Manual Chapter : Configuring a One-Arm Deployment Using WCCPv2

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1

BIG-IP APM

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1

BIG-IP GTM

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1

BIG-IP Link Controller

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1

BIG-IP Analytics

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1

BIG-IP LTM

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1

BIG-IP AFM

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1

BIG-IP PEM

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1

BIG-IP ASM

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
Manual Chapter

Configuring a One-Arm Deployment Using WCCPv2

Overview: Configuring a one-arm deployment using WCCPv2

In certain cases, it is not advantageous or even possible to deploy the BIG-IP® system inline. For example, in the case of a collapsed backbone where the WAN router and the LAN switch are in one physical device, you might not be able to deploy the BIG-IP system inline.

If you choose not to deploy the BIG-IP system inline, you can use a one-arm deployment. In a one-arm deployment, the BIG-IP system has a single (hence, one-arm) connection to the WAN router or LAN switch. The WAN router (or switch) redirects all relevant traffic to the BIG-IP system. In this configuration, the WAN router typically uses Web Cache Communication Protocol version 2 (WCCPv2) to redirect traffic to the BIG-IP system.

Network topology for a one-arm connection

Network topology for a one-arm connection

The traffic flow sequence in this illustration is as follows:

  1. The client initiates a session.
  2. A WAN router redirects traffic to the BIG-IP system.
  3. The BIG-IP1 processes traffic and sends it back to the WAN router.
  4. The WAN router forwards traffic across the WAN.

About WCCPv2 redirection on the BIG-IP system

TMOS® includes support for Web Cache Communication Protocol version 2 (WCCPv2). WCCPv2 is a content-routing protocol developed by Cisco® Systems. It provides a mechanism to redirect traffic flows in real time. The primary purpose of the interaction between WCCPv2-enabled routers and a BIG-IP® system is to establish and maintain the transparent redirection of selected types of traffic flowing through those routers.

To use WCCPv2, you must enable WCCPv2 on one or more routers connected to the BIG-IP® system, and configure a service group on the BIG-IP system that includes the router information. The BIG-IP system then receives all the network traffic from each router in the associated service group, and determines both the traffic to optimize and the traffic to which to apply a service.

In configuring WCCPv2 on a network, you define a service group on the BIG-IP system, which is a collection of WCCPv2 services configured on the BIG-IP system. A WCCPv2 service in this context is a set of redirection criteria and processing instructions that the BIG-IP system applies to any traffic that a router in the service group redirects to the BIG-IP system. Each service matches a service identifier on the router.

The following illustration shows a one-arm configuration on one side of the WAN and an inline (bridge) configuration on the other side.

one-arm config

Example of a one-arm configuration

Before you begin configuring an iSession connection

Before you configure an iSession™ connection on the BIG-IP® system, make sure that you have completed the following general prerequisites.

  • You must have an existing routed IP network between the two locations where the BIG-IP devices will be installed.
  • One BIG-IP system is located on each side of the WAN network you are using.
  • The BIG-IP hardware is installed with an initial network configuration applied.
  • F5® recommends that both units be running the same BIG-IP software version.
  • The Application Acceleration Manager™ license is enabled.
  • Application Acceleration Manager (AAM) is provisioned at the level Nominal.
  • The management IP address is configured on the BIG-IP system.
  • You must have administrative access to both the Web management and SSH command line interfaces on the BIG-IP system.
  • If there are firewalls, you must have TCP port 443 open in both directions. Optionally, you can allow TCP port 22 for SSH access to the command line interface for configuration verification, but not for actual BIG-IP iSession traffic. After you configure the BIG-IP system, you can perform this verification from the Configuration utility ( Acceleration > Symmetric Optimization > Diagnostics ).

Task summary

To use WCCPv2 for traffic redirection, you configure a service group on the BIG-IP® system that includes at least one service. You also configure this service on the WCCPv2-enabled router connected to the BIG-IP system.

For optimization, you also need to configure the BIG-IP system on the other side of the WAN to complete the connection. The BIG-IP system on the other side of the WAN can be set up in either a one-arm or inline configuration.

Note: The example described in this implementation applies to the Cisco 3750 and Cat 6500 routers.

Prerequisites

Before you begin configuring WCCPv2 for traffic redirection, ensure that you have performed the following actions on the other devices in your network.

