Manual Chapter : BIG-IP Solutions Guide v4.5:Introduction

Applies To:

Show Versions Show Versions

BIG-IP versions 1.x - 4.x

  • 4.6.1, 4.6.0, 4.5 PTF-08, 4.5 PTF-07, 4.5 PTF-06, 4.5 PTF-05, 4.5 PTF-04, 4.5 PTF-03, 4.5 PTF-02, 4.5 PTF-01, 4.5.9, 4.5.0
Manual Chapter


Introduction


Getting started

Before you start installing the BIG-IP system, we recommend that you browse this guide and find the load balancing solution that most closely addresses your needs. If the BIG-IP® unit is running the 3-DNS software module, you may also want to browse the 3-DNS Administrator Guide to find a wide area load balancing solution. Briefly review the basic configuration tasks and the few pieces of information, such as IP addresses and host names, that you should gather in preparation for completing the tasks.

Once you find your solution and gather the necessary network information, turn to the Configuration Worksheet and Platform Guide for hardware installation instructions, and then return to this guide to follow the steps for setting up your chosen solution.

Choosing a configuration tool

The BIG-IP system offers both web-based and command line configuration tools, so that users can work in the environment that they are most comfortable with.

The Setup utility

All users need to use the Setup utility (formerly known as First-Time Boot utility). This utility walks you through the initial system set up. You can run the Setup utility from the command line, or from a web browser. The Setup utility prompts you to enter basic system information including a root password and the IP addresses that will be assigned to the network interfaces. For more information, see the BIG-IP Reference Guide

The Configuration utility

The Configuration utility is a web-based application that you use to configure and monitor the load balancing setup on the BIG-IP system. Once you complete the instructions for the Setup utility described in the BIG-IP Reference Guide, you can use the Configuration utility to perform additional configuration steps necessary for your chosen load balancing solution. In the Configuration utility, you can also monitor current system performance, and download administrative tools such as the SNMP MIBs or the SSH client. The Configuration utility requires Netscape Navigator version 4.7, or Microsoft Internet Explorer version 5.0 or 5.5.

The bigpipe and bigtop command line utilities

The bigpipeTM utility is the command line counter-part to the Configuration utility. Using bigpipe commands, you can configure virtual servers, open ports to network traffic, and configure a wide variety of features. To monitor the BIG-IP system, you can use certain bigpipe commands, or you can use the bigtopTM utility, which provides real-time system monitoring. You can use the command line utilities directly on the BIG-IP system console, or you can run commands using a remote shell, such as the SSH client or a Telnet client. For detailed information about the bigpipe command line syntax, see the BIG-IP Reference Guide.

Using the Administrator Kit

The BIG-IP Administrator Kit provides all of the documentation you need in order to work with the BIG-IP system. The information is organized into the guides described below. The following printed documentation is included with the BIG-IP unit.

  • Configuration Worksheet
    This worksheet provides you with a place to plan the basic configuration for the BIG-IP system.

    The following guides are available in PDF format from the CD-ROM provided with the BIG-IP system. These guides are also available from the first Web page you see when you log in to the administrative web server on the BIG-IP system.

  • Platform Guide
    This guide includes information about the BIG-IP unit. It also contains important environmental warnings and installation instructions.
  • BIG-IP Solutions Guide
    This guide provides examples of common load balancing solutions. Before you begin installing the hardware, we recommend that you browse this guide to find the load balancing solution that works best for you.
  • BIG-IP Reference Guide
    This guide provides detailed configuration information for the BIG-IP system. It also provides syntax information for bigpipe commands, other command line utilities, configuration files, system utilities, and monitoring and administration information.
  • 3-DNS Administrator and Reference Guides
    If your BIG-IP system includes the optional 3-DNS module, your administrator kit also includes manuals for using the 3-DNS module. The 3-DNS Administrator Guide provides wide area load balancing solutions and general administrative information. The 3-DNS Reference Guide provides information about configuration file syntax and system utilities specific to the 3-DNS module.
  • BIG-IP Link Controller Solutions Guide
    This guide provides examples of common link load balancing solutions using the Link Controller. Before you begin installing the hardware, we recommend that you browse this guide to find the load balancing solution that works best for you.

Stylistic conventions

To help you easily identify and understand important information, our documentation consistently uses these stylistic conventions.

Using the solution examples

All examples in this documentation use only non-routable IP addresses. When you set up the solutions we describe, you must use IP addresses suitable to your own network in place of our sample addresses.

Identifying new terms

To help you identify sections where a term is defined, the term itself is shown in bold italic text. For example, a virtual server is a specific combination of a virtual address and virtual port, associated with a content site that is managed by a BIG-IP system or other type of host server.

Identifying references to objects, names, and commands

We apply bold text to a variety of items to help you easily pick them out of a block of text. These items include web addresses, IP addresses, utility names, and portions of commands, such as variables and keywords. For example, with the bigpipe pool <pool_name> show command, you can specify a specific pool to show by specifying a pool name for the <pool_name> variable.

