Table Of ContentAgility 2018 Hands-on Lab Guide
F5 Application Delivery Controller Solutions
F5 Networks, Inc.
2
Contents:
1 Class1: IntroductiontoADCDeploymentswithBIG-IPLTM 5
2 Class2: BuildingtheF5Fabric 25
3 Class3: BIG-IP®LocalTrafficManager(LTM)-v13.1LabGuide 57
4 Class4: TroubleshootwithtcpdumpandWireshark 107
5 ResilientDataCenterArchitectureswithF5BIG-IP 123
3
4
1
Class 1: Introduction to ADC Deployments with BIG-IP LTM
Welcome to the ADC Deployments with BIG-IP LTM hands-on lab session. These labs are intended to
guide you through creating basic ADC deployments and completing common administrative tasks. This
guide is intended to complement lecture material provided during the ADC Deployments with BIG-IP LTM
aswellasareferenceguidethatcanbereferredtoaftertheclass.
1.1 Lab Network Setup
Intheinterestoffocusingasmuchtimeaspossibleconfiguringyourapplicationdeliverycontroller,wehave
providedsomeresourcesandbasicsetupaheadoftime. Theseare:
• Cloud-based lab environment complete with a Windows workstation, a virtual BIG-IP (VE), a virtual
BIG-IQ acting as a logging node, a virtual BIG-IQ acting as a management node, and a back-end
bankingapplicationrunningonaLinuxwebserver.
• ThevirtualBIG-IPhasbeenpre-licensed
Ifyouwishtoreplicatetheselabsinyourofficeyouwillneedtoperformthesestepsaccordingly. Additional
labresourcesareprovidedasillustratedinthediagramonthenextpage.
Toaccessthelabenvironment,youwillrequireawebbrowserandRemoteDesktopProtocol(RDP)client
software. The web browser will be used to access the lab training portal. The RDP client will be used to
connect to a Windows workstation, where you will be able to access the BIG-IP and BIG-IQ management
interfaces(HTTPS,SSH).
Youclassinstructorwillprovideadditionallabaccessdetails.
5
1.1.1 Lab Diagram
1.1.2 Timing for Labs
Thetimeittakestoperformeachlabvariesandismostlydependentonaccuratelycompletingsteps. This
cannever beaccurately predictedbut westrived toderive anestimate amongseveral peopleeach having
adifferentlevelofexperience. Belowisanestimateofhowlongitwilltakeforeachlab:
LABName(Description) TimeAllocated
LAB1–ConfigureVirtualServersandPools 35minutes
LAB2–WorkwithSNAT,Profiles,andMonitors 45minutes
LAB3–UseSSLOffload,BestPractices,andiApps 40minutes
LAB4–ConfigureHighAvailability 30minutes
1.2 Module 1: BIG-IP LTM Basic Configuration
InthismoduleyouwilllearnthebasicsofconfiguringBIG-IPLocalTrafficManager
1.2.1 Lab 1: Configure Virtual Servers and Pools
In this lab you will explore the BIG-IP configuration utility, create your first web application, and configure
differenttypesofvirtualserversandloadbalancingmethods.
Task1–ConnecttoRavelloandExaminetheBIG-IPConfigurationUtility
1. Use a browser to access http://IP_address with the IP address supplied by your instructor, and log
inusingtheusernameandpasswordsuppliedbyyourinstructor.
6
2. ForADCImplementationswithLTMclickView.
3. CopytheIPaddressoftheWindows7ExternalVM,andthenuseRDPtoaccesstheIPaddress.
4. LogintotheWindowsworkstationasexternal_user/password.
5. OpenChromeandclicktheBIGIP_Abookmark.
6. LogintotheBIG-IPsystemasadmin/admin.
7. FromtheleftmenuselectLocalTraffic.
TheLocalTrafficmenuiswheremostADCfunctionsareperformed.
8. FromtheleftmenuselectNetwork.
TheNetworkmenuiswhereyouconfigureelementsforroutingandswitching.
9. FromtheleftmenuselectSystem.
TheSystemmenuiswhereyouconfigureDNSandNTPsettings,managelicensing,performsoftware
updates,andimportSSLcertificates.
10. OpentheNetwork>VLANs>VLANListpage.
Two VLANs were already created, an external VLAN for outside access, and an internal VLAN for
accesstotheinternalnetwork.
11. OpentheNetwork>SelfIPs>SelfIPListpage.
This BIG-IP system is configured with four self IP addresses. Each VLAN has a standard self IP
address(endingin.241)andafloatingselfIPaddress(endingin.240). We’llusethefloatingselfIP
addressesduringthehighavailabilityexercise.
12. OpentheNetwork>Routespage.
This BIG-IP system is configured with a default gateway route for outbound internet access (on
10.1.10.1).
Task2–CreateaBasicWebApplication
Examinethelabdiagramonpage2. We’llbecreatingawebapplicationforanapplicationthatisstoredon
threewebservers(at10.1.20.11–10.1.20.13).
1. OpentheLocalTraffic>Pools>PoolListpageandclickCreate.
2. Usethefollowinginformationforthenewpool. Forfieldsthatarenotspecified,leavethemsettothe
defaultsettings.
