Dell 3-DNS Especificaciones

BIG-IP® Reference Guideversion 4.2MAN-0044-01

TableofContentsxUsing network-based fail-over ...6-9

Chapter 4: Configuring the High-Level Network4-20To configure a monitor for a UC Davis SNMP agent, using default CPU, memory threshold, and disk use v

PoolsBIG-IP® Reference Guide 4-21be confined to that group. If the number of available nodes in the highest priority group goes below the minimum numb

Chapter 4: Configuring the High-Level Network4-22The BIG-IP tracks information about individual persistent connections, and keeps the information only

PoolsBIG-IP® Reference Guide 4-23Simple persistenceSimple persistence tracks connections based only on the client IP address. When a client requests a

Chapter 4: Configuring the High-Level Network4-24For example, if you want to set simple persistence on the pool my_pool, type the following command:b

PoolsBIG-IP® Reference Guide 4-25You can turn off a persist mask for a pool by using the none option in place of the simple_mask mask. To turn off the

Chapter 4: Configuring the High-Level Network4-26To activate Insert mode from the command lineTo activate Insert mode from the command line, use the f

PoolsBIG-IP® Reference Guide 4-276. Type the timeout value in days, hours, minutes, and seconds. This value determines how long the cookie lives on th

Chapter 4: Configuring the High-Level Network4-28Alternatively, you can perform the encoding using the following equation for address (a.b.c.d): d*(25

PoolsBIG-IP® Reference Guide 4-29To configure the cookie persistence hash option using theConfiguration utilityBefore you follow this procedure, you m

TableofContentsBIG-IP® Reference Guide xivlan ...

Chapter 4: Configuring the High-Level Network4-30The <cookie_name>, <cookie_value_offset>, and <cookie_value_length> values are desc

PoolsBIG-IP® Reference Guide 4-314. Click the SSL button.5. In the Timeout box, type the number of seconds that the BIG-IP should store SSL session ID

Chapter 4: Configuring the High-Level Network4-32packet for one of the different types of SIP final messages. A default timeout value exists, which is

PoolsBIG-IP® Reference Guide 4-33To activate destination address affinity using theConfiguration utilityYou can only activate destination address affi

Chapter 4: Configuring the High-Level Network4-34Hash modeWhen configured in hash mode, a WTS server does not participate in a session directory; that

PoolsBIG-IP® Reference Guide 4-35To create a virtual server from the command lineTo create a virtual server that uses the pool my_cluster_pool, use th

Chapter 4: Configuring the High-Level Network4-363. Click the Allow Persistence Across All Ports for Each Virtual Address check box. (To disable this

PoolsBIG-IP® Reference Guide 4-37To activate persistence across all virtual servers using theConfiguration utility1. In the navigation pane, click the

Chapter 4: Configuring the High-Level Network4-38Using IP addresses and Fully Qualified Domain NamesWhen redirecting traffic to a fallback host, you c

PoolsBIG-IP® Reference Guide 4-39Using format strings (expansion characters)To allow HTTP redirection to be fully configurable with respect to target

TableofContentsxiiRemoving and returning items to service ...11-14Removing th

Chapter 4: Configuring the High-Level Network4-40Table 4.8 shows some sample redirection specifications, their explanations, and their resulting redir

PoolsBIG-IP® Reference Guide 4-41Rewriting HTTP redirectionSometimes, a client request is redirected from the HTTPS protocol to the HTTP protocol, whi

Chapter 4: Configuring the High-Level Network4-4211. Start the World Wide Web Publishing Service by typing net start w3svc at a command prompt, or by

PoolsBIG-IP® Reference Guide 4-43The rule variables that can be used for header insertion are:• client_addr• client_port• server_addr• server_port• li

Chapter 4: Configuring the High-Level Network4-44Quality of Service (QoS) levelAnother attribute of a pool is the Quality of Service (QoS) level. The

PoolsBIG-IP® Reference Guide 4-45Figure 4.14 shows how to configure a pool so that a ToS level is set for a packet sent to that pool. In this example,

Chapter 4: Configuring the High-Level Network4-46To disable a SNAT or NAT connection for a pool from thecommand lineb pool <pool_name> modify {

PoolsBIG-IP® Reference Guide 4-47Figure 4.16 shows the resulting entries in the /config/bigip.conf file.Figure 4.16 Sample entries in the /config/bi

Chapter 4: Configuring the High-Level Network4-48Forwarding pools are typically used with wildcard virtual servers or network virtual servers only. Wh

RulesBIG-IP® Reference Guide 4-49RulesAs described in the Pools section, a pool may be referenced directly by the virtual server, or indirectly throug

Introduction• IMPORTANT HARDWARE INFORMATION• Getting started• Using the Administrator Kit• What’s new in version 4.2• Learning more about the BIG-IP

Chapter 4: Configuring the High-Level Network4-50Rule-based pool selectionTable 4.9 lists the various criteria you can use when creating a rule to sel

RulesBIG-IP® Reference Guide 4-51Rules normally run right after the BIG-IP receives a packet that does not match a current connection. However, in the

Chapter 4: Configuring the High-Level Network4-52IP addressesYou can specify the client_addr or the server_addr variable within a rule to select a poo

RulesBIG-IP® Reference Guide 4-53To configure a rule to select a pool based on an IP protocol number, use the syntax shown in the example in Figure 4.

Chapter 4: Configuring the High-Level Network4-54To configure a rule to select a pool based on the ToS level of a packet, you can use the ip_tos rule

RulesBIG-IP® Reference Guide 4-55Using the one of operator instead, you can cause BIG-IP to load balance all incoming AOL connections to the pool aol_

Chapter 4: Configuring the High-Level Network4-56Figure 4.28 shows the resulting numeric type of class: Figure 4.28 An example of a numeric type of c

RulesBIG-IP® Reference Guide 4-57indicated node address and port. When a rule returns both a pool and a node, the BIG-IP does not do any additional lo

Chapter 4: Configuring the High-Level Network4-58The preceding rule applies the format string to the URL. In this case, the format string sets the pro

RulesBIG-IP® Reference Guide 4-59• Subjects that stay the same are called constant operands. A question, or expression, asks questions about variable

Chapter 4: Configuring the High-Level Network4-60case of a rule containing questions about an HTTP request, the rule is evaluated in the context of th

RulesBIG-IP® Reference Guide 4-61OperatorsIn a rule, relational operators compare two operands to form relational expressions. Possible relational ope

Chapter 4: Configuring the High-Level Network4-62Cache statementsA cache statement may be either the only statement in a rule or it may be nested with

RulesBIG-IP® Reference Guide 4-632. Click the Add button.The Add Rule screen opens. 3. In the Add Rule screen, fill in the fields to add a rule.You ca

Chapter 4: Configuring the High-Level Network4-64Configuring a remote origin serverTo ensure that a remote origin server or cache server responds to t

RulesBIG-IP® Reference Guide 4-65Additional rule examplesThis section contains additional examples of rules including:• Cookie rule• Language rule• Ca

Chapter 4: Configuring the High-Level Network4-66Cache ruleFigure 4.34 shows an example of a rule that you can use to send cache content, such as .gif

