F5 Networks Training BIG-IP° LTM V10 Advanced Topics = . bs Student Guide | = a OWT ONKS BIG-IP® LTM Advanced Topics Student Guide - © 2009 F5 Networks, Inc. 6/15/2009P2 Preface BIG-IP® LTM V10 Advanced Topics Student Guide Twelfth Printing June 2009 This manual was written for BIG-IP® Local Trafic Manager version 10.0.0. Although some of the features discussed in his course were added with the v10.0.0 version most ofthe concepts apply to previous versions of BIG-IP® LTM, (© 2008, F5 Networks, Inc.All rights reserved. CH verwanls Support and Contact Information Obtaining Technical Support Web tech £5.com (Ask FS) Phone (206) 272-6888 Email (support issues) [email protected] Email (cuggestions) [email protected] Contacting F5 Networks Web www.f5.com Email [email protected] & [email protected] FS Networks, Ine. FS Networks, Lid. FS Networks, Inc FS Networks, Ine. Corporate Office United Kingdom Asia Pacific Japan 401 Elliot Avenue West Chertsey Gate West 5 Temasek Boulevard ‘Akasaka Garden City 19F Seat, Washington 98119 Chertsey Suey KTI68AP #08-01/02 Suntec Tower 418-1 Akasaka, Minato-ku T (888) 88B1G-1P United Kingdom Singapore, 038985 Tokyo 107-0082 Japan ‘T(44) 01932 582-000 'T (65) 6833-6108 1 (81)3 5114-3200 F (206) 272-8857 F (44) 01932 582-001 F (65) 6833-6106 F (Bi) 35114-3201 Trainin EMEATraining [email protected] [email protected] BIG-IP® LTM Advanced Topics Student Guide ~ © 2009 FS Networks, Inc.rnrwiinwinwirrierrnirnredinn Preface P-3 Legal Notices Copyright Copyright 2008, 5 Networks, ne. 5 Networks ne. (F) believes the information it fumishes tobe aeurate and reliable. However, FS assumes no responsiblity forthe use ofthis information, nor any infringement of patents or oter iets of third parties which may rel from ts se. No licens is ranted by implication or oerwie unde ny patent, copyrah orth intelectual propery right of FS except as specifically described by applicable user licenses. FS reserves the righ to change specifications at any time without notice, rights reserved. Trademarks. F5, PS Networks, the FS logo, BIG-IP, 3-DNS, Acopia, Acopia Networks, Application Accelerator, Ask FS, Application ‘Security Manager, ASM, ARK, Data Guard, Enterprise Manager, EM, FirePass, FreedomFabric, Global Traffic Manager, GTM, iControl, Intelligent Browser Referencing, Internet Control Architecture, IP Application Switch, Rules, Link Controller, LC, Local Traffic Manager, LTM, Message Security Module, MSM, NetClera, OneConnect, Packet Velocity, Secure Access Manager, SAM, SSL Accelerator, SYN Check, Traffic Management Operating System, TMOS, ‘TraficShield, Transparent Data Reduction, uRoam, VIPRION, WANJet, Web Accelerator, and ZoneRunner are trademarks ‘of service marks of FS Networks, Inc. in the U.S. and other countries, and may not be used without FSs express written Patents ‘This product protected by U:S. Patents] 6,374,300; 6,473,802; 6,970,933; 7,051,126; 7,102,996; 7,146,354; 7,197,661; 7,206,282; 7,287,084, Other patents pending. Export Regulation Notice This product may include eryptographic software. Under the Export Administration Act, the United States government may consider it a criminal offense to export this product fom the United States. RF Interference Warning ‘This is a Class A product. Ina domestic environment this product may cause radio interference, in which case the user may be required to take adequate measures FCC Compliance ‘This equipment has been tested and found to comply with the limits fora Class A digital device pursuant to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is ‘operated in a commercial environment. This unit generates, uses, and can radiate radio frequency energy and, i not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment ina residential area i likely to cause harmful interference, in which case the use, at his own expense, will be required to take whatever measures may be required to correct the interference. Any modifications to this device, unless expressly approved by the manufacturer, can void the user's authority to operate this equipment under part 15 ofthe FCC rules Canadian Regulatory Compliance ‘This Clas A digital apparatus complies with Canadian ICES-008, Standards Compliance ‘This product conforms tothe IEC, European Union, ANSVUL and Canadian CSA standards applicable to Information ‘Technology products at the time of manufacture. BIG-IP® LTM Advanced Topics Student Gui je — © 2009 FS Networks, Inc.PA Preface F5 Networks Ensuring The Secure and Optimized Delivery Of Applications As the pioneer in Application Delivery Networks, F5 continues to lead the industry by driving more intelligence into the network to deliver advanced