Applies To:Show Versions
BIG-IP versions 1.x - 4.x
- 4.5 PTF-08, 4.5 PTF-07, 4.5 PTF-06, 4.5 PTF-05, 4.5 PTF-04, 4.5.9
Introduction to this Guide
What's new in BIG-IP version 4.5 PTF-04
The BIG-IP version 4.5 PTF-04 release includes a number of new features. Some of these features enhance the security of your BIG-IP system, by improving user authentication and thwarting denial-of-service attacks. Other features enhance system performance and ease the task of system administration.
The new features of this release are documented either in this guide or in the release note for BIG-IP version 4.5 PTF-04. For a complete list of the new features in this release, see the release note.
The new features documented in this guide are:
- Online Certificate Status Protocol for the BIG-IP system
A significant feature in this release is support for the Online Certificate Status Protocol (OCSP). OCSP provides an alternative to a certificate revocation list (CRL), which is used during certificate verification to determine whether an SSL certificate presented by a client has been revoked. Because CRLs are updated only at regular intervals, the information in a CRL can sometimes be outdated at the time that it is checked. Using OCSP instead of a CRL eliminates this problem by ensuring that the revocation status of a client certificate is always current. For more information, see Chapter 2, Online Certificate Status Protocol for the BIG-IP System .
- New format for the SSLClientCertSerialNumber header
Another enhancement to the SSL proxy, this change to the SSLCLientCertSerialNumber header gives users who write rules based on certificate serial numbers the ability to write to a consistent format, regardless of the length of the serial number. For more information, see Chapter 3, Certificate Header Format in Client Requests .
- SYN Check
The new SYN Check feature mitigates a particular type of denial-of-service attack known as a SYN flood. A SYN flood is an attack against a system for the purpose of exhausting that system's resources. For more information, see Chapter 4, Preventing SYN Flood Attacks .
- The system_check script
The system_check script is useful for displaying and logging hardware failures. For more information, see Chapter 5, Logging Hardware Failures .
Using this guide
Before using this guide, it is helpful to understand how the guide relates to other BIG-IP documentation. It is also helpful to understand the stylistic conventions that appear throughout the text.
Scope of this guide
This guide documents only those new features that are included in the BIG-IP version 4.5 PTF-04 release. You should therefore use this guide in confunction with the complete set of product documentation that applies to the BIG-IP version 4.5 release.
The BIG-IP version 4.5 documentation set comprises these documents:
- Platform Guide
This guide includes information about the BIG-IP unit. It also contains important environmental warnings.
- BIG-IP Solutions Guide
This guide provides examples of common load balancing solutions.
- BIG-IP Reference Guide
This guide provides detailed configuration information for the BIG-IP system. It also provides syntax information for bigpipe commands, other command line utilities, configuration files, system utilities, and monitoring and administration information.
- Link Controller Solutions Guide
This guide provides examples of common link load balancing solutions using the Link Controller.
- BIG-IP e-Commerce Guide (optional)
This guide provides detailed configuration information for BIG-IP e-Commerce Controller systems.
- Release notes
Release notes for BIG-IP version 4.5 are available from the product web server home page, and are also available on the technical support site. The release notes contain the latest information for BIG-IP version 4.5, including a list of new features and enhancements, a list of fixes, and, in some cases, a list of known issues.
- Online help
You can find help online in three different locations:
- The web server on the product has PDF versions of the guides included in the Administrator Kit.
- The web-based Configuration utility has online help for each screen. Simply click the Help button.
- Individual bigpipe commands have online help, including command syntax and examples, in standard UNIX man page format. Simply type the command followed by the word help, and the BIG-IP system displays the syntax and usage associated with the command.
To help you easily identify and understand important information, our documentation uses the stylistic conventions described below.
Identifying new terms
To help you identify sections where a term is defined, the term itself is shown in bold italic text. For example, a virtual server is a specific combination of a virtual address and virtual port, associated with a content site that is managed by a BIG-IP system or other type of host server.
Identifying references to objects, names, and commands
We apply bold text to a variety of items to help you easily pick them out of a block of text. These items include web addresses, IP addresses, utility names, and portions of commands, such as variables and keywords. For example, with the bigpipe pool <pool_name> show command, you can specify a specific pool to show by specifying a pool name for the <pool_name> variable.
Identifying references to other documents
We use italic text to denote a reference to another document. In references where we provide the name of a book as well as a specific chapter or section in the book, we show the book name in bold, italic text, and the chapter/section name in italic text to help quickly differentiate the two. For example, you can find information about load balancing methods in the BIG-IP Reference Guide , Chapter 4, Pools.
Identifying command syntax
We show complete commands in bold Courier text. Note that we do not include the corresponding screen prompt, unless the command is shown in a figure that depicts an entire command line screen. For example, the following command shows the configuration of the specified pool name:
bigpipe pool <pool_name> show
b pool <pool_name> show
Table 1.1 explains additional special conventions used in command line syntax.
Item in text
Indicates that the command continues on the following line, and that users should type the entire command without typing a line break.
Identifies a user-defined parameter. For example, if the command has <your name>, type in your name, but do not include the brackets.
Separates parts of a command.
Indicates that syntax inside the brackets is optional.
Indicates that you can type a series of items.