RulesBIG-IP® Reference Guide 4-67Rule using the ip_protocol variableFigure 4.36 shows a rule that uses the ip_protocol variable. Rule using IP address

Chapter 4: Configuring the High-Level Network4-68Rule using the one of operatorA good use of the one of operator in a rule is when you have a class su

Virtual serversBIG-IP® Reference Guide 4-69Virtual serversA virtual server with its virtual address is the visible, routable entity through which node

IntroductionBIG-IP® Reference Guide Intro - 1IMPORTANT HARDWARE INFORMATIONReferences to hardware and upgrades contained in this document are specific

Chapter 4: Configuring the High-Level Network4-70Standard virtual serversA standard virtual server represents a specific site, such as an Internet web

Virtual serversBIG-IP® Reference Guide 4-71creating VLAN groups and assigning self IP addresses to them, see Chapter 3, Creating VLAN groups, on page

Chapter 4: Configuring the High-Level Network4-72VLAN disabled list applies to default wildcard virtual servers only. You cannot create a VLAN disable

Virtual serversBIG-IP® Reference Guide 4-73To turn off port translation for a wildcard virtual serverusing the Configuration utilityAfter you define t

Chapter 4: Configuring the High-Level Network4-74To create a default wildcard virtual server from thecommand lineTo create a default wildcard virtual

Virtual serversBIG-IP® Reference Guide 4-75For example, the following commands define two wildcard virtual servers, the first for VLAN internal, and t

Chapter 4: Configuring the High-Level Network4-76Forwarding virtual serversA forwarding virtual server is just like other virtual servers, except that

Virtual serversBIG-IP® Reference Guide 4-77other side of the BIG-IP to forward packets to virtual servers receiving connections from the transparent d

Chapter 4: Configuring the High-Level Network4-78Mirroring virtual server stateMirroring provides seamless recovery for current connections, persisten

Virtual serversBIG-IP® Reference Guide 4-79The following example shows the two commands used to enable mirroring for virtual server v1 on the FTP cont

Chapter IntroIntro - 2The Configuration utilityThe Configuration utility is a web-based application that you use to configure and monitor the load bal

Chapter 4: Configuring the High-Level Network4-80Again, even when you define a custom netmask and broadcast in a specific network virtual server defin

Virtual serversBIG-IP® Reference Guide 4-81To enable or disable port translationUse the following syntax to enable or disable port translation for a v

Chapter 4: Configuring the High-Level Network4-82To set dynamic connection rebinding from the commandlineTo manage dynamic connection rebinding using

Virtual serversBIG-IP® Reference Guide 4-83Each of these elements is described in Table 4.16.Turning software acceleration off for virtual servers usi

Chapter 4: Configuring the High-Level Network4-84For example, if you want to define the virtual server 10.10.10.50:80 with the pool IPFW_pool and acce

Virtual serversBIG-IP® Reference Guide 4-85If you want to disable or enable a virtual server for one or more specific VLANs only, use the following sy

Chapter 4: Configuring the High-Level Network4-86Using other BIG-IP features with virtual serversAfter you create a pool and define a virtual server t

ProxiesBIG-IP® Reference Guide 4-87ProxiesBIG-IP supports two types of proxies--An SSL Accelerator proxy, and a content converter proxy. Using either

Chapter 4: Configuring the High-Level Network4-88Table 4.17 lists the configurable SSL proxy options.Creating an SSL Accelerator ProxyWhen creating an

ProxiesBIG-IP® Reference Guide 4-89To create an SSL proxy using the Configuration utility1. In the navigation pane, click Proxies.The Proxies screen o

IntroductionBIG-IP® Reference Guide Intro - 3◆ BIG-IP Reference GuideThis guide provides detailed configuration information for the BIG-IP. It also pr

Chapter 4: Configuring the High-Level Network4-90Configuring SSL-to-ServerOnce the SSL Accelerator proxy has decrypted a client request, you might wan

ProxiesBIG-IP® Reference Guide 4-91Figure 4.43 shows the state of the /config/bigip.conf file, after creating an SSL proxy with SSL-to-Server enabled.

Chapter 4: Configuring the High-Level Network4-92serverssl enable \serverssl key my.client.net.key \serverssl cert my.client.net.crtFigure 4.44 shows

ProxiesBIG-IP® Reference Guide 4-93To verify server certificates from the command lineThis option is specified as serverssl server cert on the bigpipe

Chapter 4: Configuring the High-Level Network4-94Basic authentication optionsYou can configure an SSL proxy to handle authentication of clients in thr

ProxiesBIG-IP® Reference Guide 4-95To modify per-session authentication using theConfiguration utilityYou can modify the SSL proxy to require authenti

Chapter 4: Configuring the High-Level Network4-96• Client certificate fields• Client session IDsAn example of when you might want to insert a header i

ProxiesBIG-IP® Reference Guide 4-97To insert a custom header from the command lineTo insert a custom header into an HTTP request using the command lin

Chapter 4: Configuring the High-Level Network4-98To insert a cipher specification from the command lineSpecify the cipher insert argument with the big

ProxiesBIG-IP® Reference Guide 4-99To insert fields of a client certificate using theConfiguration utility1. In the navigation pane, click Proxies. 2.

Chapter IntroIntro - 4Identifying command syntaxWe show complete commands in bold Courier text. Note that we do not include the corresponding screen p

Chapter 4: Configuring the High-Level Network4-100• A header in which the session ID is the current session ID. The proper format of this header is S

ProxiesBIG-IP® Reference Guide 4 - 101the client connection being closed. If the client is using a browser, the userwill likely receive an error messa

Chapter 4: Configuring the High-Level Network4-102To specify invalid protocol versions using the Configurationutility1. In the navigation pane, click

ProxiesBIG-IP® Reference Guide 4 - 1034. If the file is still not found, the proxy uses the same file name as that of the configured certificate. For

Chapter 4: Configuring the High-Level Network4-104configure the proxy to generate these symbolic links. If you do not specify a Trusted CA path, or th

ProxiesBIG-IP® Reference Guide 4 - 105To advertise a list of trusted CAs using the Configurationutility1. In the navigation pane, click Proxies. 2. Cl

Chapter 4: Configuring the High-Level Network4-106Rewriting the protocol nameThis feature allows the SSL proxy to rewrite the HTTP protocol name to HT

ProxiesBIG-IP® Reference Guide 4 - 107To configure the rewrite feature using the Configurationutility1. In the navigation pane, click Proxies. 2. Clic

Chapter 4: Configuring the High-Level Network4-108Server-side timeout values. A single, server-side timeout value is configured globally. This timeou

ProxiesBIG-IP® Reference Guide 4 - 109The client-side values for the maximum size of the session cache are configured on a per-proxy basis. A single,

IntroductionBIG-IP® Reference Guide Intro - 5• Individual bigpipe commands have online help, including command syntax and examples, in standard UNIX m

Chapter 4: Configuring the High-Level Network4-110This option is configured globally, and by default is set to disable.NoteIn redundant configurations

ProxiesBIG-IP® Reference Guide 4 - 111To configure SSL shutdowns using the Configuration utility1. In the navigation pane, click System. 2. Click the

