-group-2 Properties page, then click Force to Standby, and then click OK.

 Note the status of both BIG-IP systems.

Both BIG-IP systems now display as ONLINE (ACTIVE). You now have an Active/Active pair

 Reset the Virtual Server statistics pages for bigipA.f5demo.com and bigipB.f5demo.com.

 Refresh the Virtual Server statistics pages for bigipA.f5demo.com and bigipB.f5demo.com. Question:

 Use a new tab to access https://10.128.10.21.

 Refresh the Virtual Server statistics pages for bigipA.f5demo.com and bigipB.f5demo.com. Question:

(28)

Exercise 2.1 – Configuring Device and Traffic Groups

TASK 8 – Use Automatic Sync

Change the device group to use automatic synchronization.

 Open the Device Management > Device Groups page, and then click new_device_group.

 Select the Automatic Sync checkbox, and then click Update.

 Open the Virtual Servers List page, and then click p80_virtual.

 From the HTTP Compression Profile list box, select httpcompression, and then click Update.

 Open p80_virtual and verify that the update was automatically synchronized.

 Open the Virtual Servers List page, and then click p443_virtual.

 From the OneConnect Profile list box, select oneconnect, and then click Update.

 Open p443_virtual and verify that the update was automatically synchronized.

 Create an archive file named bc_bigipB_2.1_ha_v11.5.1.

 Restore using the bc_bigipB_clean_install_v11.5.1 archive file.

 In the VMware library, power off the BIGIP_B_v11.5.1 image.

 Create an archive file named bc_bigipA_2.1_ha_v11.5.1.

(29)

Exercise 2.2 – Using Policies to Manage Traffic

E

XERCISE

2.2 –

U

SING

P

OLICIES TO

M

ANAGE

T

RAFFIC

 Required virtual images: BIGIP_A_v11.5.1, LAMP_3.4

TASK 1 – Create a Redirect Policy

Create a policy that identifies requests for the /basic/ directory on the Web server and ensures that the requests always use HTTPS.

 Power on the BIGIP_A_v11.5.1 and LAMP_3.4 images.

 Verify that you have restored using bc_bigipA_clean_install_v11.5.1 (the status of the BIG-IP system should read ONLINE (ACTIVE): Standalone).

 Open the Local Traffic > Policies > Policy List page, and then click Create.

 Create a policy using the following information:

Name file_redirection

Requires http

Controls forwarding

 In the Rules section, click Add.

 Name the rule redirect_basic_directory_requests.

 In the Rule Properties section, configure the Conditions section using the following information:

Operand http-uri Event request* Selector path Condition starts-with Values /basic/ Click Add  Click Add.

(30)

Exercise 2.2 – Using Policies to Manage Traffic

 At the bottom of the page, configure the Actions section using the following information:

Target http-reply

Event request

Action redirect

Parameters location*

location text https://[HTTP::host][HTTP::uri] Click Add

 Click Add.

 Configure another item in the Actions section using the following information:

Target log

Event request

Action write

Parameters message*

Message text A secure redirect was issued for /basic access Click Add

 Click Add.

 Click Finished.

TASK 2 – Attach the Policy to a Virtual Server

Add file_redirection to a new virtual server.

 Create a pool using the following information, and then click Finished.

Name php_pool

10.128.20.11 80 10.128.20.12 80

(31)

Exercise 2.2 – Using Policies to Manage Traffic

 Create another virtual server using the following information, and then click Finished.

SSL Profile (Client) clientssl

Default Pool php_pool

TASK 3 – Verify Policy Enforcement

Test the new policy by accessing the virtual server and then selecting a page in the /basic/ directory.

 At the CLI prompt, type:

tail –f /var/log/ltm

 Press the Enter key several times to clear the log entries.

 Use a new tab to access http://10.128.10.20. Questions:

Did this request generate a log entry? __________________ Was this request redirected to HTTPS? __________________

 In the Authentication Examples section, click Basic Authentication.

 When prompted, use the following credentials:

Username: corpuser Password: password

Questions:

Did this request generate a log entry? __________________ Was this request redirected to HTTPS? __________________

(32)

Exercise 2.2 – Using Policies to Manage Traffic

TASK 4 – Create a Policy to Direct Traffic Based on Directory Structure

Add a new rule for the existing policy that identifies requests for images and sends them to a specific pool.