Identifying references to other documents

We use italic text to denote a reference to another document. In references where we provide the name of a book as well as a specific chapter or section in the book, we show the book name in bold, italic text, and the chapter/section name in italic text to help quickly differentiate the two. For example, you can find information about bigpipe commands in the BIG-IP Reference Guide.

Identifying command syntax

We show complete commands in bold Courier text. Note that we do not include the corresponding screen prompt, unless the command is shown in a figure that depicts an entire command line screen. For example, the following command shows the configuration of the specified pool name:

bigpipe pool <pool_name> show

or

b pool <pool_name> show

Table Intro.1 explains additional special conventions used in command line syntax.

 

Item in text

Description

\

Indicates that the command continues on the following line, and that users should type the entire command without typing a line break.

< >

Identifies a user-defined parameter. For example, if the command has <your name>, type in your name, but do not include the brackets.

|

Separates parts of a command.

[ ]

Indicates that syntax inside the brackets is optional.

...

Indicates that you can type a series of items.

 

Finding additional help and technical support resources

You can find additional technical information about this product in the following locations:

  • Release notes
    Release notes for the current version of this product are available from the product web server home page, and are also available on the technical support site. The release notes contain the latest information for the current version, including a list of new features and enhancements, a list of fixes, and, in some cases, a list of known issues.
  • Online help
    You can find help online in three different locations:

    • The web server on the product has PDF versions of the guides included in the Administrator Kit.
    • The web-based Configuration utility has online help for each screen. Simply click the Help button.
    • Individual bigpipe commands have online help, including command syntax and examples, in standard UNIX man page format. Simply type the command followed by the word help, and the BIG-IP system displays the syntax and usage associated with the command.
  • Third-party documentation for software add-ons
    The BIG-IP distribution CD contains online documentation for all third-party software.
  • Technical support through the World Wide Web
    The F5 Networks Technical Support web site, http://tech.f5.com, provides the latest technical notes, answers to frequently asked questions, updates for administrator guides (in PDF format), and the AskF5 natural language question and answer engine.

Note


All references to hardware platforms in this guide refer specifically to systems supplied by F5 Networks, Inc. If your hardware was supplied by another vendor and you have hardware-related questions, please refer to the documentation from that vendor.
     

What's new in version 4.5

The BIG-IP system offers the following major new features in version 4.5, in addition to many smaller enhancements.

Enhanced support for managing SSL connections

This release includes several new features designed to further simplify the administration of SSL connections. These features include extensive web-based screens for centralized key management, and support for certificate revocation lists (CRLs).

Another new SSL feature is the ability for an SSL proxy to interoperate with an LDAP database to authorize users based on client certificates. This LDAP database can reside either locally on the BIG-IP system, or remotely on another server on your network.

Lastly, you can now limit the number of connections coming into an SSL proxy, for security or load balancing reasons.

For more information on managing SSL connections, see the BIG-IP Reference Guide, Chapter 7, SSL Accelerator Proxies.

Easy system account creation

With this release, the BIG-IP system now offers a centralized Setup screen to set the passwords for the three system accounts: root, admin, and support. For the support account, you can also specify whether to allow command line access, Web access, or both.

For more information on managing user accounts, see the BIG-IP Reference Guide, Chapter 17, Administering the BIG-IP System.

Security enhancements

You can now use the Setup utility to configure a remote LDAP or RADIUS authentication server. With this feature, you no longer need to directly edit configuration files to set up your LDAP or RADIUS authentication server. For more information about configuring remote authentication, see the BIG-IP Reference Guide, Chapter 2, Using the Setup Utility.

Also, this release of the BIG-IP system expands the number of user roles that you can assign to user accounts for the purpose of user authorization. In addition to the standard Full Read/Write, Partial Read/Write, and Read-Only access levels, you can now choose from three additional access levels. These access levels define which of the three interfaces an administrator can use to access the BIG-IP system (the Configuration utility, the command line interface, or the iControl interface). These user authorization roles are stored in the local LDAP database on the BIG-IP system and are designed to operate in concert with centralized LDAP and RADIUS authentication. For more information on managing user accounts, see the BIG-IP Reference Guide, Chapter 17, Administering the BIG-IP System.

Other useful security features in this release are intrusion detection and protection from denial-of-service attacks. This release includes two new features to assist in detecting network intruders--VLAN mirroring and clone pools. By enabling a clone pool, any traffic directed to a pool is automatically sent to a node within a replicated pool. The release also includes two new global variables to define high water and low water marks, for the adaptive reaping of connections. For more information VLAN mirroring and clone pools, see the BIG-IP Reference Guide, Chapter 3, Post-Setup Tasks, VLANs, and Chapter 4, Pools.

Universal Inspection Engine

The Universal Inspection Engine (UIE) allows you to apply business decisions to applications and web services, and provides granular control for switching, persistence, and application level security. The BIG-IP system version 4.5 has the ability to read all HTTP or TCP content.