Chapter 4: Configuring the High-Level Network4-112Adding a last hop pool to an SSL proxyIn cases where you have more than one router sending connectio

ProxiesBIG-IP® Reference Guide 4 - 113To configure the on-the-fly conversion software1. On the BIG-IP, bring up the Akamai configuration file /config/

Chapter 4: Configuring the High-Level Network4-114When the content converter proxy is written in the /config/bigip.conf file, it looks like the exampl

ProxiesBIG-IP® Reference Guide 4 - 115For example, if you want to view configuration information for the SSL proxy 209.100.19.22:443, type the followi

Chapter 4: Configuring the High-Level Network4-116NodesNodes are the network devices to which the BIG-IP passes traffic. A network device becomes a no

NodesBIG-IP® Reference Guide 4 - 117To mark a node up, use the node command with the up option: b node 192.168.21.1 upTo mark a particular service dow

Chapter 4: Configuring the High-Level Network4-118The report shows the following information:• Current number of connections• Total number of connecti

ServicesBIG-IP® Reference Guide 4 - 119ServicesServices are the standard Internet applications supported by BIG-IP, such as HTTP, HTTPs, FTP, and POP

iiProduct VersionThis manual applies to version 4.2 of the BIG-IP® product family.Legal NoticesCopyrightInformation in this document is subject to cha

Chapter IntroIntro - 6New filter for rewriting HTTP redirectionsThis release provides an ISAPI filter, called redirectfilter.dll, which allows IIS ser

Chapter 4: Configuring the High-Level Network4-120To set connection limits on servicesUse the following syntax to set the maximum number of concurrent

ServicesBIG-IP® Reference Guide 4 - 121For example, the following command sets the UDP timeout to 300 seconds for port 53:b service 53 timeout udp 300

Chapter 4: Configuring the High-Level Network4-122Address translation: SNATs, NATs, and IP forwardingThe BIG-IP uses address translation and forwardin

Address translation: SNATs, NATs, and IP forwardingBIG-IP® Reference Guide 4 - 123The attributes you can configure for a SNAT are shown in Table 4.23.

Chapter 4: Configuring the High-Level Network4-124To configure SNAT global properties from the commandlineConfiguring global properties for a SNAT req

Address translation: SNATs, NATs, and IP forwardingBIG-IP® Reference Guide 4 - 125To add a default SNAT manually using the Configurationutility1. In t

Chapter 4: Configuring the High-Level Network4-126To add a manual SNAT from the command lineThe bigpipe snat command defines one SNAT for one or more

Address translation: SNATs, NATs, and IP forwardingBIG-IP® Reference Guide 4 - 127•When the equivalent of a default SNAT, that is, a SNAT that continu

Chapter 4: Configuring the High-Level Network4-128•If you enable snat automap on more than one self IP address, (implying more than one IP network), t

Address translation: SNATs, NATs, and IP forwardingBIG-IP® Reference Guide 4 - 1292. Click the SNATs tab.3. Click the Add button.The Add SNAT screen o

IntroductionBIG-IP® Reference Guide Intro - 7SSL Accelerator proxy enhancementsThis release includes several important enhancements to the SSL Acceler

Chapter 4: Configuring the High-Level Network4-130To create the equivalent of a default SNAT, it is necessary to assign each unit its own floating sel

Address translation: SNATs, NATs, and IP forwardingBIG-IP® Reference Guide 4 - 131• If multiple external interfaces are not available, the ISP routers

Chapter 4: Configuring the High-Level Network4-132To enable mirroring for redundant systemsThe following example sets SNAT mirroring for all SNAT conn

Address translation: SNATs, NATs, and IP forwardingBIG-IP® Reference Guide 4 - 133The IP addresses that identify nodes on the BIG-IP internal network

Chapter 4: Configuring the High-Level Network4-134The following example shows a NAT definition:b nat 10.10.10.10 to 10.12.10.10To delete NATsUse the f

Address translation: SNATs, NATs, and IP forwardingBIG-IP® Reference Guide 4 - 135• You must delete a NAT before you can redefine it. • The interface

Chapter 4: Configuring the High-Level Network4-136Enabling IP forwarding globallyIP forwarding is a global property of the BIG-IP system. To set up IP

Health monitorsBIG-IP® Reference Guide 4 - 137Health monitorsHealth monitors verify connections and services on nodes that are members of load balanci

Chapter 4: Configuring the High-Level Network4-138This creates a new monitor in /config/bigip.conf, as shown in Figure 4.52. You can display this moni

Health monitorsBIG-IP® Reference Guide 4 - 139Selecting the monitor templateSelecting a template is straightforward. Like icmp, each of the templates

Chapter IntroIntro - 8Health monitor enhancementsIn addition to the standard SNMP health monitor template included in BIG-IP, this release now include

Chapter 4: Configuring the High-Level Network4-140Using tcp_echoThe tcp_echo template uses Transmission Control Protocol. The check is successful if a

Health monitorsBIG-IP® Reference Guide 4 - 141Both transparent and reverse modes are options. (For more information about transparent and reverse mode

Chapter 4: Configuring the High-Level Network4-142Using httpsThe https template is for Hypertext Transfer Protocol Secure. An https monitor attempts t

Health monitorsBIG-IP® Reference Guide 4 - 143URL as a value and automatically fills in the dest value with the address the URL resolves to. (For more

Chapter 4: Configuring the High-Level Network4-144Using snmp_dcaThe snmp_dca template is used for load balancing traffic to servers that are running a

Health monitorsBIG-IP® Reference Guide 4 - 145Using nntpThe nntp template is for Usenet News. The check is successful if the monitor retrieves a newsg

Chapter 4: Configuring the High-Level Network4-146if the specified message number is retrieved. An imap monitor requires username, password, and a fol

Health monitorsBIG-IP® Reference Guide 4 - 147NoteServers to be checked by an imap monitor typically require special configuration to maintain a high

Chapter 4: Configuring the High-Level Network4-1483. In the Add Monitor screen, type in the name of your monitor (it must be different from the monito

Health monitorsBIG-IP® Reference Guide 4 - 149Entering string valuesExcept for interval, timeout, and dest, you should enter all attribute values as q

IntroductionBIG-IP® Reference Guide Intro - 9◆ The BIG-IP special purpose productsThe special purpose BIG-IP provides the ability to choose from three

Chapter 4: Configuring the High-Level Network4-150Setting destinationsBy default, all dest values are set to the wildcard "*" or "*:*&q

Health monitorsBIG-IP® Reference Guide 4 - 151In transparent mode, the monitor is forced to ping through the node it is associated with, usually a fir

Chapter 4: Configuring the High-Level Network4-152user name and password for the new login, as well as which databases the login is allowed to access.

