F5 LTM Handson - V12.x

F5 BIG-IP LTM Hands on
Training Guide
vLab Setup Guide for VMware Workstation
Document version 12.0.0.02
Contents
Part 1 – Configuring VMware Workstation............................................................................................................................ 4
Task 1 – Install VMware Workstation ................................................................................................................................ 4
Task 2 – Set Up the VMware Network Environment ......................................................................................................... 4
Task 3 – Open the BIG-IP VE System VMware Image ........................................................................................................ 6
Task 4 – Open the LAMP VMware Image .......................................................................................................................... 7
Task 5 – Edit the Settings of the LAMP Image ................................................................................................................... 8
Part 2 – Configuring the BIG-IP VE ....................................................................................................................................... 10
Task 1 – Configure BIG-IP Management Interface Settings ............................................................................................ 10
Task 2 – Configure Network Settings on the BIG-IP VE System ...................................................................................... 11
Task 3 – Access the BIG-IP VE System and Complete the Setup Utility .......................................................................... 11
Task 4 – Import an SSL Certificate and Key...................................................................................................................... 13
Task 5 – Create a Client SSL Profile .................................................................................................................................. 14
Task 6 – Update Your Local Hosts File (OPTIONAL) ........................................................................................................ 15
Task 7 – Create an Archive File ........................................................................................................................................ 15
Part 3 - PROCESSING TRAFFIC .............................................................................................................................................. 16
EXERCISE 2.1 – CREATE AN HTTP POOL AND VIRTUAL SERVER ...................................................................................... 16
TASK 1 – Create a Pool ................................................................................................................................................. 16
TASK 2 – Create a Virtual Server that Uses the Pool ................................................................................................... 16
TASK 3 – Verify the Virtual Server and Pool Functionality .......................................................................................... 17
TASK 4 – Modify the Virtual Server SNAT Setting........................................................................................................ 18
EXERCISE 2.2 – VIRTUAL SERVER PRIORITY...................................................................................................................... 19
TASK 1 – Create a Wildcard Pool ................................................................................................................................. 19
TASK 2 – Create a Wildcard Virtual Server .................................................................................................................. 19
TASK 3 – Verify the Virtual Server and Pool Functionality .......................................................................................... 20
EXERCISE 2.3 – USING MONITORS WITH POOLS ............................................................................................................. 21
TASK 1 – Check Current Pool Member Status ............................................................................................................. 21
TASK 2 – Create a Custom HTTP Monitor .................................................................................................................... 21
TASK 3 – Assign the Custom Monitor to the Pool ....................................................................................................... 22
TASK 4 – View the Network Map ................................................................................................................................. 22
EXERCISE 2.4 – USING AN HTTP PROFILE......................................................................................................................... 23
TASK 1 – Create a Custom HTTP Profile ....................................................................................................................... 23
TASK 2 – Modify the Default HTTP Profile ................................................................................................................... 23
TASK 3 – Add the Custom HTTP Profile to a Virtual Server ......................................................................................... 24
TASK 4 – Update the Custom HTTP Profile .................................................................................................................. 25
EXERCISE 2.5 – USING SOURCE ADDRESS PERSISTENCE ................................................................................................. 26
TASK 1 – Update the HTTP Pool ................................................................................................................................... 26
TASK 2 – Create a Source Address Persistence Profile ................................................................................................ 26
EXERCISE 2.6 – SUPPORTING SSL TRAFFIC ....................................................................................................................... 27
TASK 1 – Create HTTPS pool and virtual server ........................................................................................................... 27
TASK 2 – Create a Self‐Signed Certificate .................................................................................................................... 27
TASK 3 – Create a Client SSL Profile ............................................................................................................................. 28
TASK 4 – Create a Custom HTTPS Monitor .................................................................................................................. 28
TASK 5 – Enable SSL Termination with the HTTPS Virtual Server ............................................................................... 29
WWFE vLab Guides – vLab Setup Guide for VMware Workstation; v12.0.0.02 Page | 3
Part 1 – Configuring VMware Workstation
• This guide is written for a Windows workstation
• Estimated completion time: 40 minutes
Task 1 – Install VMware Workstation