  • The interface and associated VLAN have been configured on the router or switch. For instructions, refer to the Cisco documentation for your device.
  • IP addresses have been assigned on the Cisco router or switch interface. Note the router identification address, which you will use when configuring WCCPv2 on the BIG-IP system.

Task list

Creating a VLAN for a one-arm deployment

For a one-arm deployment, you create only one VLAN on the BIG-IP® system, because the system has only a single connection to the WAN router or switch.
  1. On the Main tab, click Network > VLANs .
    The VLAN List screen opens.
  2. Click Create.
    The New VLAN screen opens.
  3. In the Name field, type wan.
  4. In the Tag field, type a numeric tag, from 1 to 4094 for the VLAN, depending on your network configuration.
  5. For the Interfaces setting, click an interface number in the Available list, and move the selected interface to the Untagged or Tagged list, depending on your network configuration.
  6. Click Finished.
    The screen refreshes, and displays the new VLAN from the list.

Creating a self IP address for a one-arm deployment

A VLAN must be configured before you create a self IP address.
This self IP address is the local endpoint for the iSession™ connection.
  1. On the Main tab, click Network > Self IPs .
  2. Click Create.
    The New Self IP screen opens.
  3. In the Name field, type a descriptive name for the self IP address, for example onearm.
  4. In the IP Address field, type an IP address that is not in use and resides on the wan VLAN you created. In the example shown, this is 10.150.3.1.
  5. In the Netmask field, type the full network mask for the specified IP address.

    For example, you can type ffff:ffff:ffff:ffff:0000:0000:0000:0000 or ffff:ffff:ffff:ffff::.

  6. From the VLAN/Tunnel list, select wan.
  7. From the Port Lockdown list, select Allow None.
    This selection avoids potential conflicts (for management and other control functions) with other TCP applications. However, to access any of the services typically available on a self IP address, select Allow Custom, so that you can open the ports that those services need.
  8. In the Traffic Group field, clear the check box, and select traffic-group-local-only (non-floating) from the drop-down menu.
  9. Click Finished.
    The screen refreshes, and displays the new self IP address.
The self IP address is assigned to the external (WAN) VLAN.
Example of the Properties screen for the self IP address you created

Example of the Properties screen for the self IP address you created

Use this self IP address on the WAN Optimization Quick Start screen for the WAN Self IP Address, which is the local endpoint for the iSession connection.

Defining a route

You must define a route on the local BIG-IP® system for sending traffic to its destination. In the example shown, the route defined uses the default gateway to send traffic to the router.
  1. On the Main tab, click Network > Routes .
  2. Click Add.
    The New Route screen opens.
  3. In the Name field, type default-gateway.
  4. In the Destination field, type the IP address 0.0.0.0.
    An IP address of 0.0.0.0 in this field indicates that the destination is a default route.
  5. In the Netmask field, type 0.0.0.0, the network mask for the default route.
  6. From the Resource list, select Use Gateway.
    The gateway represents a next-hop or last-hop address in the route.
  7. For the Gateway Address setting, select IP Address and type an IP address. In the example shown, this is 10.150.3.254.

Configuring WCCPv2

To configure traffic redirection using WCCPv2 for a one-arm deployment, follow these steps on the BIG-IP® system. This implementation specifies the Layer 2 (L2) method of traffic forwarding and mask assignment as the load-balancing method for a WCCPv2 service.
Note: The values you select for Redirection Method, Return Method, and Traffic Assign are automatically selected by the Cisco router or switch, provided that the Cisco device supports these settings.
Example showing browser interface for configuring WCCP

