Applies To:
Show VersionsBIG-IP versions 1.x - 4.x
- 4.5.14, 4.5.13, 4.5.12, 4.5.11, 4.5.10
1
BIG-IP System Overview
- Introducing the BIG-IP system
- What is a BIG-IP system?
- Configuration
- Monitoring and administration
- The BIG-IP system user interface
Introducing the BIG-IP system
This chapter provides a brief overview of the BIG-IP system, and the configuration and monitoring tasks associated with it as an introduction to the chapters that follow. (For an overview of BIG-IP system functionality with sample solutions, see Chapter 1 of the BIG-IP Solutions Guide.)
This chapter is organized as follows:
- What is a BIG-IP system?
- Configuring the BIG-IP system
- Monitoring the BIG-IP system
- The BIG-IP system user interface
What is a BIG-IP system?
The BIG-IP system is an Internet device used to implement a wide variety of load balancing and other network traffic solutions, including intelligent cache content determination and SSL acceleration.
Figure 1.1 shows the most basic kind of BIG-IP system configuration. In it, the unit sits between a router and an array of content servers, and load balances inbound Internet traffic across those servers. (For an introduction to more complex solutions, including load balancing of outbound traffic across firewalls and routers, see the BIG-IP Solutions Guide, Chapter 1, Overview .)
Figure 1.1 A basic configuration
Insertion of the BIG-IP system, with its minimum of two interfaces, divides the network into an external VLAN and an internal VLAN. (Both VLANs can be on a single IP network, so that inserting the BIG-IP system does not require you to change the IP addressing of the network.) The nodes on the external VLAN are routable. The nodes on the internal VLAN, however, are hidden behind the BIG-IP system. What appears in their place is a user-defined virtual server. It is this virtual server that receives requests and distributes them among the physical servers, which are now members of a load-balancing pool.
The key to load balancing through a virtual server is address translation, and setting the BIG-IP system address as the default route. By default, the virtual server translates the destination address of the incoming packet to that of the destination network device, making it the source address of the reply packet. The reply packet returns to the BIG-IP system as the default route, and the BIG-IP system translates its source address back to that of the virtual server. (For outbound traffic, address translation can be modified or disabled to give internal nodes visibility to the Internet.)
As you could to the physical network itself, you can add software entities like virtual servers and load balancing pools to the BIG-IP system, along with any properties associated with them (like load balancing methods for pools). Adding hardware and software components to the BIG-IP system is referred to collectively as configuration.
Configuration
Configuration is setting up the BIG-IP system to perform load balancing and other functions on an ongoing basis. You configure the BIG-IP system when it is first installed, and later as required by changing needs or changes in the network itself. For convenience, the BIG-IP system configuration can be considered as having the following components:
- Hardware configuration
- Base network configuration
- High-level network configuration
Figure 1.2 shows how these three kinds of configuration relate to one another.
Figure 1.2 Hardware configuration with base and high-level networks superimposed.
Hardware configuration
The hardware configuration includes all physical devices and connections in Figure 1.2 . That is, the configuration includes the entire physical network. In this case, the configuration consists of a BIG-IP system with four interfaces, one external and three internal, with each internal interface having its own Ethernet connecting to two physical servers. Solution-specific hardware configuration is provided in the BIG-IP Solutions Guide.
Base network configuration
The base network consists of the BIG-IP system interfaces and the domain names, self IP addresses, VLANs, and optional trunks that are built on them. Figure 1.2 shows this as italicized text. (In the example, the three internal interfaces are assigned to three separate VLANs, each with its own self IP address including netmask and broadcast address. If this were a BIG-IP redundant system, there would be additional floating self IP addresses for sharing.) When you run the Setup utility as the last part of your initial hardware installation and fill in the required fields, you are configuring the base network.
After you complete the Setup utility, you have, at a minimum, the two default VLANs (external and internal), domain names, and self IP addresses with netmask and broadcast addresses. Among other things, this base configuration enables you to access the BIG-IP system from a remote host using SSH or HTTPS and in this way gain access to both the command line interface and the browser-based Configuration utility.