You can skip this step if you already have VMware Workstation 10, 11, or 12 installed on your laptop. If not,
download and install VMware Workstation 12.
Open a new Web browser and access http://www.vmware.com/products/workstation/overview.html.
Download and install the trial version of VMware Workstation 12.
→NOTE: These exercises are tested for VMware Workstation version 10. There may be issues with
previous versions.
You need to purchase a VMware Workstation license; however, you have 30 days to use
the trial version.
Task 2 – Set Up the VMware Network Environment

You will configure three VMware networks. VMnet1 acts as the Out of Band Management network for
accessing the BIG-IP Configuration Utility. VMnet2 acts as the external network for users accessing virtual
servers. VMnet3 acts as the internal VLAN where the back-end Web servers are located.
Launch VMware Workstation, and then select Edit > Virtual Network Editor.
Remove any existing VMnet Networks except for VMnet0.
Click the Add Network button, and add VMnet1, VMnet2 and VMnet3.
Select VMnet1, and configure as follows: o Select the Host-only (connect VMs internally in a private
network) option. o Select the Connect a host virtual adapter to this network checkbox.
o Leave the Use local DHCP service to distribute IP address to VMs checkbox selected.
o In the Subnet IP field enter 10.1.1.0, o In the Subnet mask field enter 255.255.255.0.
o Click the DHCP Settings button.
o Change the Start IP address to 10.1.1.150 and the End IP address to 10.1.1.160, and then click
OK.
→NOTE: You will use this network to access the BIG-IP management interface.
This configures your local workstation with a VMware Network Adapter VMnet1 IP address within the
10.1.1.0 network.
Select VMnet2 and configure as follows: o Select the NAT (shared host’s IP address with VMs) option. o
Select the Connect a host virtual adapter to this network checkbox. o Leave the Use local DHCP service
to distribute IP address to VMs checkbox selected. o In the Subnet IP field enter 10.1.10.0. o In the
Subnet mask field enter 255.255.255.0. o Click the NAT Settings button.
o In the Gateway IP field enter 10.1.10.2, and then click OK. o Click the DHCP Settings button.
o Change the Start IP address to 10.1.10.150 and the End IP address to 10.1.10.160, and then
click OK.
→NOTE: These NAT settings enable the BIG-IP VE system reach the Internet through your
workstation’s network adapter.
This configures your local workstation with a VMware Network Adapter VMnet 2 IP address within
the 10.1.10.0 network.
Select VMnet3, and configure as follows:

o Select the Host-only (connect VMs internally in a private network) option.
o Clear the Connect a host virtual adapter to this network checkbox. o Clear the Use local
DHCP service to distribute IP address to VMs checkbox.
o In the Subnet IP field enter 10.1.20.0.
o In the Subnet mask field enter 255.255.255.0.
Page | 5
→NOTE: Ensure that the “Connect a host virtual adapter to this network” checkbox is cleared. This
prevents your local PC from having direct access to the internal network.
Click OK.
Your local workstation should not receive a VMware Network Adapter VMnet3 IP address.
Open a command prompt and type:

ipconfig
Use the table below to note the IP addresses for your VMnet adapters.
Adapter IPv4 Address
VMnet1
VMnet2
Close the command prompt.
Task 3 – Open the BIG-IP VE System VMware Image

Use VMware Workstation to open the BIG-IP VE image file.
In VMware Workstation, go to File > Open.
Navigate to the location where you saved the BIG-IP image file, then select the BIGIP-12.0.0.0.0.606.ALL-
scsi.ova image file, and then click Open.
Name the new virtual machine BIGIP_A_v12.0.
Enter or browse to a location with at least 4 GB of free disk space and click Import.
Click the Accept button.