application agility. FS products ensure the secure and optimized delivery of applications to any user, using any device, anywhere in the world. Through its flexible and cohesive architecture, F5 delivers unmatched value by improving the way organizations serve their employees, customers and constituents—while dramatically lowering operational costs. F5's application delivery network products provide: * Application Optimization F5's architecture automatically assigns every application the right mix of availability, security, and performance at the network level, further optimizing their performance. * Application Security FS's Application Traffic Management architecture supports integrated security features that protect the delivery of applications by enforcing security policies at the edge of the network, before a session is allowed, Application Delivery F5's architecture delivers the raw horsepower, based on tightly integrated security, availability, scalability - all of which work together to deliver exceptional throughput and transaction performance. F5 Product Suite Overview FS products address the three main areas of Application Delivery Networking: Application Security, Application Optimization and Application Availability Regardless of your network application pain, FS has a solution. And because we recognize that each network issue has an impact upon other critical areas, F5 products share powerful attributes across the industry's only integrated platform - TMOS. TMOS includes the iControl API, which allows FS products to communicate with each other and implement extremely flexible policies in the form of ‘Rules. An active developer community, unique to F5, creates and shares customized iRules for enforcing virtually any kind of application-delivery behavior. The result is elegant and powerful solutions to protect you from security threats, network failures and traffic congestion, while putting in place an architecture for the future. F5 Products include: "= BIG-IP Local Traffic Manager (LTM) "= BIG-IP Global Traffic Manager (GTM) "= BIG-IP Link Controller (LO) BIG-IP® LTM Advanced Topics Student Guide - © 2009 F5 Networks, Inc.ninTriririronwringrvrnonk Preface P-5 " BIG-IP Application Security Manager (ASM) = BIG-IP WebAccelerator (WA) " BIG-IP Enterprise Manager (EM) = ARX and Data Manager = FirePass = WANJet BIG-IP - Traffic Management From basic local and wide area load balancing, to link traffic management, to applications that require special handling and augmented security, F5 has the solution to fit every business need, and every business budget. BIG-IP® Local Traffic Manager (LTM) ‘Network intelligence on a cost-effective, integrated SSL hardware platform for flexible, fast, secure IP-centric traffic management BIG-IP® LTM is a local area application traffic management solution. BIG-IP LTM provides the benefits of traffic management, traditionally reserved for Web-only applications, to all IP based applications and Web services. BIG-IP LTM ensures business continuity, security and performance by intercepting, inspecting, transforming, and directing application and Web services requests, based ‘on values found in the header or payload. BIG-IP LTM products also include SSL acceleration to offload this processing-intensive function from the application servers themselves, increasing application performance. BIG-IP® Global Traffic Manager (GTM previously 3-DNS°) Wide-area network high-availability, intelligent load balancing ‘The BIG-IP° GTM System provides wide-area traffic management and high availability of IP applications/services running across multiple data centers. With GTM, businesses can ensure optimal reliability and fast performance across all of their Internet sites, no matter where they are in the world, GTM adds intelligence to industry-standard DNS, and ensures that end users are sent to a site that is, available and provides the best response. Its unique intelligence can examine the health of data centers, the network, and the geography of users, then direct traffic based on customizable business rules. BIG-P® Link Controller (LC) High availability and intelligent routing for multi-homed networks As enterprises increase their use of the Internet to deliver their business-critical applications, ‘maintaining only one link to the public network represents a single point of failure and serious network vulnerability. The BIG-IP® Link Controller monitors availability and performance of ‘multiple WAN connections to intelligently manage traffic flows to and from a site providing fault tolerant, optimized Intemet access. BIG-IP® LTM Advanced Topics Student Guide - © 2009 F5 Networks, Inc.