Manual : BIG-IP Solutions Guide v 4.6.2

Applies To:

Show Versions Show Versions

BIG-IP versions 1.x - 4.x

  • 4.6.2
Manual
Original Publication Date: 02/23/2010

Table of Contents


Legal Notices

Introduction

Getting started

Choosing a configuration tool

Using the Administrator Kit

Stylistic conventions

Finding additional help and technical support resources

Learning more about the BIG-IP product family

BIG-IP System Overview

Introduction

User interface

A basic configuration

Configuring objects and object properties

Load balancing modes

BIG-IP system and intranets

Bidirectional load balancing

Cache control

SSL acceleration

Content conversion

VLANs

Link aggregation and link failover

Configuring a BIG-IP redundant system

Making hidden nodes accessible

Address translation

Forwarding

Basic Web Site and E-Commerce Configuration

Working with a basic web site and e-commerce configuration

Configuring a basic e-commerce site

Defining the pools

Defining the virtual servers

Additional configuration options

Installing a BIG-IP System without Changing the IP Network

Installing a BIG-IP system without changing IP networks

Configuring the BIG-IP system for the same IP network

Additional configuration options

Mirroring Traffic to an Inspection Device

Introducing mirroring traffic to an inspection device

Configuring VLAN mirroring

Using hash mode with VLAN mirroring

How the BIG-IP system handles traffic from the IDS with VLAN mirroring

Configuring clone pools

How the BIG-IP system handles traffic from an IDS with clone pools configured

Additional configuration options

Using the Universal Inspection Engine

Introducing the Universal Inspection Engine

Reviewing function syntax

Identifying packet elements for load balancing and persistence

Rule and pool examples for the Universal Inspection Engine

An example rule query for user IDs

An example rule using the getfield function

Example rules using the tcp_content function

An example rule for finding a hex value specified

Examples of different ways to count bytes before making a decision

An example rule with the domain function

Persistence example for RTSP on a pool with the getfield function

Persistence example for imid on a pool with the getfield function

Additional configuration options

Hosting for Multiple Customers

Introducing multiple customer hosting

Configuring multiple customer hosting

Creating VLANs with tagged interfaces

Creating the server pools to load balance

Creating the virtual server to load balance the web servers

Multiple customer hosting using built-in switching

Creating VLANs with untagged interfaces

Additional configuration options

A Simple Intranet Configuration

Working with a simple intranet configuration

Creating the simple intranet configuration

Additional configuration options

Load Balancing ISPs

Using ISP load balancing

Configuring ISP load balancing

Configuring network address translation on routers

Enabling service 80 and service 443

Additional configuration options

Load Balancing VPNs

Working with VPN load balancing

Configuring VPN load balancing

Using VPN and router load balancing

Configuring virtual servers for VPN and router load balancing

Configuring VPN and router load balancing

Additional configuration options

Load Balancing IPSEC Traffic

Configuring load balancing IPSEC traffic across VPN gateways

Configuring IPSEC load balancing

IPSEC VPN sandwich configuration

Additional configuration options

Configuring an SSL Accelerator

Introducing the SSL Accelerator

Configuring the SSL Accelerator

Generating a key and obtaining a certificate

Installing certificates from the certificate authority (CA)

Creating a pool for the HTTP servers

Creating an HTTP virtual server

Creating an SSL proxy

Introducing the SSL Accelerator scalable configuration

Creating the scalable SSL Accelerator configuration

Configuring the BIG-IP system that load balances the SSL Accelerators

Configuring the SSL Accelerators

Enabling port 443

Using SSL-to-server

Configuring an SSL Accelerator with SSL-to-server

Additional configuration options

Balancing Two-Way Traffic Across Firewalls

Introducing two-way firewall load balancing

Configuring two-way firewall load balancing

Configuring routing to the internal network

Creating pools for firewalls and servers

Enabling port 0

Creating virtual servers

Configuring administrative routing

Additional configuration options

Load Balancing a Cache Array for Local Server Acceleration

Introducing local server acceleration

Maximizing memory or processing power

Using the configuration diagram

Configuring local acceleration

Creating pools

Creating a cache rule

Using a cacheable content expression

Setting content demand status

Creating a virtual server

Configuring for intelligent cache population

Configuring a SNAT

Additional configuration options

Load Balancing a Cache Array for Remote Server Acceleration

Introducing remote server acceleration

Maximizing memory or processing power

Configuring remote server acceleration

Creating pools

Creating a cache rule

Working with a cacheable content expression

Understanding content demand status

Creating a virtual server

Configuring for intelligent cache population

Configuring a SNAT

Configuring a SNAT automap for bounceback

Additional configuration options

Load Balancing a Forward Proxy Caching Array

Introducing forward proxy caching

Maximizing memory or processing power

Using the configuration diagram

Configuring forward proxy caching

Creating pools

Creating a cache rule

Working with a cacheable content expression

Understanding content demand status

Creating a virtual server

Additional configuration options

Monitoring and Load Balancing to Different Applications on the Same Port

Configuring monitoring and load balancing to different applications on the same port

Disabling port translation on a per-pool basis

Additional configuration options

Configuring a Content Converter

Introducing the content converter

Configuring the content converter

Configuring the on-the-fly conversion software

Creating the load balancing pool

Creating the virtual server

Creating a content converter gateway using the Configuration utility

Additional configuration options

Using Link Aggregation with Tagged VLANs

Introducing link aggregation with tagged VLAN interfaces

Using the two-network aggregated tagged interface topology

Configuring the two-network topology

Aggregating the links

Adding tagged interfaces to VLANs

Creating the pool of web servers to load balance

Creating the virtual server to load balance the web servers

Using the one-network aggregated tagged interface topology

Configuring the one-network topology

Creating a VLAN group

Creating a self IP for the VLAN group

Additional configuration options

One IP Network Topologies

Introducing the one-IP network topology

Setting up a one-IP network topology with one interface

Defining the pools for an additional Internet connection

Defining the virtual server

Configuring the client SNAT

Additional configuration options

nPath Routing

Introducing nPath routing

Configuring nPath routing

Defining a server pool for nPath routing

Defining a virtual server with address translation disabled

Configuring the virtual server on the content server loopback interface

Setting the route for inbound traffic

Setting the return route

Setting the idle connection time-out

Additional configuration options

Configuring Windows Terminal Server Persistence

Introducing WTS persistence

Benefits of WTS persistence

Server platform issues

Configuring WTS persistence with Session Directory

Configuring WTS persistence on the BIG-IP system

Configuring your Terminal Server systems

Configuring WTS persistence without Session Directory

Additional configuration options

Mitigating Denial of Service and Other Attacks

Basic denial of service security overview

Configuring adaptive connection reaping

Logging adaptive reaper activity

Simple DoS prevention configuration

Setting the TCP and UDP connection reaper

Creating an IP rate filter

Setting connection limits on main virtual server

Setting the global variable memory_reboot_percent

Filtering out attacks with BIG-IP rules

Filtering out a Code Red attack

Filtering out a Nimda attack

How the BIG-IP system handles several common attacks

SYN flood

ICMP flood (Smurf)

UDP flood

UDP fragment

Ping of Death

Land attack

Teardrop

Data attacks

WinNuke

Sub 7

Back Orifice

Glossary