At this point, you might want to further configure the base network by performing tasks such as changing settings, adding VLANs with tagged interfaces, creating additional floating self IP addresses, and performing link aggregation. These additional configurations are solution-dependent and can be extensive, particularly if you have more than two interfaces on your default internal VLAN. (If, for example, you were hosting three customers, as in Figure 1.2 , but were using a single interface with an external switch, you would need to segment what was originally the default internal VLAN into three separate tagged VLANs.)
You may also re-run the Setup utility in its entirety or use its various sub-utilities. For more information on these base configuration utilities, see Chapter 2, Using the Setup Utility .
High-level network configuration
Once a base network exists and you have administrative access to the BIG-IP system and at least a default VLAN assignment for each interface, the next step is to configure a network for the web servers to be load balanced. Figure 1.2 shows the high-level network in non-italicized text. The network includes the server nodes, the pools containing those nodes, and the virtual servers that represent the pools to the client.
Just as the base network is built on the BIG-IP system interfaces, the high-level network is built on the load balancing pool. Until there is a pool, there are no nodes to load balance. Once a pool exists, nodes come into existence as members of that pool, and can receive traffic through a virtual server. The high-level network also includes the properties attaching to pools, virtual servers, and nodes, such as persistence (a pool property), and any pool selection criteria as expressed in a rule. The high-level network can also include proxies for SSL and akamaization, NATs, SNATs, and health monitor associations for specific nodes or all nodes.
Global settings and filters
Global settings and filters are part of the configuration that belongs to neither the base network nor the high-level network.
Global settings are settings that are system wide rather than applicable only to specific objects. Global settings are documented in the description of the bigpipe global command, in Appendix A, bigpipe Command Reference .
Filters include IP and Rate filters, and are covered in Chapter 13, Filters .
Monitoring and administration
Monitoring and administration refer to the day-by-day tasks of observing traffic, gathering statistics, managing BIG-IP user accounts, and removing and returning items to service. Various utilities provide statistics in a variety of formats and may be global or specific to certain elements of the network, such as virtual servers, nodes, NATs, SNATs, or services.
The BIG-IP system user interface
The user interface to the BIG-IP system consists primarily of the web-based Configuration utility and the command line utility bigpipe.
The Configuration utility
The Configuration utility resides in the BIG-IP system internal web server. You can access it through the administrative interface on the BIG-IP system using Netscape® Navigator version 4.7x, or Microsoft® Internet Explorer version 5.0, 5.5, or 6.0.
The Configuration utility shown in Figure 1.3 first appears displaying the Network Map with any existing nodes and virtual servers. The Configuration utility thus provides an instant overview of your high-level network as it is currently configured. (You can view the base network by clicking System on the navigation pane.)
Figure 1.3 Configuration utility System screen
The left pane of the screen, referred to as the navigation pane, contains links to Virtual Servers, Nodes, Pools, Rules, NATs, Proxies, Network, Filters, and Monitors. These screens appear in the right pane. The navigation pane also contains links to screens for monitoring and system administration (Statistics, Log Files, and System Admin).
The bigpipe command line interface
You can access the bigpipe command line utility on a BIG-IP system with connections for a monitor and keyboard. For a system without a monitor and keyboard attached, like the IP Application Switch, you can access bigpipe through an SSH shell from a remote administrative host.
To give an example of a configuration using the bigpipe command line utility, the same pool shown in Figure 1.4 in the Add Pool screen would be configured at the command line as follows:
b pool my_pool { member 11.12.11.210:80 member 11.12.11.21:80 member 11.12.11.22:80 }
(Note that you can use b or bp as shorthand for bigpipe.) For convenience, long commands like this can be entered using backslash breaks:
b pool my_pool { \
member 11.12.11.20:80 \
member 11.12.11.21:80 \
member 11.12.11.22:80 }
The bigip.conf file
Regardless of which utility you use to configure a pool, virtual server, proxy, or other BIG-IP object, the configuration data is entered into the configuration file /config/bigip.conf. This produces an entry in that file like the one shown in Figure 1.4 . As a third configuration option, you can also edit this file directly using a text editor like vi or pico.
pool my_pool { member 11.12.11.20:80 member 11.12.11.21:80 member 11.12.11.22:80 } |
When you run the Setup utility, the objects created in the base network are placed in a separate file of the same format, /config/bigip_base.conf.