Applies To:
Show VersionsBIG-IP versions 1.x - 4.x
- 4.2 PTF-10, 4.2 PTF-09, 4.2 PTF-08, 4.2 PTF-07, 4.2 PTF-06, 4.2 PTF-05, 4.2 PTF-04, 4.2 PTF-03, 4.2 PTF-02, 4.2 PTF-01, 4.2.0
1
BIG-IP Overview
- Introduction
- What is a BIG-IP?
- Configuration
- Monitoring and administration
- The BIG-IP user interface
Introduction
This chapter provides a brief overview of the BIG-IP software and the configuration and monitoring tasks associated with it as an introduction to the chapters that follow. (For an overview of BIG-IP functionality with sample solutions, refer to Chapter 1 of the BIG-IP Solutions Guide.)
This chapter is organized as follows:
- What is a BIG-IP?
- Configuring the BIG-IP
- Monitoring the BIG-IP
- The BIG-IP user interface
What is a BIG-IP?
The BIG-IP is an Internet device used to implement a wide variety of load balancing and other network traffic solutions, including intelligent cache content determination and SSL acceleration.
Figure 1.1 shows the most basic kind of BIG-IP configuration. In it, the unit sits between a router and an array of content servers, and load balances inbound Internet traffic across those servers. (For an introduction to more complex solutions, including load balancing of outbound traffic across firewalls and routers, refer to the BIG-IP Solutions Guide, Chapter 1, Overview.)
Figure 1.1 A basic configuration
Insertion of the BIG-IP, with its minimum of two interfaces, divides the network into an external VLAN and an internal VLAN. (Both VLANs can be on a single IP network, so that inserting the BIG-IP does not require you to change the IP addressing of the network.) The nodes on the external VLAN are routable. The nodes on the internal VLAN, however, are hidden behind the BIG-IP. What appears in their place is a user-defined virtual server. It is this virtual server that receives requests and distributes them among the physical servers, which are now members of a load-balancing pool.
The key to load balancing through a virtual server is address translation, and setting the BIG-IP address as the default route. By default, the virtual server translates the destination address of the incoming packet to that of the network device it load balances to, making it the source address of the reply packet. The reply packet returns to the BIG-IP as the default route, and the BIG-IP translates its source address back to that of the virtual server. (For outbound traffic, address translation can be modified or disabled to give internal nodes visibility to the Internet.)
Like the physical network itself, you can add software entities like virtual servers and load balancing pools to the BIG-IP, and any properties associated with them (like load balancing methods for pools). Adding hardware and software components to the BIG-IP is referred to collectively as configuration.
Configuration
Configuration is setting up the BIG-IP to perform its load balancing and other functions on an ongoing basis. You configure the BIG-IP when it is first installed, and later as required by changing needs or changes in the network itself. For convenience, the BIG-IP configuration can be broken into the following components:
- Hardware configuration
- Base network configuration
- High-level network configuration
Figure 1.2 shows how these three kinds of configuration relate to one another.
Figure 1.2 Hardware configuration with base and high-level networks superimposed.
Hardware configuration
The hardware configuration includes all physical devices and connections in Figure 1.2, in other words, it includes the entire physical network. In this case, it consists of a BIG-IP with four interfaces, one external and three internal, with each internal interface having its own Ethernet connecting to two physical servers. Solution-specific hardware configuration is provided in the BIG-IP Solutions Guide.
Base network configuration
The base network consists of the BIG-IP interfaces and the domain names, self IP addresses, VLANs, and optional trunks that are built on them. Figure 1.2 shows this as italicized text. (In the example, the three internal interfaces are assigned to three separate VLANs, each with its own self IP address including netmask and broadcast address. If this were a BIG-IP redundant system, there would be additional floating self IP addresses for sharing.) When you run the Setup utility as the last part of your initial hardware installation and fill in the required fields, you are configuring the base network. After you complete the Setup utility, you have, at the minimum, the two default VLANs (external and internal), domain names, and self IP addresses (both one true and floating as required) with netmask and broadcast addresses. This base configuration enables you, among other things, to access the BIG-IP from a remote host using SSH or HTTPS and in this way gain access to both the command line interface and the graphic Configuration utility.
At this point you may want to further configure the base network by changing settings, segmenting the network into more interface-group VLANs, adding VLANs with tagged interfaces, creating additional floating self IP addresses, and performing link aggregation. These additional configurations are solution-dependent and can be extensive, particularly if you have more than two interfaces on your default internal VLAN. (If, for example, you were hosting three customers, as in Figure 1.2, but were using a single interface with an external switch, you would need to segment what was originally the default internal VLAN into three separate tagged VLANs.)
