Manual : BIG-IP Controller Administrator Guide, version 3.3

Applies To:

Show Versions Show Versions

BIG-IP versions 1.x - 4.x

  • 3.3.1 PTF-06, 3.3.1 PTF-05, 3.3.1 PTF-04, 3.3.1 PTF-03, 3.3.1 PTF-02, 3.3.1 PTF-01, 3.3.1, 3.3.0
Manual
Original Publication Date: 09/27/2007



Introduction

Getting started

Choosing a solution
Choosing a configuration tool

Using the Administrator Kit

Stylistic conventions
Finding additional help and technical support resources

What's new in version 3.3

BIG-IP e-Commerce Controller
BIG-IP Cache Load Balancer
Performance enhancements

Learning more about BIG-IP Controller product family

Basic Web Site and e-Commerce Configuraton

Basic web site and e-commerce configuration

A basic web site and e-commerce configuration

Setting up the topology

A Simple Intranet Configuration

A simple intranet configuration

Setting up the topology
Using additional features

Configuring an SSL Accelerator

Introducing the SSL Accelerator

Hardware acceleration options

Configuring the SSL Accelerator

Generating a key and obtaining a certificate
Installing certificates from the certification authority (CA)
Create an HTTP virtual server
Create an SSL gateway
Enabling, disabling, or deleting an SSL gateway
Displaying the configuration for an SSL gateway from the command line

Optional SSL Accelerator configuration

Create a last hop pool that includes additional network devices
Modify the SSL gateway so that it references the last hop pool

Introducing the SSL accelerator cell configuration

Configuration tasks
Configuring the BIG-IP Controller which load balances the SSL accelerator cells
Configuring an SSL accelerator for use in a cell
Setting the default route on each node in a cell

Introducing the SSL accelerator half sandwich configuration

Configuration tasks
Configuring the BIG-IP Controllers handling inbound traffic
Configuring each SSL accelerator
Configuring the BIG-IP Controller that load balances the content servers
Configuring the content servers

VPN Load Balancing

VPN load balancing

Configuring interfaces for VPN load balancing
Configuring virtual servers for VPN load balancing

VPN and router load balancing

Configuring interfaces for VPN load balancing
Configuring virtual servers for VPN and router load balancing

ISP Load Balancing

ISP load balancing

Configuring interfaces for the additional internet connection
Configuring virtual servers for an additional internet connection

One IP Network Topologies

One IP network topology with one interface

Configuring the interface in the single interface topology
Defining a pool for the servers
Virtual server configuration
Client SNAT configuration

One IP network topology with two interfaces

Configuring the interfaces in the single IP network with two interfaces topology
Routing issues
Defining a pool for the servers
Virtual server configuration
Client SNAT configuration

nPath Routing

nPath routing

Defining a virtual server with address translation disabled
Setting the route through the BIG-IP Controller
Setting the idle connection time-out

Balancing Traffic Inbound to Enterprise Servers

Introducing firewall load balancing for inbound traffic

Configuration tasks

Configuring routing to the internal network

Creating pools for firewalls and servers

Creating a pool for outside firewall interfaces
Creating a pool for servers
Creating a pool for inside firewall interfaces

Creating virtual servers for the firewall sandwich

Creating a wildcard virtual server to load balance the outside firewall interfaces
Creating a standard virtual server to load balance the enterprise servers
Designating the last hop pool

Configuring interfaces

Configuring administrative routing

Balancing Traffic Outbound to the Internet

Introducing firewall load balancing for outbound traffic

Configuration tasks

Verifying user network routing

Creating a pool for the firewalls

Creating a wildcard virtual server

Enhancing security

Configuring interfaces

Configuring network address translation on firewalls

Creating a route for return traffic

Balancing Two-Way Traffic With Destination Processing

Introducing two-way firewall load balancing with destination processing

Configuration tasks

Configuring routing to the internal network

Creating pools for firewalls and servers

Creating a pool for outside firewall interfaces
Creating a pool for inside firewall interfaces
Creating a pool for servers

Creating virtual servers for inbound traffic

Creating a network virtual server to load balance the firewalls
Creating a standard virtual server to load balance intranet servers
Designating a last hop pool for inbound traffic

Creating virtual servers for outbound traffic

Creating a wildcard virtual server for balancing traffic to the firewalls
Creating a forwarding wildcard virtual server to forward traffic to the Internet
Designating a last hop pool for outbound traffic

Configuring interfaces

Configuring administrative routing

Balancing Two-Way Traffic

Introducing firewall load balancing for two-way traffic

Configuration tasks

Configuring routing to the internal network

Creating pools for the firewalls

Creating a pool for outside firewall interfaces
Creating a pool for inside firewall interfaces