Example showing browser interface for configuring WCCP

  1. On the Main tab of the BIG-IP® system user interface, click Network > WCCP .
  2. Click the Create button.
    The New WCCP List screen opens.
  3. In the Service Group field, type a name for the service group, for example, service-wccp.
  4. In the Service field, type a service group identifier, which is a number between 51 and 255.
    This number must match the service ID you configure on the Cisco router. In the illustration shown, this number is 75.
  5. From the Port Type list, select Destination.
    If you specify a port in the Port List , this setting specifies the port on which the server listens for incoming traffic that has been redirected by WCCP. For best results, select Destination, even if you do not specify a port.
  6. From the Redirection Method list, select L2.
    This setting specifies the method the router uses to redirect traffic to the BIG-IP system. Typically, L2 has a faster throughput rate than GRE, but GRE traffic has the advantage that it can be forwarded by a Layer-3 router. This example uses L2.
    Note: The router or switch uses the same redirection method, if supported.
  7. From the Return Method list, select L2.
    This setting specifies the method the BIG-IP system uses to return pass-through traffic to the router. Typically, L2 has a faster throughput rate than GRE, but GRE traffic has the advantage that it can be forwarded by a Layer-3 router. This example uses L2.
    Note: The router or switch uses the same return method, if supported.
  8. From the Traffic Assign list, select Mask.
    This setting specifies whether load balancing is achieved by a hash algorithm or a mask. This example uses a mask.
    Note: The router or switch uses the same setting, if supported.
  9. In the Routers field, type the IP address of the Cisco router, and click Add.
    In the illustration shown, this is 10.150.3.254.
    Important: Do not use a secondary IP address for the Cisco router or switch.
  10. In the Port List field, select an application, or leave it blank to indicate all ports.
  11. For the Router Identifier setting, type the Router Identifier IP address of the router.
    If you do not know the Router Identifier IP address, consult the Cisco documentation that applies to the router or switch you are using.
  12. In the Client ID field, type the IP address of the VLAN that connects to the Cisco router.
    In the illustration shown, this is 10.150.3.1.
  13. Click Finished.
The BIG-IP is configured for WCCPv2 traffic redirection in a one-arm deployment. The completed screen looks similar to the following example.
Example of completed configuration screen

Example of completed configuration screen

Verifying connectivity

Important: Use this task as a checkpoint before proceeding with the one-arm setup.
You can verify connectivity from the command-line interface.
  1. Ping the router interface using the command-line access to the BIG-IP® system.
  2. Use TCPdump on TCP traffic between the servers at both sites to verify that TCP packets are redirected when you initiate TCP traffic.
  3. Review the log /var/log/wccpd.log and look for the SESSION up message.
    The following example is an excerpt from the log of a one-arm configuration.
    Aug  2 17:26:18 clientside3600 notice router_ip 10.150.3.254
    Aug  2 17:26:18 clientside3600 notice ports: 0,0,0,0,0,0,0,0,
    Aug  2 17:26:18 clientside3600 notice tunnel_remote_addr: 192.31.3.161
    Aug  2 17:26:18 clientside3600 notice
    Aug  2 17:26:18 clientside3600 notice wccpd-1[1db1:f73f46d0] WccpMcpInterface.cpp:113 :
    Aug  2 17:26:18 clientside3600 notice wccpd-1[1db1:f73f46d0] WccpApp.cpp:208 : Failover status active 0
    Aug  2 17:26:18 clientside3600 notice wccpd-1[1db1:f73f46d0] WccpApp.cpp:208 : Failover status active 1
    Aug  2 17:26:18 clientside3600 notice wccpd-1[1db1:f73f46d0] ServiceGroup.cpp:194 : Sending Wccp Capabilities Service group 75, Forwarding Type: L2, Return Type: L2, Assignment Type: MASK
    Aug  2 17:26:18 clientside3600 notice wccpd-1[1db1:f73f46d0] ServiceGroup.cpp:468 : Final Wccp Capabilities Service group 75, Redirection: L2, Return: L2, Traffic Assign: MASK
    Aug  2 17:26:18 clientside3600 notice wccpd-1[1db1:f73f46d0] ServiceGroup.cpp:615 : SESSION up
        
                    

Verifying WCCPv2 configuration for one-arm deployment

You can use the command line interface to verify the WCCPv2 configuration on the BIG-IP® system.
  1. Log on to the command-line interface using the root account.
  2. At the command prompt, type tmsh list net wccp, and verify the WCCP values you configured.
    A listing similar to the following appears.
                net wccp server-wccp
                  services
                    75
                       port-type dest
                       redirection-method l2
                       return-method l2
                       routers { 10.150.1.254 }
                       traffic-assign mask
                       tunnel-local-address 10.150.3.1
                       tunnel-remote-addresses { 10.150.2.1 }
                