 In the Configuration Utility, create a pool using the following information, and then click Finished.

Name image_pool

10.128.20.14 80 10.128.20.15 80

 Open the Local Traffic > Policies > Policy List page, then click file_redirection, and then click Add.

 Name the new rule redirect_image_requests.

 Configure the condition using the following information:

Operand http-uri

Event request*

Selector path

Condition contains

Values /images/ (Click Add)

 Click Add.

 At the bottom of the page, configure an action using the following information:

Target forward

Event request

Action select

Parameters pool

pool /Common/image_pool (Click Add)

 Click Add.

 Configure another action:

Target log

Event request

Action write

Parameters message*

(33)

Exercise 2.2 – Using Policies to Manage Traffic

TASK 5 –Test the Updated Policy

Test the updated policy.

 Open the Virtual Server List page, then click p80_virtual, and then open the Resources page.

 In the Policies section, click Manage.

 Select file_redirection, then click >>, and then click Finished.

The index.php page and all images currently come from node 1 or node 2, which are members of

php_pool.

 In the Configuration Utility, in the Policies section, click Manage.

 Select file_redirection, then click <<, and then click Finished.

 Refresh the F5 vLab Test Web Site page. Questions:

Did the index.php page come from either node 1 or node 2? __________________ Did all of the images come from either node 4 or node 5? __________________

 Close the F5 VLab Test Web Site page.

 Create a new archive file named bc_2.2_bigipA_ltm_policies_v11.5.1.

 In the VMware library, shut down the BIGIP_A_v11.5.1 image.

 Create a VMware snapshot of the BIGIP_A_v11.5.1 image named BIGIP_LTM.

(34)

(35)

Exercise 3.1 – Creating a DNS Services Listener

GTM

H

ANDS

-O

N

E

XERCISES

E

XERCISE

3.1 –

C

REATING A

DNS

S

ERVICES

L

ISTENER

TASK 1 – Provision Global Traffic Manager

Provision GTM on the BIG-IP system.

 Verify that you have restored from the BIGIP_A_clean_install snapshot (you should NOT have any virtual servers).

 Open the System > Resource Provisioning page. o Leave Local Traffic (LTM) set to Nominal. o Set Global Traffic (GTM) to Nominal.

 Click Submit, and then click OK.

 Once the provisioning is complete, click Continue.

TASK 2 – Renew the Device Certificate and Allow the iQuery Protocol

Renew the system-supplied device certificates, and allow port 4353 on bigipA.f5demo.com.

 Open the System > Device Certificates > Device Certificate page, and then click Renew.

 Edit the certificate properties using the following information, and then click Finished.

Common Name bigipA.f5demo.com

Division IT

Organization F5 Networks

Locality Seattle

State or Province Washington

Country United States

Lifetime 3650 The BIG-IP system is redirected.

(36)

Exercise 3.1 – Creating a DNS Services Listener

 Add TCP port 4353, and then click Update.

TASK 3 – Create LTM Pools and Virtual Servers

Create three pools and virtual servers.

 Create a new pool using the following information, and then click Finished.

Name p80_pool12

Members 10.128.20.11:80 10.128.20.12:80

 Create another pool using the following information, and then click Finished.

Name p80_pool34

Members 10.128.20.13:80 10.128.20.14:80

 Create a new virtual server using the following information, and then click Finished.

Name p80_virtual1

Destination Address 10.128.10.20

Service Port 80

Default Pool p80_pool12

 Create another virtual server using the following information, and then click Finished.

Name p80_virtual2

Service Port 80

(37)

Exercise 3.1 – Creating a DNS Services Listener

TASK 4 – Install and Configure Dig

Install and configure dig on your Windows workstation.

→NOTE: For Mac users, you should install dig in the Windows 7 image.

 Use a new tab to access http://www.question-defense.com/wp-content/uploads/dig-files3.zip.

 Download dig-files3.zip to your Windows workstation.

 Create a new directory named C:\dig, and then extract the dig files to the new directory.

