Manual : BIG-IP Reference Guide, version 4.5.10

Applies To:

Show Versions Show Versions

BIG-IP versions 1.x - 4.x

  • 4.5.14, 4.5.13, 4.5.12, 4.5.11, 4.5.10
Manual
Original Publication Date: 02/23/2010

Table of Contents


Legal Notices

Introduction

Getting started

Choosing a configuration tool

Using the Administrator Kit

Stylistic conventions

Finding additional help and technical support resources

Learning more about the BIG-IP product family

BIG-IP System Overview

Introducing the BIG-IP system

What is a BIG-IP system?

Configuration

Hardware configuration

Base network configuration

High-level network configuration

Global settings and filters

Monitoring and administration

The BIG-IP system user interface

The Configuration utility

The bigpipe command line interface

The bigip.conf file

Using the Setup Utility

Creating the initial software configuration with the Setup utility

Connecting to the BIG-IP system for the first time

Running the utility from the console or serial terminal

Running the Setup utility remotely

Using the Setup utility for the first time

Keyboard type

Product selection

Root password

Host name

Redundant system settings

Setting the interface media type

Configuring VLANs and IP addresses

Configuring a default gateway pool

Configuring remote web server access

Configuring remote administrative access

Setting support access

Setting the time zone

Configuring NTP support

Configuring the DNS proxy forwarding settings

Activating one-time auto-discovery

Configuring user authentication

Configuring NameSurfer for zone file management

Running the Setup utility after creating the initial software configuration

Options available only through the Setup utility menu

Post-Setup Tasks

Introducing post-setup tasks

Interfaces

Interface naming conventions

Displaying status and settings for interfaces

Media type and duplex mode

VLANs

Default VLAN configuration

Creating, renaming, and deleting VLANs

Configuring packet access to VLANs

Managing the Layer 2 forwarding table

Configuring VLAN groups

Setting up security for VLANs

Setting fail-safe timeouts for VLANs

Setting the MAC masquerade address

Configuring VLAN mirroring

Self IP addresses

Enabling or disabling SNAT automap

Defining additional host names

Managing the SSH Console

Using the MindTerm SSH Console

Downloading an SSH client to your administrative workstation

Addressing general networking issues

Addressing routing issues

Configuring DNS on the BIG-IP system

Configuring email

Using a serial terminal with the BIG-IP system

Configuring a serial terminal in addition to the console

Configuring a serial terminal as the console

Forcing a serial terminal to be the console

Trunks

Spanning Tree Protocol (STP)

Creating and deleting STP domains

Setting time intervals for an STP domain

Adding or deleting interfaces in an STP domain

Disabling and re-enabling an STP domain

Disabling and re-enabling interfaces in an STP domain

Restarting stpd

Port Mirroring

Setting up a port mirror

Deleting interfaces from a port mirror or deleting a port mirror

Pools

Introducing pools

Required pool attributes

Optional pool attributes

Managing pools

Creating a pool

Modifying a pool

Deleting a pool

Displaying a pool

Load balancing methods

Setting the load balancing method for a pool

Configuring Dynamic Ratio load balancing

Setting persistence

Persistence types

Persistence options

Redirecting HTTP requests

Using IP addresses and fully qualified domain names

Using format strings (expansion characters)

Rewriting HTTP redirection

Inserting and erasing HTTP headers

Inserting headers into HTTP requests

Erasing header content from HTTP requests

Configuring the Quality of Service (QoS) level

Configuring the Type of Service (ToS) level

Disabling SNAT and NAT connections

Enabling a forwarding pool

Configuring a clone pool

iRules

Introducing iRules

What is a rule?