Creating an iSession connection

You cannot view the Quick Start screen until you have defined at least one VLAN and at least one self IP on a configured BIG-IP® system that is provisioned for symmetric optimization.
Use the Quick Start screen to set up symmetric optimization for a one-arm deployment.
  1. Log in to the BIG-IP system that you want to configure.
    The default login value for both user name and password is admin.
  2. On the Main tab, click Acceleration > Quick Start > Symmetric Properties .
  3. In the WAN Self IP Address field, type the local endpoint IP address.
    In the example shown, this is 10.150.3.1.
  4. Verify that the Discovery setting is set to Enabled.
    If you disable the Discovery setting, or discovery fails, you must manually configure any remote endpoints and advertised routes.
  5. In the Select VLANs field, select the wan VLAN for both the LAN VLANs and WAN VLANs settings.
    You select only one VLAN, because the system has only a single connection to the WAN router or switch.
  6. Click Apply.
This example shows a completed Quick Start screen.
Example of completed Quick Start screen

Example of completed Quick Start screen

After you configure the iSession™ endpoints, use an iApp template to select the application traffic for optimization. Click Acceleration > Quick Start > Deploy Applications . Click Create, from the Template list select f5.replication, and follow the online instructions.

Validating iSession configuration in a one-arm deployment

At this point,you have finished configuring BIG-IP® systems at opposite sides of the WAN, and the systems have discovered their remote iSession™ endpoints.
Important: Use this task as a checkpoint to allow for troubleshooting before you complete the setup.
You can validate the configuration using the browser and command-line interfaces.
  1. Run diagnostics to verify the configuration.
    1. On the Main tab, click Acceleration > Symmetric Optimization > Diagnostics .
    2. Next to Diagnose WOM Configuration, click Run.
    3. Correct any configuration errors as indicated on the screen.
  2. Transfer data between the servers at the two sites, and verify that the transfer was successful.
  3. Using the command-line interface, enter tmsh show wom remote-endpoint all, and verify the remote endpoint IP address and the STATE: Ready message.
    The following listing is an example of the results for this command.
    -----------------------------------------------------------
    Remote endpoint: 10.150.2.1                   -----------
    -----------------------------------------------------------
    Status
        HOSTNAME: server_bridge3600.example.net
        MGMT ADDR: 192.X.X.X  VERSION: 11.4.0
        UUID: 195f:74a0:d242:eab6:57fe:c3a:c1d2:6e22
        enabled                      STATE: ready -----------
        BEHIND NAT: no
        CONFIG STATUS: none
        DEDUP CACHE: 43.5G
        REFRESH count: 0             REFRESH timestamp: 12/31/12 16:00:00
        ALLOW ROUTING: enabled
    
    -----------------------------------------------------------
        Endpoint Isession Statistic: _tunnel_data_10.150.2.1
    -----------------------------------------------------------
    Connections                        Current  Maximum   Total
        Connections OUT IDLE:                0        0       0
        Connections OUT ACTIVE:              1        1       1
        Connections IN ACTIVE:               0        0       0
    Direction                           Action      Raw     Opt
        Out (to WAN) bits        Deduplication      880    1.2K
        Out (to WAN) bits          Compression     1.2K    1.2K
    Direction                           Action      Opt     Raw
        In (from WAN) bits       Decompression   273.9M  273.8M
        In (from WAN) bits       Deduplication   272.6M  272.5M     
                        
  4. Using the browser interface, view the green status indicator on the Remote Endpoints screen.
  5. On the Main tab, click WAN Optimization > Dashboard , and view the traffic optimization data.

Configuring the Cisco router for a one-arm deployment using WCCPv2

To configure traffic redirection using Web Cache Communication Protocol version 2 (WCCPv2) for a one-arm deployment, follow these steps on the Cisco router.
  1. Configure the service ID that you configured on the BIG-IP® device.
    1. Enable WCCP globally.
    2. In Command mode, configure the service ID; for example, 75.
      In the example shown, the command line might look like the following.
      (config)#ip wccp 75
  2. Using the router interface that is connected to the client from which you want to redirect traffic, associate the VLAN with the service ID you configured.
    In the example shown, the command-line interface might look like the following.
                    (config)#interface vlan 254
                    (config)#ip wccp 75 redirect in
The following listing is an example of the information displayed for a Cisco router configured to redirect traffic to the BIG-IP system using WCCPv2.
Clientside_Top_switch#sh run
Building configuration...
Current configuration : 4848 bytes
version 12.2
no service pad
hostname Clientside_Top_switch
!
no aaa new-model 
switch 1 provision ws-c3750g-48ts
system mtu routing 1500
vtp mode transparent
ip subnet-zero
ip routing
ip wccp 75
!
interface GigabitEthernet1/0/4
 switchport access vlan 200
 switchport mode access
!
interface GigabitEthernet1/0/5
 switchport access vlan 100
 switchport mode access
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
 switchport access vlan 254
 switchport mode access
!
interface Vlan1
 ip address 192.31.3.161 255.255.255.0
!
interface Vlan100
 ip address 10.15.3.254 255.255.255.0
!
interface Vlan200
 ip address 10.15.2.254 255.255.255.0
!
interface Vlan254
 ip address 10.15.1.254 255.255.255.0
 ip wccp 75 redirect in
!                  
                    

