Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
409 views11 pages

F5 Training Lab Guide

This document provides instructions for setting up an F5 load balancer deployment with one arm topology. It includes IP addresses for the F5 devices and backend servers. It also outlines several labs for initial configuration tasks like licensing, provisioning, platform setup, network configuration, monitor/pool/virtual server creation, persistence profiles, content switching, and SSL offloading. The goal is to configure basic local traffic management and load balancing functionality on the F5 devices.

Uploaded by

Brayan Anggita Linuwih
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
409 views11 pages

F5 Training Lab Guide

This document provides instructions for setting up an F5 load balancer deployment with one arm topology. It includes IP addresses for the F5 devices and backend servers. It also outlines several labs for initial configuration tasks like licensing, provisioning, platform setup, network configuration, monitor/pool/virtual server creation, persistence profiles, content switching, and SSL offloading. The goal is to configure basic local traffic management and load balancing functionality on the F5 devices.

Uploaded by

Brayan Anggita Linuwih
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

F5 Lab Guide

Network Design #one arm deployment

IP information:
F5 IP management:  10.2.60.160
 F501: https://10.2.70.62
 F502: https://10.2.70.63 Pool members / Real server
 F503: https://10.2.70.75  10.2.70.68:1010
 User: admin  10.2.70.68:2020
 Password: admin  10.2.70.68:3030
 10.2.70.68:4040
Available IP for F5:  10.2.70.68:5050
 10.2.60.150
 10.2.60.151 Fallback Host
 10.2.60.153  10.2.70.68:8080
 10.2.60.154
 10.2.60.155
 10.2.60.156
 10.2.60.157
 10.2.60.158
 10.2.60.159
Lab 1a BIG-IP Licensing
Objectives: Activating F5 License
Tasks:
1. login to F5 (usr: admin pass: admin)
2. Click “next” button
3. click “Activate button”
4. set the Activation Method to “manual”
5. Copy "Dossier" on "Step 1: Dossier" filed, and click "Step2 Click here to access F5 Licensing Server".
6. Paste the Dossier which you copied into "Enter your dossier" field, and push "Next" button.
7. Accept User Legal Agreement, turn on the check box, and click "Next" button.
8. Copy all of license text or download it as a file.
9. Paste the license which you get to "Step3: License" field. click "Next" button.

Lab 1b Resource provisioning


Objectives: allocating resources for BIG-IP modules
Tasks:
1. in the configuration utility, navigate to system>> provision
2. set the provisioning setting of the LTM & GTM modules to “nominal”, leave other as default, and
click "Next" button

Lab 1c Platform Configuration


Objectives: configuring BIG-IP platform ( management IP, host name, time zone & account credential)
Tasks:
1. in the configuration utility navigate to system>> platform
2. In the General Properties section, enter the following,:
host name for F501: f5lab01.com
For F502: f5lab02.com
time zone Asia/Jakarta

3. In the User Administration section, enter the following:


root password default
admin password admin

4. leave other as default


5. when complete click “Update”
6. in the advanced Network Configuration section click “finished”

Lab 1d Network Configuration


Objectives: Create vlan interface, self ip and route
Tasks:
Create Vlan Interface
1. in the configuration utility navigate to network >> Vlans >> vlan list >> create
2. In the General Properties section, enter the following:
name VLAN119
Tag leave default

3. In the Resources section, enter the following:


interfaces 1.1 untagged

4. leave other as default


5. when complete click “Finished”

Configure Self IP
1. in the configuration utility navigate to network >> selfips >> self ip list >> create
2. In the Configuration section, enter the following:
Name SELF_VLAN119
IP Address F501: 10.2.60.150
F502: 10.2.60.151
Netmask 255.255.255.0
VLAN / Tunnel VLAN119

3. leave other as default


4. when complete click “Finished”

Configure Default Route:


1. in the configuration utility navigate to Network >> Routes >> Add
2. In the Properties section, enter the following:
Name DEFAULT_ROUTE
Destination 0.0.0.0
Netmask 0.0.0.0
Resource Use Gateway
Gateway Address IP Address: 10.2.60.254
MTU 1500

3. leave other as default


4. when complete click “Finished”

Lab 2a Monitor
Objectives: create custom http monitor
Tasks:
1. in the configuration utility navigate to Local Traffic >> Monitors >> Create
2. In the General Properties section, enter the following:
Name http_monitor
type http
Send String GET /index.html /r/n
Receive String F5 monitor

3. leave other as default


4. when complete click “Finished”

Lab 2b Pool
Objectives: Create Pool
Tasks:
1. in the configuration utility navigate to Local Traffic >> Pools >> Pool List >> Create
2. In the Configuration section, enter the following:
Name http_pool
Health Monitors http_monitor

3. In the Resources section, enter the following:


Load Balancing Method Round Robin
New Members Add the following Server:
10.2.70.68:1010
10.2.70.68:2020
10.2.70.68:3030
10.2.70.68:4040
10.2.70.68:5050