You may also re-run the Setup utility in its entirety or using its various sub-utilities. For more information on these base configuration utilities, see Chapter 2, Using the Setup Utility.
High-level network configuration
Once a base network exists and you have administrative access to the BIG-IP and at least a default VLAN assignment for each interface, the next step is to configure a network for the web servers to be load balanced. Figure 1.2 shows the high-level network in non-italicized text. The network includes the server nodes, the pools containing those nodes, and the virtual servers that represent the pools to the client.
Just as the base network is built on the BIG-IP interfaces, the high-level network is built on the load balancing pool. Until there is a pool, there are no nodes to load balance. Once a pool exists, nodes come into existence as members of that pool and can receive traffic through a virtual server. The high-level network also includes the properties attaching to pools, virtual servers, and nodes such as persistence (a pool property), and any pool selection criteria as expressed in a rule. The high-level network can also include proxies for SSL and akamaization, NATs, SNATs, and health monitor associations for specific nodes or all nodes.
For detailed information on configuration refer to Chapter 4, Configuring the High-Level Network, Chapter 7, bigpipe Command Reference, and Chapter 8, Configuring SNMP.
Global settings and filters
Global settings and filters are part of the configuration that belong to neither the base network nor the high-level network.
Global settings are settings that are system wide rather than applicable only to specific objects. Global settings are documented in Chapter 4, Configuring the High-Level Network, and under the bigpipe global command in Chapter 7, bigpipe Command Reference.
Filters include IP and Rate filters, and are covered in Chapter 5, Configuring Filters.
Monitoring and administration
Monitoring and administration refer to the day-by-day tasks of observing traffic, gathering statistics, adding users, and removing and returning items to service. Various utilities provide statistics in a variety of formats and may be global or specific to certain elements of the network, such as virtual servers, nodes, NATs, SNATs, or services. Monitoring and administration is covered in Chapter 11, Monitoring and Administration, and Chapter 8, Configuring SNMP.
The BIG-IP user interface
User interface to the BIG-IP consists primarily of the web-based Configuration utility and the command line interface bigpipe.
The Configuration utility
The Configuration utility resides in the BIG-IP internal web server. You can access it through the administrative interface on the BIG-IP using Netscape Navigator version 4.7, or Microsoft Internet Explorer version 5.0, or later. (Netscape Navigator version 6.0 is not supported.)
Figure 1.3 shows the Configuration utility as it first appears, displaying the Network Map with any existing nodes and virtual servers. The Configuration utility thus provides an instant overview of your high-level network as it is currently configured. (You can view the Base Network by clicking Network on the navigation pane.)
Figure 1.3 Configuration utility System screen
The left pane of the screen, referred to as the navigation pane, contains links to Virtual Servers, Nodes, Pools, Rules, NATs, Proxies, Network, Filters, and Monitors. These screens appear in the right pane. The navigation pane also contains links to screens for monitoring and system administration (Statistics, Log Files, and System Admin).
As an example of using the Configuration utility, suppose you wanted to create a pool. You would click Pools to open the Pools screen, then click the Add (+) button to open the Add Pool screen, as shown in Figure 1.4.
The Add Pool screen contains fields for all the attributes you can configure for the pool.
The bigpipe command line interface
You can access the command line interface bigpipe on a BIG-IP with connections for a monitor and keyboard. For a system without a monitor and keyboard attached (headless), like the IP Application Switch, you can access bigpipe through an SSH shell from a remote administrative host.
To give an example of a configuration using the bigpipe command line utility, the same pool shown in Figure 1.4 in the Add Pool screen would be configured at the command line as follows:
b pool my_pool { member 11.12.11.210:80 member 11.12.11.21:80 member 11.12.11.22:80 }
(You can use b or bp as shorthand for bigpipe.) For convenience, long commands like this can be entered using backslash breaks:
b pool my_pool { \
member 11.12.11.20:80 \
member 11.12.11.21:80 \
member 11.12.11.22:80 }
The bigip.conf file
Regardless of how a pool, virtual server, proxy or other object is configured, whether you use the Configuration utility or bigpipe, it is entered into the configuration file /config/bigip.conf. This produces an entry in that file like the one shown in Figure 1.5. As a third configuration option, you can also edit this file directly using a text editor like vi or pico.
Figure 1.5 Pool definition in bigip.conf
pool my_pool {
member 11.12.11.20:80
member 11.12.11.21:80
member 11.12.11.22:80
}
When you run the Setup utility, the objects created in the base network are placed in a separate file of the same format, /config/bigip_base.conf.