Viewing pertinent configuration details from the command line

You can view details of the BIG-IP® iSession™ configuration from the command line.
  1. Log on to the command-line interface of the BIG-IP system using the root account.
  2. At the command prompt, type tmsh.
  3. At the command prompt, type list all-properties.
    The following listing is an example of the pertinent information displayed for a one-arm configuration.
    ltm profile tcp wom-tcp-lan-optimized {
        abc enabled
        ack-on-push enabled
        app-service none
        close-wait-timeout 5
        cmetrics-cache disabled
        congestion-control high-speed
        defaults-from tcp-lan-optimized
        deferred-accept disabled
        delay-window-control disabled
        delayed-acks disabled
        description none
        dsack disabled
        ecn disabled
        fin-wait-timeout 5
        idle-timeout 600
        init-cwnd 0
        init-rwnd 0
        ip-tos-to-client 0
        keep-alive-interval 1800
        limited-transmit enabled
        link-qos-to-client 0
        max-retrans 8
        md5-signature disabled
        md5-signature-passphrase none
        nagle enabled
        partition Common
        pkt-loss-ignore-burst 0
        pkt-loss-ignore-rate 0
        proxy-buffer-high 1228800
        proxy-buffer-low 98304
        proxy-mss disabled
        proxy-options disabled
        receive-window-size 65535
        reset-on-timeout enabled
        rfc1323 enabled
        selective-acks enabled
        selective-nack disabled
        send-buffer-size 65535
        slow-start disabled
        syn-max-retrans 3
        syn-rto-base 0
        tcp-options none
        time-wait-recycle enabled
        time-wait-timeout 2000
        verified-accept disabled
        zero-window-timeout 20000
    }
    ltm profile tcp wom-tcp-wan-optimized {
        abc enabled
        ack-on-push disabled
        app-service none
        close-wait-timeout 5
        cmetrics-cache enabled
        congestion-control high-speed
        defaults-from tcp-wan-optimized
        deferred-accept disabled
        delay-window-control disabled
        delayed-acks disabled
        description none
        dsack disabled
        ecn disabled
        fin-wait-timeout 5
        idle-timeout 600
        init-cwnd 0
        init-rwnd 0
        ip-tos-to-client 0
        keep-alive-interval 1800
        limited-transmit enabled
        link-qos-to-client 0
        max-retrans 8
        md5-signature disabled
        md5-signature-passphrase none
        nagle enabled
        partition Common
        pkt-loss-ignore-burst 8
        pkt-loss-ignore-rate 10000
        proxy-buffer-high 196608
        proxy-buffer-low 131072
        proxy-mss disabled
        proxy-options disabled
        receive-window-size 2048000
        reset-on-timeout enabled
        rfc1323 enabled
        selective-acks enabled
        selective-nack enabled
        send-buffer-size 2048000
        slow-start disabled
        syn-max-retrans 3
        syn-rto-base 0
        tcp-options none
        time-wait-recycle enabled
        time-wait-timeout 2000
        verified-accept disabled
        zero-window-timeout 300000
    }
    ltm virtual isession-virtual {
        app-service none
        auth none
        auto-lasthop default
        clone-pools none
        cmp-enabled yes
        connection-limit 0
        description none
        destination 10.150.3.1:any
        enabled
        fallback-persistence none
        gtm-score 0
        http-class none
        ip-protocol tcp
        last-hop-pool none
        mask 255.255.255.255
        mirror disabled
        nat64 disabled
        partition Common
        persist none
        pool none
        profiles {
            isession {
                context clientside
            }
            wom-default-clientssl {
                context clientside
            }
            wom-tcp-lan-optimized {
                context serverside
            }
            wom-tcp-wan-optimized {
                context clientside
            }
        }
        rate-class none
        rules none
        snat none
        source-port preserve
        traffic-classes none
        translate-address enabled
        translate-port disabled
        vlans none
        vlans-disabled
    }
    net interface 1.1 {
        app-service none
        description none
        enabled
        flow-control tx-rx
        force-gigabit-fiber disabled