4. leave other as default


5. when complete click “Finished”

Lab 3 Virtual Server


Objectives: Create Pool
Tasks:
1. in the configuration utility navigate to Local Traffic >> Virtual Severs >> Virtual Server List >> Create
2. In the General Properties section, enter the following:
Name http_virtual_server
type standard
Destination F501: 10.2.60.160
F502: 10.2.60.159
Service Port 80

3. In the Configuration section, enter the following:


Source Address Translation Auto Map

4. In the Configuration section, enter the following:


Default Pool http_pool

5. leave other as default


6. when complete click “Finished”
7. Access the application service by enters URL: 10.2.60.160 for F501 or 10.2.60.159 for F502 in the
web browser.
Lab 4 Persistence Profile
Objectives: Create source address persistence profile & associate to virtual server

Tasks:

Create Persistence Profile

1. in the configuration utility navigate to Local Traffic >> Profiles >> Persistence >> Create
2. In the General Properties section, enter the following:
Name source_addr_custom
Persistence Type Source Address Affinity
Parent Profile Source_addr

3. In the Configuration section, enter the following:


Timeout 600
4. leave other as default
5. when complete click “Finished”

Associate http & oneconnect profile to virtual server:


1. in the configuration utility navigate to Local Traffic >> Virtual Severs >> Virtual Server List >> click
http_virtual_server >> resources
2. In the Load Balancing section, enter the following:
Default Persistence Profile source_addr_custom

3. when complete click “Update”


4. Access the application service again by enters URL: 10.2.60.160 for F501 or 10.2.60.159 for F502 in
the web browser.

Lab 5 Content Switching Load Balancing & X-Forwarded-For


Objectives: configure content switching load balancing & insert real Client IP address on theHTTP header

Tasks:

Configure HTTP profile

1. in the configuration utility navigate to Local Traffic >> Profiles >> Services >> http >> Create
2. In the General Properties section, enter the following:
Name http_custom
Parent Profile http

3. In the Settings section, enter the following:


Insert X-Forwarded-For enabled
4. leave other as default
5. when complete click “Finished”
Configure OneConnect Profile

1. in the configuration utility navigate to Local Traffic >> Profiles >> Other >> OneConnect >> Create
2. In the General Properties section, enter the following:
Name oneconnect_custom
Parent Profile oneconnect

3. In the Settings section, enter the following:


source mask 255.255.255.0
4. leave other as default
5. when complete click “Finished”

Associate http & oneconnect profile to virtual server:


1. in the configuration utility navigate to Local Traffic >> Virtual Severs >> Virtual Server List >> click
http_virtual_server
2. In the Configuration section, enter the following:
HTTP Profile http_custom

3. In the Acceleration section, enter the following:


OneConnect Profile oneconnect_custom
4. when complete click “update”
5. Access the application service by enters URL: 10.2.60.160 for F501 or 10.2.60.159 for F502 in the
web browser.

Lab 6 SSL Offload


Objectives: configure SSL Offload profile & associate to virtual server

Tasks:

Import SSL Certificate

1. in the configuration utility navigate to system >> file management >> SSL Certificate List >> import
2. In the SSL Certificate/Key Sourcesection, enter the following:
Import Type certificate
Certificate Name Create New
wilcard.f5lab.com
Certificate Source Upload File from local computer

3. when complete click “Import”


4. In the SSL Certificate/Key Sourcesection, enter the following:
Import Type key
Certificate Name Create New
wilcard.f5lab.com
Certificate Source Upload File from localcomputer
5. when complete click “Import”
Create Client SSL Profile

6. in the configuration utility navigate to Local Traffic >> Profiles >> SSL >> Client >> Create
7. In the General Properties section, enter the following:
Name wilcard.f5lab.com
Parent Profile clientssl
Certificate Key Chain Key certificate: wilcard.f5lab.com
key: wilcard.f5lab.com

8. On the Certificate Key Chain Key click “Add”


9. leave other as default
10. when complete click “Finished”

Associate client SSL profile to virtual server:

1. in the configuration utility navigate to Local Traffic >> Virtual Severs >> Virtual Server List >> click
http_virtual_server
2. In the Configuration section, enter the following:
SSL Profile (Client) wilcard.f5lab.com

3. when complete click “update”


4. Access the application service by enters URL: https://10.2.60.160 for F501 or https://10.2.60.159 for
F502 in the web browser.