 Open C:\dig, and move msvcr70.dll to the C:\Windows\System32 directory.

 Copy resolv.conf to the C:\Windows\System32\drivers\etc directory.

 From the Exercise_Files folder, extract dig-files3.zip to a new folder on your workstation.

 Open the Start menu, and then type environment in the search bar.

 Click Edit environment variables for your account.

 In the Environment Variables dialog box, in the User variables for <username> section, do one of the following:

o If there is an existing path variable:  Select path, and then click Edit.

 At the end of the existing Variable value, add a semi-colon, and then type C:\dig. o If there is not an existing path variable:

 Click New.

 Name the new variable path.

 In the Variable value field, type C:\dig.

(38)

Exercise 3.1 – Creating a DNS Services Listener

TASK 5 – Create a DNS Profile, Pool, and Listener

Create a DNS profile, a DNS pool, and a DNS listener.

 Open the DNS > Delivery > Profiles > DNS page, and then click Create.

 Name the new profile dns_profile, accept all default settings, and then click Finished.

 Create an LTM pool using the following information, and then click Finished.

Name bind_server_pool

Health Monitors tcp

Members 10.128.20.11:53 10.128.20.12:53 10.128.20.13:53

 Open the DNS > Delivery > Listeners > Listener List page, and then click Create.

 Create a DNS listener using the following information, and then click Finished.

Name dns_listener

Destination: Host Address: 10.128.10.230

Listener settings Advanced

Address Translation Enabled

DNS Profile dns_profile

Default Pool bind_server_pool

 On your host PC, open a command prompt window, and at the command prompt type:

dig @10.128.10.230 app3.f5demo.com

app3.f5demo.com is resolved to 10.128.20.16.

 In the command prompt window type:

dig @10.128.10.230 dvwa.f5demo.com dig @10.128.10.230 server2.f5demo.com

dvwa.f5demo.com is resolved to 10.128.20.17, and server2.f5demo.com is resolved to 10.128.20.12.

(39)

Exercise 3.1 – Creating a DNS Services Listener

TASK 6 – Configure a DNS Express Zone

Set up a DSN Express zone, which will pull a zone transfer from the external DNS server.

 Open the DNS > Delivery > Profiles > Services > DNS page, and the click dns_profile.

 Note that DNS Express is set to Enabled.

 Open the DNS > Delivery > Nameservers > Nameserver List page, and then click Create.

 Create a name server using the following information, and then click Finished.

Name f5demo.com

Target IP Address 10.128.20.252

 Open the DNS > Zones > Zones > Zone List page, and then click Create.

 Create a DNS Express zone using the following information, and then click Finished.

Name f5demo.com

DNS Express: Server f5demo.com Nameservers f5demo.com

(40)

Exercise 3.1 – Creating a DNS Services Listener

TASK 7 – Test DNS Express

Using Putty and the command prompt, test that the DNS zone transfer was successful and that the BIG-IP system is now answering DNS requests.

→NOTE: It’s recommended to resize the Putty window to about twice its default width.

 At the CLI, type:

tail –f /var/log/ltm

There should be a line at the end of the log file regarding the scheduling of and transferring of zone files from 10.128.20.252.

 Type Ctrl+C, and then type:

dnsxdump

This displays the DNS names that were transferred to the BIG-IP system.

 Close the SSH session.

dig @10.128.10.230 lamp.f5demo.com dig @10.128.10.230 server5.f5demo.com

 In the Configuration Utility, open the Statistics > Module Statistics > Local Traffic page, and then view the Pools statistics.

DNS traffic is no longer being routed to bind_server_pool. The BIG-IP system is resolving all DNS requests.

TASK 8 – Add a GTM Wide IP

Add a wide IP and attach an iRule to illustrate the precedence a wide IP has over a listener.

 Open the DNS > GSLB > iRules page, and click Create.

 Create a DNS iRule using the following information, and then click Create.

Name dns_host

Definition when DNS_REQUEST { host 10.2.2.2 }

(41)

Exercise 3.1 – Creating a DNS Services Listener

app3.f5demo.com is now resolved to 10.2.2.2.The wide IP was processed before the DNS listener.

