Applies To:
Show VersionsBIG-IP AAM
- 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0
Configuring Global Network Acceleration
Overview: Configuring Global Network Acceleration
Operating symmetrically, the BIG-IP® acceleration functionality, using both Web Application and Symmetric Optimization functionality, caches large objects (approximately 100MB or larger) from origin web servers and delivers them directly to clients. The BIG-IP device handles both static content and dynamic content, by processing HTTP responses, including objects referenced in the response, and then sending the included objects as a single object to the browser. This form of caching reduces server TCP and application processing, improves web page loading time, and reduces the need to regularly expand the number of web servers required to service an application.
Configuring BIG-IP acceleration across a WAN involves creation of a Sync-Only device group for two or more devices across the WAN, creation and configuration of endpoints across the WAN, creation of a parent folder for acceleration objects under /Common on each device, configuration of one or more central BIG-IP devices, configuration of one or more remote BIG-IP devices, and synchronization of all devices in the Sync-Only device group.
Deployment of BIG-IP Devices for Acceleration
Global network symmetric deployment
A global network that is configured for optimum acceleration typically uses Symmetric Optimization for symmetric acceleration when objects are greater than 100MB. When objects are less than 100MB, Symmetric Optimization is typically not used for symmetric acceleration. Symmetric Optimization provides deduplication and adaptive compression designed to optimize acceleration of larger objects.
Global symmetric deployment using an iSession connection
To improve your end user's experience with downloading web-based applications (such as accessing Microsoft SharePoint servers) from a remote office, you can deploy a pair of BIG-IP systems. Deploying a BIG-IP system in a remote location stages content closer to the end user, resulting in faster downloads for both web pages and documents. You can use this implementation for Internet, intranet, and extranet applications.
You must configure two or more BIG-IP devices for symmetric optimization using an iSession connection, that is, you must configure BIG-IP devices on both sides of the WAN.
A global symmetric deployment using an iSession connection
About symmetric request and response headers
In a global network that includes a symmetric deployment of remote and central BIG-IP® devices across a WAN, the remote BIG-IP device receives a request and includes an X-Client-WA header, which distinguishes the request to the central BIG-IP device, enabling the central BIG-IP device to process the request, as necessary. When the central BIG-IP device receives a response for the origin web servers, it includes an X-WA-Surrogate header in the response, which distinguishes the response to the remote BIG-IP device, which processes the response as necessary and removes the X-WA-Surrogate header before sending the response to the client.
Working with Sync-Only device groups
One of the types of device groups that you can create is a Sync-Only device group. A Sync-Only device group contains devices that synchronize configuration data with one another, but their configuration data does not fail over to other members of the device group. A maximum of 32 devices is supported in a Sync-Only device group.
A device in a trust domain can be a member of more than one Sync-Only device group. A device can also be a member of both a Sync-Failover group and a Sync-Only group.
A typical use of a Sync-Only device group is one in which you configure a device to synchronize the contents of a specific folder to a different device group than to the device group to which the other folders are synchronized.
What is device trust?
Before any BIG-IP® devices on a local network can synchronize configuration data or fail over to one another, they must establish a trust relationship known as device trust. Device trust between any two BIG-IP devices on the network is based on mutual authentication through the signing and exchange of x509 certificates.
Devices on a local network that trust one another constitute a trust domain. A trust domain is a collection of BIG-IP devices that trust one another and can therefore synchronize and possibly fail over their BIG-IP configuration data, as well as exchange status and failover messages on a regular basis. A local trust domain is a trust domain that includes the local device, that is, the device you are currently logged in to. You can synchronize a device's configuration data with either all of the devices in the local trust domain, or to a subset of devices in the local trust domain.
The trust domain is represented by a system-generated device group named device_trust_group, which the system uses internally to synchronize trust domain information across all devices. You cannot delete this special device group from the system.
Illustration of Sync-Only device group configuration
You can use a Sync-Only device group to synchronize policy data in a specific folder across a local trust domain.
Sync-Only Device Group
Device identity
The devices in a BIG-IP® device group use x509 certificates for mutual authentication. Each device in a device group has an x509 certificate installed on it that the device uses to authenticate itself to the other devices in the group.
Device identity is a set of information that uniquely identifies that device in the device group, for the purpose of authentication. Device identity consists of the x509 certificate, plus this information:
- Device name
- Host name
- Platform serial number
- Platform MAC address
- Certificate name
- Subjects
- Expiration
- Certificate serial number
- Signature status
Task summary
Perform these tasks to create a Sync-Only device group.
Task list
Defining an NTP server
Adding a device to the local trust domain
- On the Main tab, click Peer List or Subordinate List. , and then either
- In the Peer Authority Devices or the Subordinate Non-Authority Devices area of the screen, click Add.
-
Type a device IP address, administrator user name, and administrator password
for the remote BIG-IP® device with which you want to
establish trust. The IP address you specify depends on the type of BIG-IP
device:
- If the BIG-IP device is an appliance, type the management IP address for the device.
- If the BIG-IP device is a VIPRION® device that is not licensed and provisioned for vCMP®, type the primary cluster management IP address for the cluster.
- If the BIG-IP device is a VIPRION device that is licensed and provisioned for vCMP, type the cluster management IP address for the guest.
- If the BIG-IP device is an Amazon Web Services EC2 device, type one of the Private IP addresses created for this EC2 instance.
- Click Retrieve Device Information.
- Verify that the displayed information is correct.
- Click Finished.
Creating a Sync-Only device group
Syncing the BIG-IP configuration to the device group
Task summary for accelerating HTTP traffic with a Central BIG-IP Device
Perform these tasks to accelerate HTTP traffic with a symmetric BIG-IP® device.
Task summary
Defining an NTP server
Creating a new folder for synchronized acceleration applications
- On the Main tab, click .
- Click Create.
- In the Folder Name field, type a name for the folder.
- From the Device Group list, select a Sync-Only device group.
- Optional: In the Description field, type a description.
- Click Save.
Creating a user-defined acceleration policy from a predefined acceleration policy
Creating an application profile for a symmetric deployment
Enabling acceleration with the Web Acceleration profile
Creating a pool on a central BIG-IP device to process synchronized HTTP traffic
Creating a virtual server to manage HTTP traffic
Using Quick Start to set up iSession endpoints
Adding a virtual server to advertised routes
Clearing cache for a deployment change
Task summary for accelerating HTTP traffic with a Remote BIG-IP Device
Perform these tasks to accelerate HTTP traffic with a symmetric BIG-IP® device.
Task summary
Defining an NTP server
Enabling acceleration with the Web Acceleration profile
Creating a virtual server to manage HTTP traffic
Using Quick Start to set up iSession endpoints
Clearing a Remote BIG-IP Device cache
Implementation results
The central and remote BIG-IP devices are configured symmetrically to accelerate HTTP traffic.