        mac-address 0:1:d7:79:9a:84
        media none
        media-active 1000T-FD
        media-fixed auto
        media-max 1000T-FD
        media-sfp auto
        mtu 1500
        prefer-port sfp
        stp enabled
        stp-auto-edge-port enabled
        stp-edge-port true
        stp-link-type auto
        vendor none
    }
    net route def {
        description none
        gw 10.150.3.254
        mtu 0
        network default
        partition Common
    }
    net self "clientside Self" {
        address 10.150.3.1/24
        allow-service none
        app-service none
        description none
        floating disabled
        inherited-traffic-group false
        partition Common
        traffic-group traffic-group-local-only
        unit 0
        vlan wan
    }
    net vlan wan {
        app-service none
        auto-lasthop default
        description none
        failsafe disabled
        failsafe-action failover-restart-tm
        failsafe-timeout 90
        interfaces {
            1.1 {
                app-service none
                untagged
            }
        }
        learning enable-forward
        mtu 1500
        partition Common
        source-checking disabled
        tag 4094
    }
    sys datastor {
        cache-size 1066
        description none
        disk enabled
        high-water-mark 90
        low-water-mark 80
        store-size 97152
    }
    sys disk application-volume datastor {
        logical-disk HD1
        owner datastor
        preservability discardable
        resizeable false
        size 97152
        volume-set-visibility-restraint none
    }
    sys management-route default {
        app-service none
        description none
        gateway 192.31.3.129
        mtu 1500
        network default
    }
    sys provision wom {
        app-service none
        cpu-ratio 0
        description none
        disk-ratio 0
        level nominal
        memory-ratio 0
    }
    sys provision woml {
        app-service none
        cpu-ratio 0
        description none
        disk-ratio 0
        level none
        memory-ratio 0
    }
    wom deduplication {
        description none
        dictionary-size 256
        disk-cache-size 97152
        enabled
        max-endpoint-count 1
    }
    wom endpoint-discovery {
        auto-save enabled
        description none
        discoverable enabled
        discovered-endpoint enabled
        icmp-max-requests 1024
        icmp-min-backoff 5
        icmp-num-retries 10
        max-endpoint-count 0
        mode enable-all
    }
    wom local-endpoint {
        addresses { 10.150.3.1 }
        allow-nat enabled
        description none
        endpoint enabled
        ip-encap-mtu 0
        ip-encap-profile { /Common/default-ipsec-policy-isession }
        ip-encap-type ipsec
        no-route passthru
        server-ssl serverssl
        snat none
        tunnel-port https
    }
    wom profile isession isession-http {
        adaptive-compression enabled
        app-service none
        compression enabled
        compression-codecs { deflate lzo bzip2 }
        data-encryption disabled
        deduplication enabled
        defaults-from isession
        deflate-compression-level 1
        description none
        mode enabled
        partition Common
        port-transparency enabled
        reuse-connection enabled
        target-virtual virtual-match-all
    }
    wom remote-endpoint 10.150.2.1 {
        address 10.150.2.1
        allow-routing enabled
        app-service none
        description none
        endpoint enabled
        ip-encap-mtu 0
        ip-encap-profile none
        ip-encap-type default
        origin manually-saved
        server-ssl none
        snat default
        tunnel-encrypt enabled
        tunnel-port https
    }
    wom server-discovery {
        auto-save enabled
        description none
        filter-mode exclude
        idle-time-limit 0
        ip-ttl-limit 5
        max-server-count 50
        min-idle-time 0
        min-prefix-length-ipv4 32
        min-prefix-length-ipv6 128
        mode enabled
        rtt-threshold 10
        subnet-filter none
        time-unit days
    }
                        

Implementation result

After you complete the tasks in this implementation, the BIG-IP® system is configured in a one-arm deployment. For symmetric optimization, you must also configure the other side of the WAN. The other BIG-IP deployment can be in bridge, routed, or one-arm mode.