 In the Configuration Utility, on the Wide IP List page, delete app3.f5demo.com.

app3.f5demo.com is once again resolved to 10.128.20.16.

There is still no DNS request traffic being directed to bind_server_pool.

 Open the DNS > Delivery > Profiles > DNS page, and then click dns_profile.

 Set the DNS Express setting to Disabled, and then click Update.

 Close the command prompt.

DNS request traffic is once again being directed to bind_server_pool.

(42)

(43)

Exercise 3.2 –Data Centers and Servers

E

XERCISE

3.2 –

D

ATA

C

ENTERS AND

S

ERVERS

 Required virtual images: BIGIP_A_v11.5.1, BIGIP_B_v11.5.1, LAMP_3.4

 All of these tasks are performed on BIGIP_A_v11.5.1.

TASK 1 – Renew the Device Certificate for bigipB.f5demo.com

On bigipB.f5demo.com, renew the system-supplied device certificates, which are only good for 1 year.

 Power on the BIGIP_A_v11.5.1, BIGIP_B_v11.5.1, and LAMP_3.4 images.

 Access and log in to BIGIP_B_v11.5.1.

 Verify that you have restored using bc_bigipB_clean_install_v11.5.1 (the status of the BIG-IP system should read ONLINE (ACTIVE): Standalone).

 Open the System > Device Certificates > Device Certificate page, and then click Renew.

 Edit the certificate properties using the following information, and then click Finished.

Common Name bigipB.f5demo.com

Division IT

Organization F5 Networks

Locality Seattle

State or Province Washington

Country United States

Lifetime 3650

TASK 2 – Delete Floating Self IPs and Allow the iQuery Protocol

Delete self IP addresses from bigipB.f5demo.com, and allow port 4353 to the Port Lockdown allow list.

 Open the Network > Self IPs page, and then delete both 10.128.10.240 and 10.128.20.240.

→NOTE: These need to be deleted so we don’t have duplicate IPs with bigipB.f5demo.com since

we’re not in a Device Group anymore.

 On the Self IPs page, click 10.128.10.242.

(44)

Exercise 3.2 –Data Centers and Servers

TASK 3 – Create a Web Application on bigipB.f5demo.com

On bigipB.f5demo.com, create a pool and a virtual server.

 Create a new pool using the following information, and then click Finished.

Name bigipB_pool

Members 10.128.20.15:80 10.128.20.18:80

 Create a new virtual server object using the following information, and then click Finished.

Name bigipB_virtual

Service Port 80

Default Pool bigipB_pool

TASK 4 – Create the Data Centers

On bigipA.f5demo.com, create two data center objects, one for the primary data center in Seattle, the other for the backup data center in Dallas.

 Open the DNS> GSLB > Data Centers > Data Center List page, and then click Create.

 Create a data center using the following information, and then click Repeat.

Name Active_DC

Location Seattle, WA

Contact <enter your name>

 Create another data center using the following information, and then click Finished.

Name Backup_DC

Location Dallas, TX

(45)

Exercise 3.2 –Data Centers and Servers

TASK 5 – Create a Server Object for bigipA.f5demo.com

Create your first server object for the Active data center, which will represent bigipA.f5demo.com.

 Open the DNS> GSLB > Servers > Server List page, and then click Create.

 Create a server using the following information, and then click Create.

Name bigipA.f5demo.com

Product BIG-IP System (Single)

Address 10.128.10.241 (Click Add)

Data Center Active_DC

Health Monitor bigip

Within several seconds the status of the server will change to Available (Enabled). You may need to refresh the Web page.

TASK 6 – Prepare to Add BIG-IP Server Objects

Log on to the CLI on bigipA.f5demo.com and run bigip_add and big3d_install against bigipB.f5demo.com.

 Open the DNS> GSLB > Servers > Trusted Server Certificates page. Question:

For which devices does GTM have a trusted certificate?

_______________________________________________________________________

 From the CLI run the following commands (enter yes and default when prompted):

bigip_add 10.128.1.246 big3d_install 10.128.1.246

 Close the SSH session.

 Refresh the DNS> GSLB > Servers > Trusted Server Certificates page. Now, which devices does GTM have a trusted certificate for?