7
Formfield Value
Name http_pool
NewMembers NodeName: node1Address: 10.1.20.11ServicePort: 80(ClickAdd)
NodeName: node2Address10.1.20.12ServicePort: 80(ClickAdd)
NodeName: node3Address: 10.1.20.13ServicePort: 80(ClickAdd)
3. ClickFinished.
4. OpentheLocalTraffic>VirtualServers>VirtualServerListpageandclickCreate.
5. Usethefollowinginformationforthenewvirtualserver,andthenclickFinished.
Formfield Value
Name http_virtual
DestinationAddress/Mask 10.1.10.20
ServicePort 80
Resources>DefaultPool http_pool
6. Useanewtabtoaccesshttp://10.1.10.20.
7. UseCtrl+F5toreloadthepageseveraltimes.
Youcanseethatpageelementsarecomingfromallthreewebservers. That’sallittakestocreatea
basicwebapplicationontheBIG-IPsystem.
8. Closethetab.
9. IntheConfigurationUtility,opentheLocalTraffic>Pools>Statisticspage.
10. Expandthehttp_poolbyclickingonthe+icon.
YouusetheStatisticspagetoidentifytheamountoftrafficsenttothepoolmembers. Noticethatthe
requestsareevenlydistributedacrossallthreewebservers.
11. Selectthehttp_poolcheckbox,andthenclickReset.
Task3–CreateaForwardingVirtualServer
1. Useanewtabtoattemptdirectaccesstoaninternalwebserverathttp://10.1.20.41.
Currently you are unable to access resources on the internal network from the external Windows
workstation.
8
2. OpentheStartmenuandtypecmd,thenright-clickcmd.exeandselectRunasadministrator,and
thenclickYes.
3. Atthecommandprompt,type(orcopyandpaste):
route add 10.1.20.0 mask 255.255.255.0 10.1.10.241
This adds a route to the 10.1.20.0 network through the external self IP address (10.1.10.241) of the
BIG-IPsystem.
4. Reloadthepagedirectedathttp://10.1.20.41.
The request fails again, as the BIG-IP system does not have a listener to forward this request to the
internalnetwork.
5. IntheConfigurationUtility,opentheLocalTraffic>VirtualServers>VirtualServerListpageand
clickCreate.
6. Usethefollowinginformationforthenewvirtualserver,andthenclickFinished.
Formfield Value
Name forward_virtual
Type Forwarding(IP)
DestinationAddress/Mask 10.1.20.0/24
ServicePort *AllPorts
Protocol *AllProtocols
Thisvirtualserverprovidesaccesstothe10.1.20.0/24networkonallportsandallprotocols.
7. Reloadthepagedirectedathttp://10.1.20.41.
Therequestissuccessful. TheBIG-IPsystemdoesn’tactasafullproxy, itsimplyforwardsrequests
totheinternalnetwork.
8. EdittheURLtohttps://10.1.20.32.
9. GotoStart>RemoteDesktopConnection.
10. ClickShowOptions,thenselecttheDisplaytab,thenchangetheDisplayconfigurationto1024by
768.
11. OpentheGeneraltabandconnectto10.1.20.251andloginasadministrator/password.
12. OntheWindowsServerimagegotoStart>Logoff.
Younowhaveaccesstoallportsandallprotocolsonthe10.1.20.0network.
Task4–CreateaRejectVirtualServer
1. IntheConfigurationUtility,ontheVirtualServerListpageclickCreate.
2. Usethefollowinginformationforthenewvirtualserver,andthenclickFinished.
Formfield Value
Name reject_win_server
Type Reject
DestinationAddress/Mask 10.1.20.251
ServicePort *AllPorts
Protocol *AllProtocols
9
3. OntheLoraxIntranettabclickCorporateTools,andthenclosethetab.
4. GotoStart>RemoteDesktopConnectionandconnectto10.1.20.251.
Although you still have access to the 10.1.20.0 network, you no longer have access to 10.1.20.251
(theWindowsServer).
5. ClosetheRemoteDesktopConnectionwindow.
6. Inthecommandprompttypethefollowing,andthenclosethecommandprompt.
route DELETE 10.1.20.0
7. In the Configuration Utility, select the forward_virtual and reject_win_server checkboxes and then
clickDeleteandDeleteagain.
Task5–UseDifferentPoolOptions
1. OpentheLocalTraffic>Pools>PoolListpageandclickhttp_pool,andthenopentheMembers
page.
Currentlythepoolisusingthedefaultloadbalancingmethod: RoundRobin.
2. FromtheLoadBalancingMethodlistselectRatio(member),andthenclickUpdate.
3. ExaminetheCurrentMemberssection.
Currentlyallthreepoolmembershavethesameratiovalue(1).
4. Clicknode1:80,thenchangetheratiovalueto10,andthenclickUpdate.
5. AtthetopofthepageclickMembers,thenclicknode2:80,thenchangetheratiovalueto5,andthen
clickUpdate
6. ClickMembersagainandexaminetheCurrentMemberssection.
7. Use an incognito window to access http://10.1.10.20, then type Ctrl + F5 at least 10 times to reload
thepage,andtheclosethepage.
8. IntheConfigurationUtility,atthetopofthepageclickStatistics.
Requestsarenowbeingdistributedtothethreepoolmembersina10–5–1ratio.
1.2.2 Lab 2: Work with SNAT, Profiles, and Monitors
InthislabyouwillexperimentwithusingSNATAutoMapforinboundrequestsaswellasoutboundrequests
frominternalusers. You’llalsouseanHTTPandstreamprofiletomakeglobalmodificationstotextwithina
website. Finallyyou’llseehowusinghealthmonitorsensuresthatyoutheBIG-IPknowswhichwebservers
areavailableforclientrequests.
10