Health monitorsBIG-IP® Reference Guide 4 - 153To show or delete a monitor using the Configuration utility1. In the navigation pane, click Monitors.A s

Chapter 4: Configuring the High-Level Network4-154This has the effect of disabling all instances of the monitor, as shown in Figure 4.71. To disable a

Health monitorsBIG-IP® Reference Guide 4 - 155This creates a monitor instance of http for each of these nodes. You can verify this association using t

Chapter 4: Configuring the High-Level Network4-156value of *:*. Either or both wildcard symbols can be replaced by an explicit dest value by creating

Health monitorsBIG-IP® Reference Guide 4 - 15711.12.11.20:80, 11.12.11.21:80, and 11.12.11.21:80 it would produce the following instances, (which are

Chapter 4: Configuring the High-Level Network4-158The monitors themselves must be configured with the grouping in mind. For example, if the dest value

Health monitorsBIG-IP® Reference Guide 4 - 1594. If you want to associate more than one monitor, click the Move >> button to add the monitor nam

Chapter IntroIntro - 10

Chapter 4: Configuring the High-Level Network4-160In deleting specific monitor instances, it is important to consider how the association was made. If

5Configuring Filters• Introduction•IPfilters• Rate filters and rate classes

Configuring FiltersBIG-IP® Reference Guide 5-1IntroductionFilters control network traffic by setting whether packets are accepted or rejected at the e

Chapter 55-2IP filtersTypical criteria that you define in IP filters are packet source IP addresses, packet destination IP addresses, and upper-layer

Configuring FiltersBIG-IP® Reference Guide 5-3Rate filters and rate classesIn addition to IP filters, you can also define rate filters. Rate filters c

Chapter 55-4To configure a rate filter using the Configuration utility1. In the navigation pane, click Filters.The IP Filters screen opens.2. Click th

6Configuring a Redundant System• Introduction• Synchronizing configurations between units• Configuring fail-safe settings• Mirroring connection inform

Configuring a Redundant SystemBIG-IP® Reference Guide 6-1IntroductionA BIG-IP redundant system consists of two identically configured BIG-IP units, on

1BIG-IP Overview• Introduction• What is a BIG-IP?• Configuration• Monitoring and administration• The BIG-IP user interface

Chapter 66-2Synchronizing configurations between unitsOnce you complete the initial configuration on the first unit in the system, you can synchronize

Configuring a Redundant SystemBIG-IP® Reference Guide 6-3The bigpipe config sync all command synchronizes the following configuration files:•The commo

Chapter 66-45. If you are arming fail-safe, in the Timeout box, type the maximum time allowed for a loss of network traffic before a fail-over occurs.

Configuring a Redundant SystemBIG-IP® Reference Guide 6-5The mirror feature is intended for use with long-lived connections, such as FTP, Chat, and Te

Chapter 66-6Mirroring virtual server stateMirroring provides seamless recovery for current connections when a BIG-IP fails. When you use the mirroring

Configuring a Redundant SystemBIG-IP® Reference Guide 6-7Using gateway fail-safeFail-safe features on the BIG-IP provide network failure detection bas

Chapter 66-8To configure gateway fail-safe in BIG/dbTo enable gateway fail-safe in BIG/db, you need to change the settings of three specific BIG/db da

Configuring a Redundant SystemBIG-IP® Reference Guide 6-9Using network-based fail-overNetwork-based fail-over allows you to configure your redundant B

Chapter 66-10To clarify how this differs from default behavior, contrast the basic behavior of a BIG-IP in the following description. Each of the two

Configuring a Redundant SystemBIG-IP® Reference Guide 6-11MAC masquerading is not supported in active-active mode.Configuring an active-active systemT

Chapter 66-12To enable active-active from the command lineSet the Common.Bigip.Failover.ActiveMode key to 1. Use the following commands on each unit t

Configuring a Redundant SystemBIG-IP® Reference Guide 6-13Task 4: Checking the BIG-IP unit numberUsing the bigpipe db get *unit* command, check the va

Chapter 66-14Each BIG-IP in an active-active configuration requires a unit number: either a 1 or a 2. Use the Setup utility to specify a unit number

Configuring a Redundant SystemBIG-IP® Reference Guide 6-15To synchronize the configuration using the Configurationutility1. In the navigation pane, cl

Chapter 66-16Disabling automatic fail backIn some cases, you may not want connections to automatically failback. The fact that a machine has resumed o

Configuring a Redundant SystemBIG-IP® Reference Guide 6-17◆ Local.Bigip.Failover.UnitIdThis is the default unit number of the BIG-IP. This value is se

Chapter 66-18Reviewing specific active-active bigpipe commandsThere are several specific commands included in bigpipe to support active-active configu

7bigpipe Command Reference

bigpipe commandsBIG-IP® Reference Guide 7-1bigpipe commandsThis chapter lists the various bigpipe commands, including syntax requirements and function

BIG-IP OverviewBIG-IP® Reference Guide 1-1IntroductionThis chapter provides a brief overview of the BIG-IP software and the configuration and monitori

Chapter 7: bigpipe Command Reference7-2makecookie Loads the BIG-IP configuration without resetting the current configuration. 7-21merge Loads a saved

-?BIG-IP® Reference Guide 7-3-?For certain commands, displays online help, including complete syntax, description, and other related information. For

Chapter 7: bigpipe Command Reference7-4classCreates, shows, and deletes any classes, such as class AOL. Default classes are also shown.The BIG-IP incl

configBIG-IP® Reference Guide 7-5configSynchronizes configurations of two BIG-IP units in a redundant system by collecting and copying the configurati

Chapter 7: bigpipe Command Reference7-6Installing an archived configuration fileconfig install <file> reinstalls the archived configuration file

connBIG-IP® Reference Guide 7-7connDisplays information about current client connections to virtual addresses and virtual servers.The following comman

Chapter 7: bigpipe Command Reference7-8default_gatewayThis command creates, shows, or deletes a pool of default gateways, with nodes in the pool corre

failoverBIG-IP® Reference Guide 7-9failoverThis group of commands affects the fail-over status of the BIG-IP or 3-DNS system.In an active/standby or a

Chapter 7: bigpipe Command Reference7-10globalauto_lasthopWhen this variable is enabled, it automatically designates the lasthop router inside IP addr

globalBIG-IP® Reference Guide 7-11fastest_max_idle_timeSets the number of seconds a node can be left idle by the fastest load balancing mode. This for

Chapter 11-2Figure 1.1 A basic configurationInsertion of the BIG-IP, with its minimum of two interfaces, divides the network into an external VLAN an

Chapter 7: bigpipe Command Reference7-12To disarm fail-safe on the gateway, enter the following command: b global gateway failsafe disarmTo see the cu

globalBIG-IP® Reference Guide 7-13The following command sets this variable to open the Telnet port (23) to allow administrative Telnet connections. Th

Chapter 7: bigpipe Command Reference7-14open_failover_portsThis variable enables or disables network failover when a VLAN has port lockdown enabled.Th

globalBIG-IP® Reference Guide 7-15The following command resets the timer only when the persistent connection is initiated. b global persist timer time

Chapter 7: bigpipe Command Reference7-16Setting log levels only for TCP trafficThe following command turns on only TCP port denial logging, which logs

-h and -helpBIG-IP® Reference Guide 7-17-h and -helpDisplays the bigpipe command syntax or usage text for all current commands.NoteMore detailed man p

Chapter 7: bigpipe Command Reference7-18interfaceDisplays names of installed network interface cards and allows you to set properties for each network

loadBIG-IP® Reference Guide 7-19loadResets all of the BIG-IP settings and then loads the configuration settings, by default from the /config/bigip.con