(46)

Exercise 3.2 –Data Centers and Servers

TASK 7 – Create a Second BIG-IP System Server Object

Add bigipB.f5demo.com as a server object within the backup data center.

Name bigipB.f5demo.com

Product BIG-IP System (Single)

Data Center Backup_DC

Health Monitor bigip

 Create an archive file named bc_3.2_bigipA_gtm_server_objects_v11.5.1.

(47)

Exercise 3.3 – Virtual Servers, Pools, and Wide IPs

E

XERCISE

3.3 –V

IRTUAL

S

ERVERS

,

P

OOLS AND

W

IDE

IP

S

 Required virtual images: BIGIP_A_v11.5.1, BIGIP_B_v11.5.1, LAMP_3.4

 All of these tasks are performed on BIGIP_A_v11.5.1.

TASK 1 – Discover Virtual Servers for BIG-IP Server Objects

Use the Virtual Server Discovery feature to find the virtual servers on bigipA.f5demo.com and

bigipB.f5demo.com.

 Power on the BIGIP_A_v11.5.1, BIGIP_B_v11.5.1, and LAMP_3.4 images.

 Verify that you have restored using bc_3.2_bigipA_gtm_server_objects_v11.5.1 (there should be two server objects on the DNS > GSLB > Servers > Server List page).

 Open the DNS> GSLB > Servers > Server List page.

 Click bigipA.f5demo.com, and then open the Virtual Servers page.

 From the Virtual Server Discovery list box, select Enabled, and then click Update.

 Open the DNS> GSLB > Servers > Server List page.

 Click bigipB.f5demo.com, and then open the Virtual Servers page.

 From the Virtual Server Discovery list box, select Enabled, and then click Update.

 Open the DNS> GSLB > Servers > Server List page and continue to refresh the page.

Continue to refresh the page. Within several seconds, GTM will discover the virtual servers on both

bigipA.f5demo.com and bigipB.f5demo.com.

(48)

Exercise 3.3 – Virtual Servers, Pools, and Wide IPs

TASK 3 – Create GTM Pools and a Wide IP

Create two GTM Pools, and one wide IP for app3.f5demo.com

 Open the DNS> GSLB > Pools > Pool List page, and then click Create.

→NOTE: Be sure you’re displaying the DNS > GSLB pool list page, not the LTM pool list page.

 Create a GTM pool using the following information, and then click Finished.

Name bigipA_gtmpool

Load Balancing Method

Preferred: Round Robin

Member List /Common/p80_virtual1 (/Common/bigipA.f5demo.com) – 10.128.10.20:80 /Common/p80_virtual2 (/Common/bigipA.f5demo.com) – 10.128.10.30:80 (Click Add for each member)

 Create another GTM pool using the following information, and then click Finished.

Name bigipB_gtmpool

Load Balancing Method

Round Robin

Member List /Common/bigipB_virtual (/Common/bigipB.f5demo.com) – 10.128.10.99:80 (Click Add)

 Open the DNS> GSLB > Wide IPs > Wide IP List page, and then click Create.

 Create a wide IP using the following information, and then click Finished.

Name app3.f5demo.com

Load Balancing Method Round Robin

Pool List bigipA_gtmpool bigipB_gtmpool

(Click Add for each member)

(49)

Exercise 3.3 – Virtual Servers, Pools, and Wide IPs

TASK 4 – Test the Wide IP and modify using Monitors

Test the wide IP using the dig command, and then test using monitors.

 On your host PC, open a command prompt window and type the following command several times:

The BIG-IP system alternates between 10.128.10.30 and 10.128.10.20 (both from bigipA_gtmpool) and 10.128.10.99 (from bigipB_gtmpool).

 Open the Local Traffic > Monitors page, and then click Create.

→NOTE: Be sure you’re displaying the LTM monitors page, not the DNS > GSLB monitors page.

 Create a monitor using the following information, and then click Finished.

Name http_down

Type http

Interval 2

Timeout 7

Receive String Node #7

 Open the Pool List page, and then on both p80_pool12 and p80_pool34, replace http with http_down.

 Open the Pool List page, and continue to refresh the page until the status of both pools turns red (down).