A rule example

Creating rules

Understanding rules syntax

Rule statements

Expressions

Using rules to select pools

Selecting pools based on header or content data

Selecting pools based on IP packet header data

Using the one of class identifier

Selecting pools based on HTTP header data

Using rules to redirect HTTP requests

Configuring class lists

Class types

Storage options

Additional rule examples

Cookie rule

Language rule

AOL rule

Cache rule

Rule using the ip_protocol variable

Rule using IP address and port variables

Rule using the one of class identifier

Rule based on HTTP header insertion

Virtual Servers

Introducing virtual servers

Virtual server types

Standard virtual servers

Wildcard virtual servers

Network virtual servers

Forwarding virtual servers

Virtual server options

Displaying information about virtual addresses

Enabling or disabling a virtual server

Enabling or disabling a virtual address

Setting a user-defined netmask and broadcast

Setting translation properties for virtual addresses and ports

Resetting connections when a service is down

Setting dynamic connection rebinding

Disabling ARP requests

Disabling software acceleration for virtual servers using IPFW rate filters

Setting a connection limit

Mirroring virtual server state

Setting up last hop pools for virtual servers

Referencing BIG-IP system resources

Load balancing traffic for any IP protocol

Deleting a virtual server

Resetting statistics for a virtual server

Configuring SYN Check activation

SSL Accelerator Proxies

What is an SSL Accelerator proxy?

Summary of features

Basic configurations

Creating an SSL Accelerator proxy

Creating a client-side-only SSL proxy

Creating a client-side proxy with SSL-to-Server enabled

Displaying SSL Accelerator proxy information

Disabling or deleting an SSL Accelerator proxy

Authentication

Certificate verification

Certificate revocation

Using the Key Management System

Encryption and decryption

Specifying SSL ciphers

Inserting cipher specifications into HTTP requests

Authorization

Inserting client certificate fields into HTTP requests

Limiting concurrent TCP connections

Configuring LDAP-based client authorization

Network traffic control

Inserting headers into HTTP requests

Rewriting HTTP redirection

Adding a last hop pool to an SSL proxy

Disabling ARP resquests

Configuring SSL proxy failover

Other SSL protocol options

Configuring invalid protocol versions

Configuring SSL session cache

Configuring SSL shutdowns

Nodes

Introducing nodes

Configuration options

Enabling and disabling nodes and node addresses

Marking nodes and node ports as up or down

Setting connection limits for nodes

Associating monitors with nodes

Displaying node status

Resetting node statistics

Adding nodes to pools

Services

Introducing services

Configuration options

Allowing access to services

Setting connection limits on services

Enabling and disabling TCP and UDP for services

Setting the idle connection timeout

Displaying service settings

Address Translation: SNATs, NATs, and IP Forwarding

Introducing address translation

SNATs

Setting SNAT global properties

Configuring a SNAT manually

Configuring SNAT automapping

ISPs and NAT-less firewalls

Disabling SNATs for a pool

Disabling ARP requests

Configuring a cache server

Additional SNAT configuration options

NATs

Defining a network address translation (NAT)