Lab 7 Maintenance Page / Sorry Page


Objectives: configure fallback host using http profile or irules

Tasks:

http profile fallback host

1. in the configuration utility navigate to Local Traffic >> Profiles >> Services >> http >> click
http_custom
2. In the Settings section, enter the following:
fallback host http://10.2.70.68:8080
3. leave other as default
4. when complete click “update”
5. disable all member on http_pool
6. Access the application service again by enters URL: https://10.2.60.160 for F501 or
https://10.2.60.159 for F502 in the web browser.

iRules maintenance page

1. in the configuration utility navigate to Local Traffic >> virtual servers >> click http_virtual_server >>
Resources >> iRules >> manage
2. In the iRules section, enter the following:
iRules maintenance_page

3. leave other as default


4. when complete click “Finished”
5. Access the application service by enters URL: https://10.2.60.160 for F501 or https://10.2.60.159 for
F502 in the web browser

Lab 8 High Availability


Objectives: configure availability

Tasks:

Modify self ip port lockdown on F501 and F502

1. in the configuration utility navigate to network >> selfips >> self ip list >>click SELF_VLAN119
2. In the Configuration section, modify the following:
port lock down allow default

3. leave other as default


4. when complete click “update”

configure network failover and configSync on F501 and F502

1. in the configuration utility navigate to Device Management >> devices >> click the device name
>> navigate to device connectivity tab >> configSync
2. In the ConfigSync Configuration section, enter the following:
Local Address VLAN119

3. when complete click “update”


4. navigate to device connectivity tab >> Network Failover
5. In the Failover Unicast Configuration section, add the following:
Address: VLAN119
port 1026

6. leave other as default


7. when complete click “update”

Configure trust domain / Add peer just for F501


1. in the configuration utility navigate to Device Management >> devices Trust >> peer list >>Add
2. In the Remote Device Credentialssection, enters the following:
Device IP Address 10.2.60.151
Administrator Username admin
Administrator Password admin

3. when complete click “Retreive device Credentials”


Lab 9 GTM Zone Runner
Objectives: Configure GTM as traditional DNS server

Tasks:

Create GTM Listener

1. in the configuration utility navigate to DNS >> Delivery >> listeners >> listener list >> Create
2. In the General section, enters the following:
Name GTM_LISTENER

3. In the Listener section, enters the following:


Destination F501: 10.2.60.150
F502: 10.2.60.151

4. leave other as default


5. when complete click “Finished”

Create Zone & DNS record

1. in the configuration utility navigate to DNS >> Zones >> ZoneRunner >> Zone List >> Create
2. In the General Properties section, enter the following:
View Name external
Zone Name f5lab.com.

3. In the Configuration section, enters the following:


Records Creation Method manual
Zone File Name db.external.f5lab.com

4. In the Records Creation section, enter the following:


SOA Record TTL 86400
Master Server ns1.f5lab.com
Email Contact hostmaster.f5lab.com
NS Record TTL 3600
Nameserver ns1.f5lab.com
A Record F501: 10.2.60.150
F502: 10.2.60.151

5. leave other as default


6. when complete click “Finished”

Create A record

1. in the configuration utility navigate to DNS >> Zones >> ZoneRunner >> Resource Record List >>
Create
2. In the Record Configuration section, enters the following:
View Name external
Zone Name f5lab.com.
name www.f5lab.com
TTL 300
Type A
IP Address F501: 10.2.60.160
F502: 10.2.60.159

3. leave other as default


4. when complete click “Finished”
5. pointing NS to GTM listener and test

Lab 10 GTM WideIP Active-Active DC


Objectives: Configure GTM as Intelligence DNS server

F501 as DC & F502 as DRC

Tasks:

Create data center on F501

1. in the configuration utility navigate to DNS >> GSLB >> Data Centers >> Data Center List >>
Create
2. In the General Propertiessection, enters the following:
Name DC
Location DC

3. leave other as default


4. when complete click “Finished”
5. repeat step 1 to 4 for create DRC data center

Create server on F501

1. in the configuration utility navigate to DNS >> GSLB >> Servers >> Server List >> Create
2. In the General Propertiessection, enter the following:
Name F5_DC
Product BIG-IP Systems (single)
Address 10.2.60.150 >> Add
Data Center DC

3. In the Configurationsection, enters the following:


Health Monitors bigip

4. In the Resources section, enters the following:


Virtual Server Discovery enable
5. leave other as default
6. when complete click “Create”
7. repeat step 1 to 6 for create DRC F5 server

create Load balancing pool


1. in the configuration utility navigate to DNS >> GSLB >> Pools >> Pool List >> Create
2. In the General Properties section, enter the following:
Name www.f5lab.com

3. In the Members section, enters the following


Load Balancing Method Preferred: Round Robin
Alternate: Round Robin
Fallback: None
Virtual Server DC:10.2.60.160
DRC:10.2.60.159

4. leave other as default


5. when complete click “Finished”

Configure GTM synchronization

1. in the configuration utility navigate to DNS >> Settings >> GSLB >> General
2. In the Configuration Synchronizationsection, enter the following:
Synchronize checked
Time Tolerance 300
Synchronize DNS Zone Files checked

3. leave other as default


4. when complete click “Finished”

Replicate configuration to F502

1. login to ssh wit user root and password default


2. type gtm_add 10.2.60.150

verify dns response using nslookup

You might also like