Chapter 7: bigpipe Command Reference7-20maintToggles a BIG-IP into and out of Maintenance mode. When in Maintenance mode, a BIG-IP accepts no new conn

makecookieBIG-IP® Reference Guide 7-21makecookieGenerates a cookie string with encoding automatically added for cookie persistence Passive mode:b make

BIG-IP OverviewBIG-IP® Reference Guide 1-3Like the physical network itself, you can add software entities like virtual servers and load balancing pool

Chapter 7: bigpipe Command Reference7-22mergeUse the merge command to load the BIG-IP configuration from <file_name> without resetting the curre

mirrorBIG-IP® Reference Guide 7-23mirrorFor the BIG-IP Application Switch, you can copy traffic from any port or set of ports to a single, separate po

Chapter 7: bigpipe Command Reference7-24monitorDefines a health monitor. A health monitor is a configuration object that defines how and at what inter

monitorBIG-IP® Reference Guide 7-25external run ""args ""ftp username "anonymous"password "bigip1@internal"get

Chapter 7: bigpipe Command Reference7-26Table 7.4 defines the attributes used in the templates.Attribute Definitioninterval <seconds> Ping frequ

monitorBIG-IP® Reference Guide 7-27secret Shared secret for radius EAV checking only.folder Folder name for imap EAV checking only.message_num Optiona

Chapter 7: bigpipe Command Reference7-28-nUse the -n option in combination with other commands, such as bigpipe virtual, to display services and IP ad

natBIG-IP® Reference Guide 7-29natDefines an IP address, routable on the external network, that a node can use to initiate connections to hosts on the

Chapter 7: bigpipe Command Reference7-30nodeDisplays information about nodes and allows you to set properties for nodes, and node addresses. Nodes may

poolBIG-IP® Reference Guide 7-31poolCreates, deletes, modifies, or displays pool definitions. You can use pools to group members together with a commo

BIG-IP® Reference Guide iiiStandards ComplianceThe product conforms to ANSI/UL Std 1950 and Certified to CAN/CSA Std. C22.2 No. 950.AcknowledgmentsThi

Chapter 11-4Figure 1.2 Hardware configuration with base and high-level networks superimposed. Hardware configurationThe hardware configuration includ

Chapter 7: bigpipe Command Reference7-32For more information about the load balancing modes, refer to Load balancing method, on page 4-5.Fastest Membe

proxyBIG-IP® Reference Guide 7-33proxyb proxy <ip>:<service> [unit <id>][{] target <virtual|server>> <ip>:<service

Chapter 7: bigpipe Command Reference7-34Creates, deletes, modifies, or displays the SSL or content converter proxy definitions on the BIG-IP. For deta

ratioBIG-IP® Reference Guide 7-35ratioFor the Ratio load balancing mode, this command sets the weight or proportions for one or more node addresses.b

Chapter 7: bigpipe Command Reference7-36resetUse the following syntax to clear the configuration values and counter values from memory:b resetUse this

ruleBIG-IP® Reference Guide 7-37ruleCreates, delete, or display the rules on the BIG-IP. Rules allow a virtual server to access any number of pools on

Chapter 7: bigpipe Command Reference7-38If the rule is defined on the bigpipe command line, you can either surround each pair of parentheses in single

saveBIG-IP® Reference Guide 7-39saveWrites the current BIG-IP configuration settings from memory to the configuration files named /config/bigip.conf a

Chapter 7: bigpipe Command Reference7-40selfDefines a self IP address on a BIG-IP or 3-DNS system. A self IP address is an IP address mapping to a VLA

serviceBIG-IP® Reference Guide 7-41serviceEnables and disables network traffic on services, and also sets connection limits and timeouts. You can use

BIG-IP OverviewBIG-IP® Reference Guide 1-5sharing.) When you run the Setup utility as the last part of your initial hardware installation and fill in

Chapter 7: bigpipe Command Reference7-42snatDefines one or more addresses that nodes can use as a source IP address when initiating connections to hos

stpBIG-IP® Reference Guide 7-43stpThe BIG-IP IP Application Switch provides Spanning Tree Protocol (STP) implementation for loop resolution in configu

Chapter 7: bigpipe Command Reference7-44summaryDisplays a summary of current usage statistics. The output display format for the summary command is sh

trunkBIG-IP® Reference Guide 7-45trunkThe trunk command aggregates links (individual physical interfaces) to form a trunk. This link aggregation incre

Chapter 7: bigpipe Command Reference7-46unitThe unit number on a system designates which virtual servers use a particular unit in an active-active red

verboseBIG-IP® Reference Guide 7-47verboseUsed to modify the verbose log level. This command is an alternative to using the bigpipe global verbose com

Chapter 7: bigpipe Command Reference7-48verifyParses the command line and checks syntax without executing the specified command. This distinguishes be

versionBIG-IP® Reference Guide 7-49versionDisplays the version of the BIG-IP operating system and the features enabled.For example, for a BIG-IP HA, t

Chapter 7: bigpipe Command Reference7-50virtualCreates, deletes, and displays information about virtual servers. This command also sets connection mir

vlanBIG-IP® Reference Guide 7-51vlanThe vlan command defines VLANs, VLAN mappings, and VLAN properties. By default, each interface on a BIG-IP or 3-DN

Chapter 11-6Global settings and filtersGlobal settings and filters are part of the configuration that belong to neither the base network nor the high-

Chapter 7: bigpipe Command Reference7-52vlangroupThe vlangroup command defines a VLAN group, which is a grouping of two or more VLANs belonging to the

vlangroupBIG-IP® Reference Guide 7-53L2 forwarding must be enabled for the VLAN group using the VLAN proxy_forward attribute. This attribute is enable

Chapter 7: bigpipe Command Reference7-54

8Configuring SNMP• Introduction• Downloading the MIBs• Configuring SNMP using the Configuration utility• SNMP configuration files• Configuring snmpd t

Configuring SNMPBIG-IP® Reference Guide 8-1IntroductionThis chapter covers the management and configuration tasks for the simple network management pr

Chapter 88-2◆ Etherlike-MIB.txtThis is a standard MIB which describes statistics for the collection of ethernet interfaces attached to the system. It

Configuring SNMPBIG-IP® Reference Guide 8-3Configuring SNMP using the Configuration utilityTo configure SNMP for a remote network management station,

Chapter 88-4To allow access to the SNMP agent using the Configurationutility1. In the top of the SNMP Administration screen, check the Enable box to a

Configuring SNMPBIG-IP® Reference Guide 8-53. In the Community String box, type a community name. The community name is a clear text password used for

BIG-IP OverviewBIG-IP® Reference Guide 1-7Figure 1.3 Configuration utility System screenThe left pane of the screen, referred to as the navigation pa

Chapter 88-6SNMP configuration filesThe SNMP options that you specify in the SNMP Administration screen are written to one or more of the following co

Configuring SNMPBIG-IP® Reference Guide 8-7For example, you can type the following line which sets the SNMP agent to accept connections from the IP ad

