Manual :
BIG-IP Controller Administrator Guide, version 3.2
Applies To:
Show Versions
BIG-IP versions 1.x - 4.x
- 3.2 PTF-01, 3.2.3 PTF-01, 3.2.3, 3.2.0
Original Publication Date: 09/27/2007
Introduction to the BIG-IP Controller
Administrator Guide
Welcome to the BIG-IP Controller Administrator Guide
BIG-IP Controller specifications
- Internet protocol and network management support
- Security features
- Configuration scalability
- Configuration and monitoring tools
- Load balancing options
- IP packet filtering, rate classes, and rate filters
- Configurable persistence for e-commerce and dynamic
content sites - BIG-IP Controller platform options
Finding help and technical support resources
What's new in version 3.2
- Firewall Load Balancer (FLB)
- RADIUS server support
- Improved fastest load balancing
- Revised behavior of forwarding virtual servers
and default SNAT - LB and LB+ support SSH
- Added SSH 2.0
Working with Special Features
Introducing special features
Using specialized load balancing modes
Controlling network access and traffic flow with filters
Working with more than two interface cards
- Configuring additional interfaces with the First-Time
Boot utility - Specifying an interface for a virtual address
- Specifying an interface for a NAT address
- Specifying an interface for a SNAT address
- Routing with multiple NICs
Optimizing large configurations
- Reducing ARP traffic on the external network
- Reducing the number of node pings and service checks
issued by the BIG-IP Controller
Using the versatile interface configuration options
Using advanced virtual server options
- Using per-connection routing
- Configuring forwarding virtual servers
- Configuring transparent virtual servers
- Using virtual server port translation
- Resetting connections on service down
Configuring RADIUS authentication
- RADIUS ports on the BIG-IP Controller
- Configuring sshd version 1.3.7
- Configuring sshd version 2.0.12.1
Working with Intelligent Traffic Control
Introducing Intelligent Traffic Control (ITC)
More flexible load balancing using pools and members
Selecting a load balancing pool using a rule
- Pool selection based on HTTP request data
- Pool selection based on IP packet header information
- Statements
- Questions (expressions)
- HTTP request string variables
Configuring rules
Configuring virtual servers that reference rules
Comparing load balancing configurations
Configuring an SSL Accelerator
Introducing the SSL Accelerator
Hardware acceleration options
Configuring the SSL Accelerator
- Generating a key and obtaining a certificate
- Installing certificates from the certification
authority (CA) - Create an HTTP virtual server
- Create an SSL gateway
- Enabling, disabling, or deleting an SSL gateway
- Displaying the configuration for an SSL gateway
from the command line
Optional SSL Accelerator configuration
- Create a last hop pool that includes additional
network devices - Modify the SSL gateway so that it references
the last hop pool
Working with Advanced Service Check Options
Introducing advanced service check options
Setting up ECV service checks for transparent nodes
- Configuring ECV for transparent nodes
- Setting up ECV through transparent nodes
with the Configuration utility
Introducing EAV service checks
Setting up custom EAV service checks
- Verifying external service checker requirements
- Installing the external service checker on
the BIG-IP Controller - Allowing EAV service checks
- Command line arguments for EAV service checks
Using the EAV pingers bundled with the BIG-IP Controller
- EAV service check for FTP
- EAV service check for POP3
- EAV service check for SMTP
- EAV service check for NNTP
- EAV service check for SQL-based services
- Troubleshooting SQL-based service checks
- Creating a test account for Microsoft SQL Server
Working with Advanced Persistence Options
Introducing advanced persistence options
Using HTTP cookie persistence
Using destination address affinity (sticky persistence)
Using a simple timeout and a persist mask on a pool
Maintaining persistence across virtual servers
that use the same virtual addresses
Maintaining persistence across all virtual servers
Backward compatible persistence for node list virtual servers
Working with Advanced Redundant System
Features
Introducing advanced redundant system options
Mirroring connection and persistence information
Using gateway fail-safe
Using network-based fail-over
Setting a specific BIG-IP Controller to be
the preferred active unit
Setting up active-active redundant controllers
- Configuring an active-active system
- Active-active system fail-over
- Additional active-active BIG/db configuration
parameters - New active-active bigpipe commands
- Running mixed versions of BIG-IP Controller software
in active-active mode - Returning an active-active installation
to active/standby mode
Using Firewall Load Balancing
Introducing firewall load balancing
Balancing outbound traffic
- Configuration elements
- Task summary
- Configuring interfaces
- Verifying routing
- Creating a pool for the firewalls
- Creating a wildcard virtual server
- Configuring address translation on your firewalls
Balancing traffic to enterprise servers using
a firewall sandwich
- Configuration elements
- Task summary
- Configuring BIG-IP interfaces for source
and destination processing - Creating pools for firewalls and servers
- Creating virtual servers for the firewall sandwich
Balancing two-way traffic using a firewall sandwich
- Configuration elements
- Task summary
- Configuring for inbound traffic
- Configuring for outbound traffic
Setting up ECV service checks for firewalls
Using Advanced Network Configurations
Introducing advanced network configurations
nPath routing
- Defining a virtual server with address translation disabled
- Setting the route through the BIG-IP Controller
- Setting the idle connection time-out
Per-connection routing
ISP load balancing
- Configuring interfaces for the additional
internet connection - Configuring virtual servers for an additional
internet connection
VPN load balancing
VPN and router load balancing
- Configuring interfaces for VPN load balancing
- Configuring virtual servers for VPN and router
load balancing
SNAT and virtual servers combined
One IP network topology with one interface
One IP network topology with two interfaces
Setting up 802.1q VLAN trunk mode
- Adding VLAN tag definitions to /etc/netstart
- Adding VLAN tag definitions to BIG/db
- Configuring multiple VLANs on one interface
- To enable or disable VLAN tags on the command line
- Using ifconfig to add another VLAN
- Using netstat to view VLAN tags
- Disabling and enabling VLAN tags using
the Configuration utility
Monitoring and Administration
Monitoring and administration utilities provided
on the BIG-IP Controller
Using the BIG/pipe command utility as a monitoring tool
- Monitoring the BIG-IP Controller
- Monitoring virtual servers, virtual
addresses, and services - Monitoring nodes and node addresses
- Monitoring NATs
- Monitoring SNATs
Working with the BIG/stat utility
Working with the BIG/top utility
Working with the Syslog utility
Removing and returning items to service
- Removing the BIG-IP Controller from service
- Removing individual virtual servers, virtual addresses,
and ports from service - Removing individual nodes and node addresses
from service - Viewing the currently defined virtual servers and nodes
Viewing system statistics and log files
Printing the connection table
Changing passwords for the BIG-IP Controller
- Changing the BIG-IP Controller password
- Changing passwords and adding new user IDs
for the BIG-IP web server
Working with the BIG/db database
Configuring SNMP
Working with SNMP on the BIG-IP Controller
Configuring SNMP on the BIG-IP Controller
- Downloading the MIBs
- Understanding configuration file requirements
- Configuring options for the checktrap script