Disabling NATs for a pool

Disabling ARP requests

Additional restrictions

IP forwarding

Enabling IP forwarding globally

Addressing routing issues for IP forwarding

Configuring the forwarding attribute for a pool

Enabling IP forwarding for a virtual server

Advanced Routing Modules

Introducing dynamic routing

Enabling ZebOS advanced routing modules

Configuring ZebOS advanced routing modules

Configuring ZebOS for active/standby configurations

bigdb keys for dynamic routing protocols

Monitors

Introducing monitors

Summary of monitor types

Using monitors with Link Controller

Summary of monitor attributes

Working with monitor templates

Choosing a monitor

Simple monitors

Extended Content Verification (ECV) monitors

External Application Verification (EAV) monitors

Configuring a monitor

Configuration procedures

Changing attribute values

Associating monitors with nodes

Specifying wildcards

Using logical grouping

Configuration procedures

Showing, disabling, and deleting monitors

Filters

Introducing filters

Configuring IP filters

Configuring rate filters and rate classes

Configuring a Redundant System

Introducing redundant systems

Synchronizing configurations between units

Configuring fail-safe settings

Mirroring connection information

Commands for mirroring

Mirroring virtual server state

Mirroring SNAT connections

Using gateway fail-safe

Adding a gateway fail-safe check

Using network-based fail-over

Setting a specific BIG-IP system to be the preferred active unit

Setting up active-active redundant BIG-IP units

Configuring an active-active system

Understanding active-active system fail-over

Introducing additional active-active bigdb keys

Reviewing specific active-active bigpipe commands

Returning an active-active installation to active/standby mode

Inbound Load Balancing

Working with load balancing modes for inbound traffic

Understanding inbound load balancing on the Link Controller

Using static load balancing modes

Using dynamic load balancing modes

Configuring inbound load balancing

Understanding wide IPs

Understanding wide IP pools

Defining a wide IP

Using wildcard characters in wide IP names

Modifying a wide IP

Modifying the basic wide IP settings

Modifying the load balancing properties

Internet Link Evaluator

Overview of the Internet Link Evaluator

Working with the Average Round Trip Time table

Working with the Average Completion Rate table

Working with the Average Router Hops table

Interpreting the Internet Link Evaluator data

Working with Link Configuration

Overview of link configuration

Defining the basic properties for a link

Working with the advanced properties for a link

Viewing link statistics and metrics

Administering the BIG-IP System

Monitoring and administration utilities

Using the bigpipe utility as a monitoring tool

Monitoring the BIG-IP system

Printing the connection table

Monitoring virtual servers, virtual addresses, and services

Monitoring nodes and node addresses

Monitoring NATs

Monitoring SNATs

Viewing the status of the interface cards

Customizing the Configuration utility user interface

Working with the bigtop utility

Using bigtop command options

Using runtime commands in bigtop

Working with the Syslog utility

Sample log messages

Powering down the BIG-IP system

Removing and returning items to service

Removing the BIG-IP system from service

Removing individual virtual servers, virtual addresses, and ports from service

Removing individual nodes and node addresses from service

Viewing the currently defined virtual servers and nodes

Viewing system statistics and log files

Viewing system statistics

Viewing log files

Managing user accounts

Understanding user roles

Creating and authorizing local user accounts

Creating and authorizing remote user accounts

Managing passwords for local user accounts

Managing system accounts

Working with the bigdb database

Using the bigpipe db command

Configuring SNMP

Introducing SNMP administration

Downloading the MIBs

Configuring SNMP using the Configuration utility

Setting up client access

Configuring system information

Configuring traps

SNMP configuration files

/etc/hosts.deny

/etc/hosts.allow

The /etc/snmpd.conf file

/etc/snmptrap.conf

Syslog

Configuring snmpd to send responses out of different ports or addresses

bigpipe Command Reference

Options

Options

Options

Saving configuration files to an archive

Installing an archived configuration file

Synchronizing configuration files

Options

Displaying all current connections

Using verbose mode

Displaying connections for a specific client

Displaying standby connections

Deleting connections

Options

Options

Changing failover state

Displaying failover state

Initializing failover state

Restoring an active-active configuration after failure

Options

Displaying interface information

Setting the media type

Setting the duplex mode

Resetting statistics

Enabling or disabling an interface

-n

Options

Customizing the load and base load commands

Options

Options

Displaying port mirroring

Creating a port mirror

Deleting interfaces from a port mirror

Deleting a port mirror

Options

Creating a monitor

Modifying a monitor

Creating a monitor instance

Modifying a monitor instance

Deleting a monitor

Deleting a monitor instance

Displaying monitor templates

Displaying monitor instances

Monitor templates

Options

Defining a NAT

Deleting a NAT

Additional Restrictions

Options

Displaying nodes

Modifying nodes

Options

Displaying a pool

Creating a pool

Modifying a pool

Deleting a pool

Specifying HTTP redirection

Options

Options

Creating a proxy server

Deleting a proxy server

Options

Displaying ratio settings

Modifying ratio settings

Options

Viewing responder definition parameters

Rule statements

Cache statement attributes

Functions

Variable operands

Binary Operators

Creating a rule

Associating a rule with virtual server

Deleting a rule

Displaying a rule

Options

Creating self IP addresses

Options

Options

Defining a SNAT

Deleting SNAT

Options

Options

Options

Options

Defining a virtual server using pools and rules

Defining a virtual server with a wildcard port

Deleting a virtual server

Options

Options

bigdb Configuration Keys

Supported bigdb keys

Using the bigpipe db command

Fail-over and cluster keys

StateMirror keys

Using Gateway Pinger keys

bigd keys

Other keys

Configuration Files

Glossary