Chapter 88-8• trapcommunity <community string>This sets the community string (password) to use for sending traps. If set, it also sends a trap u

Configuring SNMPBIG-IP® Reference Guide 8-9You may, however, insert your own regular expressions and map them to the 110.1 OID. The /etc/snmptrap.conf

Chapter 88-10Use this command to make the agent list on the specified list of sockets instead of the default port, which is port 161. Separate multipl

9BIG/db Configuration Keys• Supported BIG/db configuration keys

BIG/db Configuration KeysBIG-IP® Reference Guide 9-1Supported BIG/db configuration keysThe BIG/db is a database that contains configuration elements f

Chapter 99-2To unset a BIG/db configuration keyTo unset a BIG/db configuration key, use the following syntax:b db unset <key>b db unset <regu

BIG/db Configuration KeysBIG-IP® Reference Guide 9-3StateMirror keysStateMirror keys (Table 9.2) control state mirroring. If you change one of these v

Chapter 11-8Figure 1.4 Add Pool screenThe Add Pool screen contains fields for all the attributes you can configure for the pool. The bigpipe command

Chapter 99-4Using Gateway Pinger keysThe GatewayPinger keys (Table 9.3) control the gateway failsafe pinger. If you change one of these values, you mu

BIG/db Configuration KeysBIG-IP® Reference Guide 9-5Bigd keysThe Bigd keys (Table 9.4) control the health monitors. If you change one of these values,

Chapter 99-6Common.Bigip.CORBA.AddrResolveNumeric="true" Set to "true" causes the CORBA portal to resolve client addresses numeric

10Configuration Files• BIG-IP configuration files

Configuration FilesBIG-IP® Reference Guide 10 - 1BIG-IP configuration filesThe following table includes a list of the configuration files on the BIG-I

Chapter 1010 - 2

11Monitoring and Administration• Monitoring and administration utilities• Using the bigpipe utility as a monitoring tool• Using the Configuration util

Monitoring and AdministrationBIG-IP® Reference Guide 11 - 1Monitoring and administration utilitiesThe BIG-IP platform provides several utilities for m

BIG-IP OverviewBIG-IP® Reference Guide 1-9The bigip.conf fileRegardless of how a pool, virtual server, proxy or other object is configured, whether yo

Chapter 1111 - 2Monitoring the BIG-IPThe bigpipe summary command displays performance statistics for the BIG-IP itself. This display summary includes

Monitoring and AdministrationBIG-IP® Reference Guide 11 - 3Table 11.1 contains descriptions of each individual statistic included in the summary displ

Chapter 1111 - 4Resetting statistics on the BIG-IPThe bigpipe commands allow you to selectively reset any statistic on the BIG-IP. The statistics you

Monitoring and AdministrationBIG-IP® Reference Guide 11 - 5• Secure network address translations (SNATs) • Global statistics When you reset one of the

Chapter 1111 - 6To reset statistics for node servers and node addressesUse the following syntax to reset statistics for all node addresses and node se

Monitoring and AdministrationBIG-IP® Reference Guide 11 - 7Use the following syntax to reset statistics for the NAT for the IP address <orig_ip>

Chapter 1111 - 8Monitoring virtual servers, virtual addresses and servicesYou can use different variations of the bigpipe virtual command, as well as

Monitoring and AdministrationBIG-IP® Reference Guide 11 - 9Displaying information about servicesThe bigpipe port show command allows you to display in

Chapter 1111 - 10To display NAT status from the command lineUse the following command to display the status of all NATs included in the configuration:

Monitoring and AdministrationBIG-IP® Reference Guide 11 - 11Using the Configuration utility for administration andmonitoringYou can use the Configurat

Chapter 11-10

Chapter 1111 - 12Working with the BIG/top utilityBIG/top™ is a real-time statistics display utility. The display shows the date and time of the latest

Monitoring and AdministrationBIG-IP® Reference Guide 11 - 13Using runtime commands in BIG/topUnless you specified the -once option, the BIG/top utilit

Chapter 1111 - 14Sample log messagesTable 11.3 shows sample log messages to give you an idea of how the Syslog utility tracks events that are specific

Monitoring and AdministrationBIG-IP® Reference Guide 11 - 15eventually determine that the nodes associated with the server are down, specifically remo

Chapter 1111 - 16Removing individual virtual servers, virtual addresses, and ports fromserviceThe BIG-IP also supports taking only selected virtual se

Monitoring and AdministrationBIG-IP® Reference Guide 11 - 17To enable and disable nodes and node addresses from thecommand lineThe bigpipe node comman

Chapter 1111 - 18• Rate filter statistics, including the number of bits passed through, delayed, and dropped by individual rate filters• Information a

Monitoring and AdministrationBIG-IP® Reference Guide 11 - 19The user accounts you create in the Configuration utility can have full, partial, or read-

Chapter 1111 - 20Working with the BIG/db databaseThe BIG/db™ database holds certain configuration information for the BIG-IP. Most BIG-IP utilities cu

Monitoring and AdministrationBIG-IP® Reference Guide 11 - 21b db unset <key>b db unset <regular_exp>For example, the following command uns

2Using the Setup Utility• Creating the initial software configuration with theSetup utility• Connecting to the BIG-IP for the first time• Using the Se

Chapter 1111 - 22You can customize the BIG/stat utility statistics display. For example, you can customize your output to display statistics for a sin

Monitoring and AdministrationBIG-IP® Reference Guide 11 - 23The following table contains descriptions of each of the metrics collected for the BIG-IP.

Chapter 1111 - 24BIG/stat Item DescriptionBIG-IP cur - Shows the number of current connections handled by the BIG-IPmax - Shows the maximum number of

12Additional Setup Options• Overview of additional setup options• Defining additional host names• Using the MindTerm SSH Console• Downloading the SSH

Additional Setup OptionsBIG-IP® Reference Guide 12 - 1Overview of additional setup optionsThis chapter contains details about additional setup options

Chapter 1212 - 2This sample hosts file lists the IP addresses for the default router, the internal VLAN, and the external VLAN, and it contains placeh

Additional Setup OptionsBIG-IP® Reference Guide 12 - 3Downloading the SSH client to your administrativeworkstationFrom BIG-IP units that support encry

Chapter 1212 - 46. In the Connection tab, in the Remote Host section, type the following items:•In the Host Name box, type the BIG-IP IP address or ho

Additional Setup OptionsBIG-IP® Reference Guide 12 - 5◆ Configuring email on the BIG-IPThere are some special requirements that you need to take into

Chapter 1212 - 62. Click the System tab.Look in the Default Gateway Pool list for the name of the default gateway pool. Make sure you have the pool na

Additional Setup OptionsBIG-IP® Reference Guide 12 - 7Case 2: Different LANsIf you have nodes on different LANs from the BIG-IP, you need to add a sta

Chapter 1212 - 8online documentation (in the Configuration utility home screen, under the Online Documentation section, click GateD). Note that the Ga

Additional Setup OptionsBIG-IP® Reference Guide 12 - 9In place of the <DNS_SERVER_1> parameter, use the IP address of a properly configured name

Chapter 1212 - 10Converting from rotary or round robin DNSIf your network is currently configured to use rotary DNS, your node configuration may not n