 In the command prompt type the following command several times:

After several seconds, the BIG-IP system returns only 10.128.10.99 (from bigipB_gtmpool).

 On the Pool List page, open p80_pool12 and replace http_down with http.

After several seconds, the BIG-IP system alternates between 10.128.10.20 (from bigipA_gtmpool) and 10.128.10.99 (from bigipB_gtmpool).

 On the Pool List page, open p80_pool34 and replace http_down with http.

 Create the same monitor that marks pool members down, and then assign the monitor to bigipB_pool.

 Open the Pool List page, and continue to refresh the page until the status of bigipB_pool turns red (down).

After several seconds, the BIG-IP system alternates between 10.128.10.30 and 10.128.10.20 (both from bigipA_gtmpool).

(50)

Exercise 3.3 – Virtual Servers, Pools, and Wide IPs

 Open the Pool List page, and then on both p80_pool12 and p80_pool34, replace http with http_down.

The BIG-IP system returns the IP address 10.128.20.16. Question:

Where is the 10.128.20.16 IP address answer coming from?

_______________________________________________________________________

 Replace http_down with http for all pools.

 Create an archive file named bc_3.3_bigipA_gtm_vs_pools_wips_v11.5.1.

 Replace http_down with http for bigipB_pool.

 Create an archive file named bc_3.3_bigipB_gtm_vs_pools_wips_v11.5.1.

 Use the bc_bigipB_clean_install_v11.5.1.ucs to restore your BIG-IP system.

(51)

Exercise 3.4 – GSLB Load Balancing Methods

E

XERCISE

3.4 –

GSLB

L

OAD

B

ALANCING

M

ETHODS

TASK 1 – Create Global Traffic Monitors

Create a custom HTTPS monitor to use for the pools of secure Web servers.

 Verify that you have restored using bc_3.3_bigipA_gtm_vs_pools_wips_v11.5.1 (there should be two objects on the DNS > GSLB > Pools > Pool List page).

 Open the DNS> GSLB > Monitors page, and then click Create.

→NOTE: Be sure you’re displaying the DNS > GSLB monitors page, not the LTM monitors page.

 Create a monitor using the following information, and then click Finished.

Name lamp_gtm_monitor

Type HTTPS

Send String GET /index.php\r\n

Receive String Test Web Site

TASK 2 – Create a Generic Host Server Object

Add a generic host object for LAMP_3.4 as a server object within the active data center.

Name lamp.f5demo.com

Product Generic Host

Data Center Active_DC

Health Monitor tcp

Although you assigned a monitor, the generic host server object remains Unknown because at this point it is just a container. Just as with the data centers the server status remains Unknown until a virtual server is created under the server object. The monitor is utilized to check the virtual servers under the server object.

(52)

Exercise 3.4 – GSLB Load Balancing Methods

TASK 3 – Create Virtual Servers and Pools for the Generic Host Server

Create virtual server objects for the lamp.f5demo.com server object.

 On the Server List page click lamp. f5demo.com.

 Open the Virtual Servers page, and then click Add.

 Add the following virtual servers (click Repeat between each entry, and Create for the last entry):

Name lamp_https1 lamp_https2 lamp_https4 lamp_https5

Address 10.128.20.11 10.128.20.12 10.128.20.14 10.128.20.15

Service Port 443 443 443 443

 Return to the Global Traffic > Servers > Server List page.

 Open the DNS> GSLB > Pools > Pool List page, and then click Create.

 Create a GTM pool using the following information, and then click Finished.

Name lamp_https_pool12 Health Monitors lamp_gtm_monitor Load Balancing Method Round Robin

Member List lamp_https1 (/Common/lamp.f5demo. com) – 10.128.20.11:443 lamp_https2 (/Common/lamp.f5demo. com) – 10.128.20.12:443 (Click Add for each member)

 Create another GTM pool using the following information, and then click Finished.

Name lamp_https_pool45 Health Monitors lamp_gtm_monitor Load Balancing Method Round Robin

Member List lamp_https4 (/Common/lamp.f5demo. com) – 10.128.20.14:443 lamp_https5 (/Common/lamp.f5demo. com) – 10.128.20.15:443 (Click Add for each member)