It will take a few minutes for the BIG-IP VE image to import.
After the import completes, select BIGIP_A_v12.0 from the Library menu, and then click Edit virtual
machine settings.
Adjust the Memory to 4096 MB.
Page | 6
For Hard Disk (SCSI), ONLY IF the current value is less than 80 GB, select Hard Disk (SCSI), and then on
the right-side of the window go to Utilities > Expand, then set the Maximum disk size (GB) to 80, and
then click Expand.
For Hard Disk 2 (SCSI), ONLY IF the current value is less than 20 GB, select Hard Disk (SCSI), and then on
the right-side of the window go to Utilities > Expand, then set the Maximum disk size (GB) to 20, and
then click Expand.
Map the network adapters to the appropriate VMware networks using the following table:
Device Network connection Use
Network Adapter Custom: VMnet1 (Host-only) Management port access
Network Adapter 2 Custom:VMnet2 (NAT) Used for the external self IP address
Network Adapter 3 Custom: VMnet3 Used for the internal self IP address
Network Adapter 4 Bridged (Automatic) Not used; clear the Connect at power on
checkbox
Click OK.
Task 4 – Open the LAMP VMware Image

Use VMware Workstation to open the LAMP VMware server images.
In VMware Workstation, go to File > Open.
Navigate to directory that you unzipped the VMware images and open LAMP_4.
Select the LAMP_4.vmx image file, and then click Open.
In the VMware Workstation dialog box, click Take Ownership.
Select LAMP_4 from the Library menu, and then click Edit virtual machine settings.
Map the network adapters to the appropriate VMware networks using the following table:
Page | 7
Device Network connection Use
Network Adapter Custom: Communicates with the management port

VMnet1 (Host-only)
Network Adapter 2 Custom: VMnet3 Communicates within the internal VLAN
Click OK.
Task 5 – Edit the Settings of the LAMP Image

The LAMP_4 image requires manual network configuration changes.
Select LAMP_4 from the Library menu, and then click Power on this virtual machine.
If prompted, click “I copied it”.
After the image powers on, within the VMware window on the LAMP desktop, leave the Xubuntu user
account selected and click Login.
Click the Applications Menu icon on the top-left of the screen and go to Settings > Settings Manager.
In the Hardware section, click Network Connections.
Select Wired connection 1, and then click Edit.
From the Device MAC address list box, select the MAC address for eth0.
Click Save.
Select Wired connection 3, and then click Edit.
From the Device MAC address list box, select the MAC address for eth1, and then click Save.
Delete Wired connection 2 and Wired connection 4.
→NOTE: The wired connection entries will not be removed from the Network Connections list
until you reboot the image.
Close the Network Connections and Settings dialog boxes.
Page | 8
In the VMware library, power off the LAMP_4 image.
Right-click LAMP_4 in the Library menu and select Snapshot > Take Snapshot.
Name the snapshot LAMP_4_Clean, and then click Take Snapshot.
Page | 9
Part 2 – Configuring the BIG-IP VE
• Your workstation needs Internet access to complete the licensing portion of this exercise.
• Required virtual images: BIGIP_A_v12.0.0.
Task 1 – Configure BIG-IP Management Interface Settings

Power on the BIG-IP VE image and then configure the management interface settings.
Click BIGIP_A_v12.0.0 from the Library menu, and then click Power on this virtual machine
After the BIG-IP VE system has powered on, you are presented with the localhost login screen.
Log in to the BIG-IP system using the following credentials: localhost login: root Password: default
At the CLI prompt, type:

config
→NOTE: The following must be completed using your keyboard only.
Press the Enter key to activate the OK option.
Use the Tab key to activate the No option, and then press the Enter key.
Edit the IP Address to 10.1.1.245, then press the Tab key to activate the OK option, and then press
the Enter key.
Ensure that the Netmask is 255.255.255.0, press the Tab key to activate the OK option, and then press
the Enter key.
Press the Enter key to activate the Yes option to create a default route for the management port.
Edit the Management Route to 10.1.1.1, then press the Tab key to activate the OK option, and then
press the Enter key.
Press the Enter key to activate the Yes option to accept the settings.
Page | 10
Task 2 – Configure Network Settings on the BIG-IP VE System
Use TMSH to configure the BIG-IP VE system with network settings.
Use an SSH session to access 10.1.1.245, and log in using the following credentials: Username:
root
Password: default
Copy the following TMSH commands and then paste them at the CLI prompt. You can copy and
paste all lines together.
tmsh create net vlan external interfaces add { 1.1 { untagged } }
tmsh create net vlan internal interfaces add { 1.2 { untagged } }
tmsh create net self 10.1.10.241 address 10.1.10.241/24 vlan external allow-service add { tcp:443 }
tmsh create net self 10.1.20.241 address 10.1.20.241/24 vlan internal allow-service default
tmsh create net route Default_Gateway network 0.0.0.0/0 gw 10.1.10.2
tmsh save sys config
Task 3 – Access the BIG-IP VE System and Complete the Setup Utility
Use a web browser to access the management port of your BIG-IP system, and then complete the steps of the
Setup Utility, including activating the BIG-IP system.
Open a web browser and access https://10.1.1.245.
Log into the BIG-IP VE system using the following credentials:

Username: admin
Password: admin
On the Welcome page click Next.
On the License page click Activate.
Open the email from F5 Networks with your Evaluation Registration Key and copy the Registration
Key text.
In the Setup Utility, in the Base Registration Key field, paste the registration key text.
For Activation Method, select Manual, and then click Next.
Select and copy all of the dossier text to your clipboard. (NOTE: Use Ctrl + A and then Ctrl + C.) Select
Click here to access F5 Licensing Server.
On the Activate or Upgrade BIG-IP page, click Activate License.
Paste the dossier text in the field, and then click Next.
Page | 11
Select to accept the legal agreement, and then click Next.
Select and copy all of the license key text to your clipboard (NOTE: Use Ctrl + A and then Ctrl + C.), and
then close the Activate F5 Product page.
On the Setup Utility > License page, paste the license key text into the Step 3: License field, and then
click Next.
The BIG-IP VE system configuration updates. This takes several seconds.
After the configuration changes complete, log in to the BIG-IP VE system.
On the Resource Provisioning page leave Local Traffic (LTM) as the only provisioned module and click
Next.
On the Device Certificates page click Next.
On the Platform page, configure these settings using the following information, and then click Next.
Host Name bigipA.f5demo.com
Root Account (Password and Confirm) default
Admin Account (Password and Confirm) admin
Click OK, and then log back in to the BIG-IP VE system.
Under Standard Network Configuration click Next.
On the Redundant Device Wizard Options page leave the default settings and click Next.
In the Internal Network Configuration and Internal VLAN Configuration sections, configure the
highlighted settings using the following information, and then click Next.
Self IP: Address 10.1.20.241
Self IP: Netmask 255.255.255.0
Self IP: Port Lockdown Allow Default
Floating IP: Address 10.1.20.240
Floating IP: Port Lockdown Allow Default
Interfaces 1.2 (untagged)
Page | 12
In the External Network Configuration and External VLAN Configuration sections, configure the
highlighted settings using the following information, and then click Finished.
External VLAN Create VLAN external
Self IP: Port Lockdown Allow 443
Default Gateway 10.1.10.2
Floating IP: Address 10.1.10.240
Floating IP: Port Lockdown Allow 443
VLAN Interfaces 1.1 (untagged)

On the High Availability Network Configuration page, configure the highlighted settings using the
following information, and then click Next.
High Availability VLAN Select existing VLAN
Select VLAN internal
VLAN Interfaces 1.2 (untagged)

On the Network Time Protocol Configuration page, enter10.1.20.252, then click Add, and then click
Next.
On the Domain Name Server Configuration page, enter 4.2.2.2 and then click Add.
Select the 10.1.1.1 entry, then click Delete, and then click Next.
On the ConfigSync Configuration page, leave 10.1.20.241 (internal) selected and click Next.
On the Failover Unicast Configuration page, leave the default settings and click Next.
On the Mirroring Configuration page, leave the default settings and click Next.
On the Active/Standby Pair page, under Advanced Device Management Configuration click Finished.
Open the Network > Self IPs page and click 10.1.10.241.
Add TCP port 22 to the Custom List and click Update.
Task 4 – Import an SSL Certificate and Key