Additional Setup OptionsBIG-IP® Reference Guide 12 - 11Setting up SendmailWhen you actually set up Sendmail, you need to open and edit a couple of con

Chapter 1212 - 12◆ A serial terminal configured as the console displays system messages and warnings in addition to providing a login prompt. In this

Additional Setup OptionsBIG-IP® Reference Guide 12 - 13Configuring a serial terminal in addition to the consoleYou can configure a serial terminal for

Chapter 1212 - 14Forcing a serial terminal to be the consoleIn the case where you have not yet connected the serial terminal or it is not active when

Additional Setup OptionsBIG-IP® Reference Guide 12 - 152. Create the file /etc/raddb/servers. Each line should contain the host name of the radius ser

Using the Setup UtilityBIG-IP® Reference Guide 2-1Creating the initial software configuration with the SetuputilityOnce you install and connect the ha

Chapter 1212 - 16To configure an LDAP server that stores encryptedpasswordsIn some LDAP servers, passwords are stored encrypted with DES, or stored as

Additional Setup OptionsBIG-IP® Reference Guide 12 - 172. Locate the default authentication type. Change the tc value to point to the new ldap-default

Chapter 1212 - 18name. This is useful because you need to be able to log in even if the authentication server is down (or if its name gets changed and

Glossary

GlossaryBIG-IP® Reference Guide Glossary - 1Any IP TrafficAny IP Traffic is a feature that allows the BIG-IP to load balance protocols other than TCP

GlossaryGlossary - 2cacheable content expression The cacheable content expression determines, based on evaluating variables in the HTTP header of the

GlossaryBIG-IP® Reference Guide Glossary - 3If you specify a value for hot pool, but do not specify a value for this variable, the cache statement use

GlossaryGlossary - 4platforms equipped with Windows Management Instrumentation (WMI), or on a server equipped with either the UC Davis SNMP agent or W

GlossaryBIG-IP® Reference Guide Glossary - 5FDDI (Fiber Distributed Data Interface)FDDI is a multi-mode protocol used for transmitting data on optical

iv

Chapter 22-2Running the Setup utility remotelyYou can run the Setup utility remotely only from a workstation that is on the same LAN as the unit. To a

GlossaryGlossary - 6content subsets used for content striping. Requests for hot content are redirected to a cache server in the hot pool, a designated

GlossaryBIG-IP® Reference Guide Glossary - 7internal VLANThe internal VLAN is a default VLAN on the BIG-IP. In a basic configuration, this VLAN has th

GlossaryGlossary - 8MAC (Media Access Control)MAC is a protocol that defines the way workstations gain access to transmission media, and is most widel

GlossaryBIG-IP® Reference Guide Glossary - 9specific to a service type, for example, HTTP and FTP. The template has a template type that corresponds t

GlossaryGlossary - 10Observed modeObserved mode is a dynamic load balancing mode that bases connection distribution on a combination of two factors:

GlossaryBIG-IP® Reference Guide Glossary - 11Predictive modePredictive mode is a dynamic load balancing mode that bases connection distribution on a c

GlossaryGlossary - 12RFC 1918 addressesAn RFC 1918 address is an address that is within the range of non-routable addresses described in the IETF RFC

GlossaryBIG-IP® Reference Guide Glossary - 13spanning tree protocol (STP)Spanning tree protocol is a protocol that provides loop resolution in configu

GlossaryGlossary - 14transparent nodeA transparent node appears as a router to other network devices, including the BIG-IP.trunkA trunk is a combinati

GlossaryBIG-IP® Reference Guide Glossary - 15wildcard virtual serverA wildcard virtual server is a virtual server that uses an IP address of 0.0.0.0,

Using the Setup UtilityBIG-IP® Reference Guide 2-3If the alternate network is present on the LAN, 192.168.245.0/24, or if the node address 192.168.1.2

GlossaryGlossary - 16

Index

IndexBIG-IP® Reference Guide Index - 1/config/aliases file 12-11/config/bigip.conf 7-39/config/gated.conf file 12-7/config/routes file 12-8/co

IndexIndex - 2bigpipe 4-9bigpipe commands 7-1and active-active mode 6-18config 7-5conn 7-7displaying active data 6-17failover 7-8, 7-9gl

IndexBIG-IP® Reference Guide Index - 3client certificate authentication 4-91client certificate fieldsinserting as headers 4-95, 4-98client certifi

IndexIndex - 4default IP addressesalternate address 2-2andIPalias 2-2overview 2-1preferred address 2-2default root password 2-1default route

IndexBIG-IP® Reference Guide Index - 5GGateDconfiguration file 12-7documentation 12-7dynamic routing 12-7gateway command 7-11gateway fail-safe

IndexIndex - 6Iicmp monitor 4-139iControl 2-12IDsinserting 4-99if statements 4-58IIS serversand redirection 4-105for rewriting redirections

IndexBIG-IP® Reference Guide Index - 7MMAC addresses 3-17MAC masquerade 3-17maint command 7-20, 11-15Maintenance mode, activating 11-15masked

Chapter 22-4To start the Setup utility from the command line from aremote administrative workstation1. Start an SSH client on a workstation connected

IndexIndex - 8Ppacket activity, displaying 11-12packet counters, resetting 11-5packet header variables 4-59packet statistics 11-1packet status

IndexBIG-IP® Reference Guide Index - 9Quality of Service levelSee QoS levelRRADIUS authentication 12-14challenge-response authentication 12-18radi

IndexIndex - 10creating 4-62defined 4-1, 4-49, 7-37elements 4-63example 4-52load balancing pools 7-37referencing pools 4-50Ssave command

IndexBIG-IP® Reference Guide Index - 11connection limits 4-123defined 4-122defining 4-122disabling 4-45global properties 4-123TCP idle conne

IndexIndex - 12TTable 4-63tagged interfacesdefined 3-8tagsembedding in packet headers 3-9target IP addressesSee destination IP addressesTCP conn

IndexBIG-IP® Reference Guide Index - 13variable operandsand rules 4-59defined 4-58types 4-59variables 4-51, 4-59verbose command 7-47verbose

IndexIndex - 14

Using the Setup UtilityBIG-IP® Reference Guide 2-5• US + Cyrillic• US - Standard 101 key (default)• United KingdomProduct selectionIf you are configur

Chapter 22-6Configuring a default gateway poolIf a BIG-IP does not have a predefined route for network traffic, the unit automatically sends traffic t

Using the Setup UtilityBIG-IP® Reference Guide 2-7NoteFor best results, choose the auto setting. In some cases, devices configured for the auto media

Chapter 22-8Associating the primary IP address and VLAN with the host nameAfter you assign interfaces to VLANs, you can choose one VLAN/IP address com

Using the Setup UtilityBIG-IP® Reference Guide 2-9Setting the time zoneNext, you need to specify your time zone. This ensures that the clock for the B

Chapter 22-10Configuring remote access for noncrypto-enabled versions of the systemThe Telnet and FTP configuration options are presented only if you

Using the Setup UtilityBIG-IP® Reference Guide 2-11authoritative DNS, and automatically processes changes and updates to the zone files. (You can acce

