F5 201 Exam Preparation

F5 BIG-IP Basics
TMOS
Traffic Management Operating System (TMOS)

TMOS®: Traffic Management BIG-IP:

Administration

iApps
LTM DNS ASM APM SWG AFM
GUI
iRules
TMSH
Full Proxy
High Performance
Hardware
SSL Compression CLI
Management Access
Management Interface 192.168.1.30

• Default IP 192.168.1.245/24 for BIG-IP Hardware 10.10.1.30

• Default IP 192.168.1.246/24 for VIPRION 10.10.0.0/16

Mgmt Network
• DCHP Client for Virtual Edition 192.168.1.0/24 VLAN External
Self IP Address - 10.10.1.31/16
• Accessible via HTTPS and SSH 1.1 Floating IP – 10.10.1.33/16

• Default HTTPS credentials – admin/admin 192.168.1.31

• Default SSH credentials – root/default 1.2 VLAN Internal

Filtering Options
Self IP Address - 172.16.1.31/16
• Floating IP – 172.16.1.33/16

Port Lock Down

• Allows Client to Access BIG-IP Management thru Data ports (External and Internal)
• External VLAN by default is set to none
• Filtering Options
BIG-IP GUI
Access Options Top / Header
• HTTPS to Management IP or Self IP • System Settings
• can be restricted using Port Lockdown, user or packet filter • User and Partitions
• Accessible by admin user by default • Device and HA Status
• Log Out
Left Pane / Side Bar
• Modules, Submodules, Components
• Some Modules only be available when activated
• Tabs – Main, Help and About

Main Pane / Central Pane

• Create and Edit Configuration
• Enable Features and Modules
• Monitoring Results
• Tabs are available to jump to other components
Statistics
Statistics
• Module Statistics ► Local Traffic
Statistics
Statistics
• Module Statistics ► Network
Network Module
View and Configure Network Settings
• VLANs
10.10.1.30 • Self-IP
10.10.0.0/16
• Tagged / Untagged
VLAN External
Self IP Address - 10.10.1.31/16
• Interfaces
Routes
1.1 Floating IP – 10.10.1.33/16
VL 4093 •
• Trunks
Tunnels (GRE and VXLAN)
1.2
VL 4094 VLAN Internal •
Self IP Address - 172.16.1.31/16
Floating IP – 172.16.1.33/16 • IPsec
• And Many More

172.16.20.1 172.16.20.2 172.16.20.3

System Module
View and Configure System Settings
• Device Summary
• Software Management
• License
• Platform
• SNMP
• Archive / UCS
• Logging
• User
• Partitions
• And Many More
Other Modules and Options
Application Delivery Module
• Acceleration – Web Caching and Optimization
• DNS – BIG IP DNS (formerly known as GTM)
• Security – ASM, AFM
• Policy Manager – APM

Others
• iApps – Automate creation of Traffic/Application Objects
• SSL Orchestrator – Optimize and provides visibility of SSL/TLS traffic
• Device Management – High Availability and Clustering
• Application Visibility and Reporting (AVR) – web app, system performance insight
Resource Provisioning
Resource Provisioning
• You can manage the provisioning of licensed modules on the BIG-IP® system along with system memory, disk space,
and CPU usage

Four Available Resources Allocation Settings for Modules:

• None/Disabled - Specifies that a module is not provisioned. A module that is not provisioned does not run.
• Dedicated - Specifies that the system allocates all CPU, memory, and disk resources to one module. When you select
this option, the system sets all other modules to None (Disabled).
• Nominal - Specifies that, when first enabled, a module gets the least amount of resources required. Then, after all
modules are enabled, the module gets additional resources from the portion of remaining resources.
• Minimum - Specifies that when the module is enabled, it gets the least amount of resources required. No additional
resources are ever allocated to the module.
System Services
Netstat
• command can provide plenty of information on the services running on a system.
• netstat -tulpn | grep LISTEN
provide the name of the service on the system
information will contain which services are listening on what ports
System Services
Common Services running BIG-IP

Allowed Protocol Service Definition

IGMP Not applicable Not applicable
OSPF Not applicable Not applicable
PIM Not applicable Not applicable
TCP 4353 iQuery
UDP 4353 iQuery
TCP 443 HTTPS
TCP 161 SNMP
UDP 161 SNMP
TCP 22 SSH
TCP 53 DNS
UDP 53 DNS
UDP 520 RIP
UDP 1026 Network failover
BIG-IP CLI
Command Line Interface
• Advanced Shell / Linux BASH
• TMOS Shell (TMSH)

Access Options
• Console
• SSH to Management IP or Self IP
• can be restricted using Port Lockdown, user or packet filter
• Accessible by root user by default and not by admin user
Advanced Shell
Advanced Shell
• Linux Based
• Where Logging Messages are stored
• Where configuration files and user database are stored

BIG-IP Stored Configuration Files

• /config/bigip.conf - Virtual Servers, Pools, SNATs, Monitors, Profiles etc
• /config/bigip_base.conf - VLANs, Interfaces, Self IPs, Device Groups etc
• /config/BigDB.dat - System settings, Hostname, HA settings etc
• /config/bigip_user,conf – User account configuratin
• /config/profile_base.conf – system-defined profile object
TMSH
TMSH (TMOS Shell) Hierarchical Structure
• Root ► modules ► sub-modules or components
• Modules – net, sys, ltm
• Sub-modules – monitor, profile

TMSH common commands

• show
• list
• create
• modify
• delete
• save
• exit
• quit
QKview
QKview for iHealth
• program use to automatically collect configuration and diagnostic information from BIG-IP or BIG-IQ
• Executable program generating machine readable (XML) diagnostic data in TAR format file.
• Upload to F5 iHealth to Fix Issues Quickly, Gain Insight, and run Diagnosis

Steps
• Generate QKview and download via GUI
• Or run qkview from Advance Shell
• Connect to ihealth.f5.com and upload qkview file
• View diagnostic tool
QKview
New in v13
• Upload a qkview to iHealth directly from the BIG-IP
• Requires f5 user credentials