  • Universal content switching
    Through a number of new rule elements, such as a set of functions and the variables http_content and tcp_content, you can now write expressions within rules that search not only HTTP headers, but also HTTP and TCP data content to make load balancing decisions. As part of the new iRules syntax, these new variables and functions significantly enhance your ability to select the pools that most suit your traffic management needs.
  • Universal persistence
    Universal persistence allows you to persist on any string within a packet, or persist directly on a specific pool member. You can enable universal persistence by including rules-syntax expressions within a pool definition. In this way, a pool can perform load-balancing operations such as sending traffic to a specific node within the pool, or load-balancing traffic based on any string or node that you define. Furthermore, the rules syntax has been expanded to allow rules to intelligently persist requests to cache servers based on more granular information in a request.

    Universal persistence is particularly useful for persisting HTTP or TCP content that is unique to your application. Examples of universal persistence are for i-mode phone users and for working with BEA Weblogic servers by creating persistence maps on BEA Weblogic identifiers. For more information about the Universal Inspection Engine and iRules, see the BIG-IP Reference Guide, Chapter 5, iRules.

Other rule enhancements

In addition to the new rule functions and variables designed for universal content switching, the rules syntax has been further expanded to include two new rule statements, log and accumulate.

Furthermore, you can now store your class lists externally instead of within the bigip.conf file. Storing your class lists externally improves performance and allows for incremental updates to those lists. To support this feature, you can store external class lists using either the Configuration utility or the iControl interface. For more information about these new functions, see the BIG-IP Reference Guide, Chapter 5, iRules.

Enhanced support for global variables

A number of new global variables are included in this release, such as variables that define high-water and low-water marks for the adaptive reaping of connections to prevent denial-of-service attacks. Also, the Configuration utility now shows all global variables and presents them in categories, according to function. For more information about these global variables, see the BIG-IP Reference Guide, Appendix A, bigpipe Command Syntax.

RealServer plug-in for UNIX systems

With this release comes support for RealSystem® Server systems running on the UNIX operating system. This feature provides the ability to dynamically load balance and monitor UNIX systems that are running the RealSystem® Server application. Once you have compiled and installed the plug-in, you can set up your pool for dynamic load balancing, and create a health monitor to monitor the traffic load on the RealSystem® Server system. For more information about the RealSystem Server plug-in, see the BIG-IP Reference Guide, Chapter 11, Monitors.

New health monitor features

This release includes a new EAV health monitor, udp, which allows you to check the status of UDP connections. Also, the reverse attribute, which marks a node as down based on a received string, is now available for the https and https_443 monitors. For more information about these monitors, see the BIG-IP Reference Guide, Chapter 11, Monitors.

Other load balancing enhancements

This release includes several new load balancing features, including enhanced administration of load-balanced connections. For example, through the Configuration utility, bigpipe command, or bigapi, you can now dump connections verbosely, or configure a timeout for idle HTTP connections. Also, by writing rule-type expressions within pool definitions, you can cause a pool to send a connection directly to one of its pool members. For more information these features, see the BIG-IP Reference Guide, Chapter 5, iRules and Chapter 4, Pools.

Support for Link Controller

This release of the BIG-IP system includes an add-on Link Controller module for all BIG-IP HA systems. This module includes such features as support for single routers with multiple IP addresses and uplinks, full duplex billing support, and support for multiple outbound router pools. Also included is a significantly enhanced Web user interface, designed to ease basic link-controller configuration steps and provide more detailed statistics information.

Learning more about the BIG-IP product family

The BIG-IP platform offers many different software systems. These systems can be stand-alone, or can run in redundant pairs, with the exception of the BIG-IP e-Commerce Controller, which is only available as a stand-alone system. You can easily upgrade from any special-purpose BIG-IP system to the BIG-IP HA software, which supports all BIG-IP features.

  • The BIG-IP system
    The complete version of the BIG-IP software provides the full suite of local area load balancing functionality. The BIG-IP unit also has an optional 3-DNS software module which supports wide-area load balancing.
  • The BIG-IP Link Controller
    The BIG-IP Link Controller uses metrics and thresholds to manage inbound and outbound traffic through multiple gateways (routers) and Internet Service Providers (ISPs).
  • The BIG-IP e-Commerce Controller
    The BIG-IP e-Commerce Controller uses SSL acceleration technology to increase the speed and reliability of the secure connections that drive e-commerce sites.
  • The BIG-IP special purpose products
    The special purpose BIG-IP system provides the ability to choose from three different BIG-IP feature sets. When you run the Setup utility, you specify one of three types:

    • The BIG-IP Load Balancer
      The BIG-IP Load Balancer provides basic load balancing features.
    • The BIG-IP FireGuard
      The BIG-IP FireGuard provides load balancing features that maximize the efficiency and performance of a group of firewalls.
    • The BIG-IP Cache Controller
      The BIG-IP Cache Controller uses content-aware traffic direction to maximize the efficiency and performance of a group of cache servers.