Table of Contents

Chapter 22-12Options available only through the Setup utility menuThis section contains descriptions of options that are available only through the Se

Using the Setup UtilityBIG-IP® Reference Guide 2-13• You can change the name of the Portal object reference file. • You can specify the Portal PID fil

Chapter 22-14

3Additional Base Network Configuration• Introduction• Interfaces•VLANs• Self IP addresses• Trunks• Spanning Tree Protocol (STP)• Port Mirroring

Additional Base Network ConfigurationBIG-IP® Reference Guide 3-1IntroductionSetting up the base network for BIG-IP means configuring elements such as

Chapter 33-2Like interfaces, VLANs, and self IP addresses, these features can be configured using either the Configuration utility or the bigpipe comm

Additional Base Network ConfigurationBIG-IP® Reference Guide 3-3Figure 3.2 Horizontal slot and port numberingFor the Application Switch, slot numberi

Chapter 33-4Use the following syntax to display the current status and the setting for a specific interface.b interface <if_name> showMedia type

Additional Base Network ConfigurationBIG-IP® Reference Guide 3-5VLANsA VLAN is a grouping of separate networks that allows those networks to behave as

Chapter 33-6Default VLAN configurationBy default, the Setup utility configures each interface on the BIG-IP as a member of a VLAN. The BIG-IP identifi

Additional Base Network ConfigurationBIG-IP® Reference Guide 3-7Creating, renaming, and deleting VLANsTypically, if you use the default configuration,

Chapter 33-8For example, to delete the VLAN named yourvlan, type the following command:b vlan yourvlan deleteConfiguring packet access to VLANsThe BIG

Additional Base Network ConfigurationBIG-IP® Reference Guide 3-9When you add an interface to a VLAN as a tagged interface, BIG-IP associates the inter

Chapter 33-10Figure 3.6 Equivalent solutions using untagged and tagged interfacesThe configuration on the left shows a BIG-IP unit with three interna

Additional Base Network ConfigurationBIG-IP® Reference Guide 3-11To create a VLAN that supports tag-based access using theConfiguration utilityCreatin

Chapter 33-122. Add the interfaces to the VLAN external as tagged interfaces. This is done by specifying the VLAN name, the tagged keyword, and the in

Additional Base Network ConfigurationBIG-IP® Reference Guide 3-13For example:b vlan internal fdb showThis produces a display such as the following:For

Chapter 33-14Setting the L2 forwarding aging timeEntries in the L2 forwarding table have a specified life span, after which they are flushed out if th

Additional Base Network ConfigurationBIG-IP® Reference Guide 3-15In the example shown in figure 3.5, VLANs external and internal represent separate ne

TableofContentsBIG-IP® Reference Guide viiIntroductionIMPORTANT HARDWARE INFORMATION ...

Chapter 33-16To assign the self IP address to the VLAN groupYou can assign a self IP address to the VLAN group using the bigpipe command, as follows:b

Additional Base Network ConfigurationBIG-IP® Reference Guide 3-17To set the fail-over timeout and arm the fail-safe using theConfiguration utility1. I

Chapter 33-18Find the MAC address on both the active and standby units, and pick one that is similar but unique. A safe technique for selecting the sh

Additional Base Network ConfigurationBIG-IP® Reference Guide 3-194. In the IP Address box, type the self IP address to be assigned.5. In the Netmask b

Chapter 33-20create a single 400 Mbps link. The other advantage of link aggregation is link fail-over. If one link in a trunk goes down, traffic is si

Additional Base Network ConfigurationBIG-IP® Reference Guide 3-21feature to configure two or more interfaces on the unit as an STP domain. For interfa

Chapter 33-22Setting time intervals for an STP domainYou can set the time intervals in seconds for hello, max_age, and forward_delay for the STP domai

Additional Base Network ConfigurationBIG-IP® Reference Guide 3-23Restarting stpdThe stpd does not automatically restart when you synchronize configura

Chapter 33-24To delete interfaces from the port mirror using thecommand lineUse this bigpipe syntax to delete interfaces from the port mirror:b mirror

4Configuring the High-Level Network• Introduction•Pools•Rules•Virtualservers•Proxies•Nodes• Services• Address translation: SNATs, NATs, and IPforwardi

TableofContentsviiiConfiguring a default gateway pool ...2-6Redundant

IntroductionBIG-IP® Reference Guide 4-1IntroductionThis chapter describes the elements that make up the high-level network of BIG-IP. The high-level n

Chapter 4: Configuring the High-Level Network4-2PoolsA load balancing pool is the primary object in the high-level network. A pool is a set of devices

PoolsBIG-IP® Reference Guide 4-3Working with poolsYou can manage pools using either the web-based Configuration utility or the command-line interface.

Chapter 4: Configuring the High-Level Network4-4To delete a pool from the command lineTo delete a pool, use the following syntax:b pool <pool_name&

PoolsBIG-IP® Reference Guide 4-5Pool NameThe most basic attribute you can configure for a pool is the pool name. Pool names are case-sensitive and may

Chapter 4: Configuring the High-Level Network4-6Round RobinThis is the default load balancing mode. Round Robin mode passes each new connection reques

PoolsBIG-IP® Reference Guide 4-7Least ConnectionsLeast Connections mode is relatively simple in that the BIG-IP passes a new connection to the node th

Chapter 4: Configuring the High-Level Network4-8Setting the load balancing mode for a poolA load balancing mode is specified as a pool attribute when

PoolsBIG-IP® Reference Guide 4-9To switch a pool to ratio_member mode from thecommand lineTo switch a pool to ratio_member load balancing, use the mod

TableofContentsBIG-IP® Reference Guide ixPersistence ...

Chapter 4: Configuring the High-Level Network4-10b ratio showThe command displays the output shown in Figure 4.1. To display ratio weight for specific

PoolsBIG-IP® Reference Guide 4-11To configure a real_server monitor for the server nodeUsing the Configuration utility or the bigpipe command, create

Chapter 4: Configuring the High-Level Network4-12The metric coefficient is a factor determining how heavily the metric’s value counts in the overall r

PoolsBIG-IP® Reference Guide 4-13To set the load balancing method to Dynamic RatioCreate or modify the load balancing pool to which the server belongs

Chapter 4: Configuring the High-Level Network4-14To configure a wmi monitor for the server nodeUsing the Configuration utility or the bigpipe command,

PoolsBIG-IP® Reference Guide 4-15PUTRequestsPerSec 1.0 500POSTRequestsPerSec 1.0 500AnonymousUsersPerSec 1.0 500CurrentAnonymousUsers 1.0 500NonAnonym

Chapter 4: Configuring the High-Level Network4-16For more information about the metric coefficients and thresholds, refer to the description accompany

PoolsBIG-IP® Reference Guide 4-17• Associating the health check monitor with the server to gather the metrics• Creating or modifying the server pool t

Chapter 4: Configuring the High-Level Network4-18Figure 4.5 shows a monitor based on the snmp_dca_base monitor template. This monitor uses the default

PoolsBIG-IP® Reference Guide 4-197. Retain or change the values for CPU, memory, and disk use. Also note that in the snmp_dca template, the default va