Creating virtual servers for inbound traffic

Creating a network virtual server
Creating a forwarding virtual server
Designating a last hop pool for inbound traffic

Creating virtual servers for outbound traffic

Creating a wildcard virtual server for balancing outbound traffic to the firewalls
Creating a forwarding wildcard virtual server to forward traffic to the Internet
Designating a last hop pool for outbound traffic

Configuring interfaces

Configuring administrative routing

Configuring Local Server Acceleration

Introducing local server acceleration

Maximizing memory or processing power
Using the configuration diagram

Configuration tasks

Creating pools

Creating a pool for the cache servers
Creating a pool for the origin server
Creating a pool for hot content

Creating a cache control rule

Cacheable content expression
Content demand status

Creating a virtual server

Configuring for intelligent cache population

Configuring a SNAT
Configuring interfaces

Configuring Remote Server Acceleration

Introducing remote server acceleration

Maximizing memory or processing power
Using the configuration diagram

Configuration tasks

Creating pools

Creating a pool for the cache servers
Creating a pool for the origin server
Creating a pool for hot content

Creating a cache control rule

Cacheable content expression
Content demand status

Creating a virtual server

Configuring for intelligent cache population

Configuring a SNAT
Configuring interfaces
Marking the origin server node as remote

Configuring Forward Proxy Caching

Introducing forward proxy caching

Maximizing memory or processing power
Using the configuration diagram

Configuration tasks

Creating pools

Creating a pool for the cache servers
Creating a pool for the origin server
Creating a pool for hot content

Creating a cache control rule

Cacheable content expression
Content demand status

Creating a virtual server

SNAT and Virtual Servers Combined

SNAT and virtual servers combined

Setting up 802.1q VLAN Trunk Mode

Setting up 802.1q VLAN trunk mode

Adding VLAN tag definitions to /etc/netstart
Adding VLAN tag definitions to BIG/db
Configuring multiple VLANs on one interface
To enable or disable VLAN tags on the command line
Using ifconfig to add another VLAN
Using netstat to view VLAN tags
Disabling and enabling VLAN tags using the Configuration utility

Essential Configuration Tasks

Determing which configuration tasks to do

Basic configuration tasks
Optional configuration tasks

Configuring a pool

Configuring virtual servers

Using standard or wildcard virtual servers
Using additional features with virtual servers
Defining standard virtual servers
Defining wildcard virtual servers

Allowing access to ports and services

Configuring the timer settings

Setting the node ping timer
Setting the timer for reaping idle connections
Setting the service check timer
Service checking for wildcard servers and ports

Changing the global load balancing mode

Using Ratio mode

Configuring NATs and IP forwarding for nodes

Defining a standard network address translation (NAT)
Defining a secure network address translation (SNAT)
Setting up IP forwarding

Configuring Extended Content Verification service checking

ECV service check properties
Writing send and receive strings for ECV service checks
Setting up ECV service check using the Configuration utility
Manually configuring and testing the /etc/bigd.conf file

Configuring persistence for e-commerce and other dynamic content sites

Setting up SSL persistence
Setting up simple persistence

Configuring and synchronizing redundant systems

Preparing to use the synchronization command
Synchronizing configurations between controllers
Configuring fail-safe settings

Monitoring and Administration

Monitoring and administration utilities provided on the BIG-IP Controller

Using the bigpipe command utility as a monitoring tool

Monitoring the BIG-IP Controller
Monitoring virtual servers, virtual addresses, and services
Monitoring nodes and node addresses
Monitoring NATs
Monitoring SNATs

Working with the BIG/stat utility

Working with the BIG/top utility

Working with the Syslog utility

Removing and returning items to service

Removing the BIG-IP Controller from service
Removing individual virtual servers, virtual addresses, and ports from service
Removing individual nodes and node addresses from service
Viewing the currently defined virtual servers and nodes

Viewing system statistics and log files

Viewing system statistics
Viewing log files

Printing the connection table

Changing passwords for the BIG-IP Controller

Changing passwords and adding new user IDs for the BIG-IP web server

Working with the BIG/db database

Using bigdba

Configuring SNMP

Working with SNMP on the BIG-IP Controller

Configuring SNMP on the BIG-IP Controller

Downloading the MIBs

Understanding configuration file requirements

/etc/hosts.deny
/etc/hosts.allow
/etc/snmpd.conf
/etc/rc.local
/etc/snmptrap.conf
Syslog

Glossary