Manual : BIG-IP Controller Administrator Guide, version 3.2

Applies To:

Show Versions Show Versions

BIG-IP versions 1.x - 4.x

  • 3.2 PTF-01, 3.2.3 PTF-01, 3.2.3, 3.2.0
Original Publication Date: 09/27/2007

Introduction to the BIG-IP Controller
Administrator Guide

Welcome to the BIG-IP Controller Administrator Guide

BIG-IP Controller specifications

Internet protocol and network management support
Security features
Configuration scalability
Configuration and monitoring tools
Load balancing options
IP packet filtering, rate classes, and rate filters
Configurable persistence for e-commerce and dynamic
content sites
BIG-IP Controller platform options

Finding help and technical support resources

What's new in version 3.2

Firewall Load Balancer (FLB)
RADIUS server support
Improved fastest load balancing
Revised behavior of forwarding virtual servers
and default SNAT
LB and LB+ support SSH
Added SSH 2.0

Working with Special Features

Introducing special features

Using specialized load balancing modes

Understanding individual load balancing modes
Setting the global load balancing mode

Controlling network access and traffic flow with filters

IP filters
Rate filters and rate classes

Working with more than two interface cards

Configuring additional interfaces with the First-Time
Boot utility
Specifying an interface for a virtual address
Specifying an interface for a NAT address
Specifying an interface for a SNAT address
Routing with multiple NICs

Optimizing large configurations

Reducing ARP traffic on the external network
Reducing the number of node pings and service checks
issued by the BIG-IP Controller

Using the versatile interface configuration options

Destination route and translation processing
Source translation processing
Interface security

Using advanced virtual server options

Using per-connection routing
Configuring forwarding virtual servers
Configuring transparent virtual servers
Using virtual server port translation
Resetting connections on service down

Configuring RADIUS authentication

RADIUS ports on the BIG-IP Controller
Configuring sshd version 1.3.7
Configuring sshd version

Working with Intelligent Traffic Control

Introducing Intelligent Traffic Control (ITC)

More flexible load balancing using pools and members

Load balancing members
Defining pools

Selecting a load balancing pool using a rule

Pool selection based on HTTP request data
Pool selection based on IP packet header information
Questions (expressions)
HTTP request string variables

Configuring rules

Configuring virtual servers that reference rules

Additional rule examples

Comparing load balancing configurations

Configuring an SSL Accelerator

Introducing the SSL Accelerator

Hardware acceleration options

Configuring the SSL Accelerator

Generating a key and obtaining a certificate
Installing certificates from the certification
authority (CA)
Create an HTTP virtual server
Create an SSL gateway
Enabling, disabling, or deleting an SSL gateway
Displaying the configuration for an SSL gateway
from the command line

Optional SSL Accelerator configuration

Create a last hop pool that includes additional
network devices
Modify the SSL gateway so that it references
the last hop pool

Working with Advanced Service Check Options

Introducing advanced service check options

Setting up ECV service checks for transparent nodes

Configuring ECV for transparent nodes
Setting up ECV through transparent nodes
with the Configuration utility

Introducing EAV service checks

Setting up custom EAV service checks

Verifying external service checker requirements
Installing the external service checker on
the BIG-IP Controller
Allowing EAV service checks
Command line arguments for EAV service checks

Using the EAV pingers bundled with the BIG-IP Controller

EAV service check for FTP
EAV service check for POP3
EAV service check for SMTP
EAV service check for NNTP
EAV service check for SQL-based services
Troubleshooting SQL-based service checks
Creating a test account for Microsoft SQL Server

Working with Advanced Persistence Options

Introducing advanced persistence options

Using HTTP cookie persistence

Insert mode
Rewrite mode
Passive mode
Hash mode

Using destination address affinity (sticky persistence)

Using a simple timeout and a persist mask on a pool

Maintaining persistence across virtual servers
that use the same virtual addresses

Maintaining persistence across all virtual servers

Backward compatible persistence for node list virtual servers

Working with Advanced Redundant System

Introducing advanced redundant system options

Mirroring connection and persistence information

Commands for mirroring
Mirroring virtual server state
Mirroring SNAT connections

Using gateway fail-safe

Adding a gateway fail-safe check
Enabling gateway fail-safe
Gateway fail-safe messages

Using network-based fail-over

Setting a specific BIG-IP Controller to be
the preferred active unit

Setting up active-active redundant controllers

Configuring an active-active system
Active-active system fail-over
Additional active-active BIG/db configuration
New active-active bigpipe commands
Running mixed versions of BIG-IP Controller software
in active-active mode
Returning an active-active installation
to active/standby mode

Using Firewall Load Balancing

Introducing firewall load balancing

Balancing outbound traffic

Configuration elements
Task summary
Configuring interfaces
Verifying routing
Creating a pool for the firewalls
Creating a wildcard virtual server
Configuring address translation on your firewalls

Balancing traffic to enterprise servers using
a firewall sandwich

Configuration elements
Task summary
Configuring BIG-IP interfaces for source
and destination processing
Creating pools for firewalls and servers
Creating virtual servers for the firewall sandwich

Balancing two-way traffic using a firewall sandwich

Configuration elements
Task summary
Configuring for inbound traffic
Configuring for outbound traffic

Setting up ECV service checks for firewalls

Using Advanced Network Configurations

Introducing advanced network configurations

nPath routing

Defining a virtual server with address translation disabled
Setting the route through the BIG-IP Controller
Setting the idle connection time-out

Per-connection routing

ISP load balancing

Configuring interfaces for the additional
internet connection
Configuring virtual servers for an additional
internet connection

VPN load balancing

Configuring interfaces for VPN load balancing
Configuring virtual servers for VPN load balancing

VPN and router load balancing

Configuring interfaces for VPN load balancing
Configuring virtual servers for VPN and router
load balancing

SNAT and virtual servers combined

One IP network topology with one interface

One IP network topology with two interfaces

Setting up 802.1q VLAN trunk mode

Adding VLAN tag definitions to /etc/netstart
Adding VLAN tag definitions to BIG/db
Configuring multiple VLANs on one interface
To enable or disable VLAN tags on the command line
Using ifconfig to add another VLAN
Using netstat to view VLAN tags
Disabling and enabling VLAN tags using
the Configuration utility

Monitoring and Administration

Monitoring and administration utilities provided
on the BIG-IP Controller

Using the BIG/pipe command utility as a monitoring tool

Monitoring the BIG-IP Controller
Monitoring virtual servers, virtual
addresses, and services
Monitoring nodes and node addresses
Monitoring NATs
Monitoring SNATs

Working with the BIG/stat utility

Working with the BIG/top utility

Working with the Syslog utility

Removing and returning items to service

Removing the BIG-IP Controller from service
Removing individual virtual servers, virtual addresses,
and ports from service
Removing individual nodes and node addresses
from service
Viewing the currently defined virtual servers and nodes

Viewing system statistics and log files

Viewing system statistics
Viewing log files

Printing the connection table

Changing passwords for the BIG-IP Controller

Changing the BIG-IP Controller password
Changing passwords and adding new user IDs
for the BIG-IP web server

Working with the BIG/db database

Using bigdba

Configuring SNMP

Working with SNMP on the BIG-IP Controller

Configuring SNMP on the BIG-IP Controller

Downloading the MIBs
Understanding configuration file requirements
Configuring options for the checktrap script