Import the vlab.f5demo.com certificate and key, and then import the entrust_chain certificate chain.
Open the System > File Management > SSL Certificate List page, and then click Import.
From the Import Type list box, select Certificate.
In the Certificate Name field, type f5demo, and then click the Browse button.
Page | 13
Navigate to the Exercise_Files folder (within the vLab_Package directory), select the
vlab.f5demo.com.crt file, and then click Open.
Click Import.
Click the Import button again, and then from the Import Type list box, select Key.
In the Key Name box, type f5demo, and then click the Browse button.
Select the vlab.f5demo.com.privatekey file, and then click Open.
Click Import.
Click the Import button again, and then from the Import Type list box, select Certificate.
In the Certificate Name box, type chain, and then click the Browse button.
Select the entrust-chain.txt file, and then click Open.

Click Import.
Task 5 – Create a Client SSL Profile

Create a new client SSL profile using the wildcard.vlab.f5demo.com certificate and key.
Open the Local Traffic > Profiles > SSL > Client page, and then click Create.
Create a client SSL profile using the following information: (NOTE: Copy and paste the pass phrase.)
Name f5demo_client_ssl
Certificate f5demo
Key f5demo
Chain chain
Pass Phrase IamFfive2Day

Click Add.
Click Finished.
Page | 14
Task 6 – Update Your Local Hosts File (OPTIONAL)
Add several entries for your local hosts file.
→NOTE: Perform this task on either your local workstation or the Windows 7 image if you’ll be
using it for accessing virtual servers.
Right-click on Notepad in the Start menu, and then select to Run as Administrator. Open the
C:\Windows\System32\drivers\etc\hosts file.
Copy and paste the following entries:

10.1.1.245 bigipA.vlab.f5demo.com
10.1.10.30 offload.vlab.f5demo.com
10.1.10.35 dvwa.vlab.f5demo.com
10.1.10.36 epc.vlab.f5demo.com
10.1.10.37 webtop.vlab.f5demo.com
10.1.10.38 sso.vlab.f5demo.com
10.1.10.39 webscraping.vlab.f5demo.com
10.1.10.40 iapp.f5demo.com
10.1.10.40 iapp.vlab.f5demo.com
10.1.10.41 rdp.vlab.f5demo.com
10.1.10.45 access.vlab.f5demo.com
10.1.10.80 ssloffload.vlab.f5demo.com
10.1.10.81 ssliapp.vlab.f5demo.com
10.1.10.84 iapp84.f5demo.com
10.1.10.85 iapp85.f5demo.com
10.1.10.86 iapp86.vlab.f5demo.com
10.1.10.46 demosite.f5demo.com
10.1.10.46 demosite.vlab.f5demo.com
10.1.10.47 demosite.f5dem0.com
10.1.10.50 untrusted.vlab.f5demo.com
10.1.10.51 trusted.vlab.f5demo.com
10.1.10.52 ddos.f5demo.com
Save and close the hosts file.
Task 7 – Create an Archive File

Create an archive file which you’ll use as the starting point in all exercise and demonstration guides.
In the Configuration Utility, open the System > Archives page.
Create a new archive file named clean_install_bigipA_v12.0.0.
That concludes the setup and configuration of the F5 vLab.
Page | 15
Part 3 - PROCESSING TRAFFIC
EXERCISE 2.1 – CREATE AN HTTP POOL AND VIRTUAL SERVER
TASK 1 – Create a Pool
Create a pool containing three HTTP web servers.
In the VMware library, start up the BIGIP‐12.0_LTMFund and LAMP_v4 images.
Open a web browser and access https://10.1.1.245.
Open the Local Traffic > Pools > Pool List page, and then click Create.
Create a pool using the following information, and then click Finished.
Name http_pool
Health Monitors none (leave empty)
Load Balancing Method Round Robin
Priority Group Activation Disabled
New Members Node Name Address Service Port

(Click Add for each entry)
leave empty 10.1.20.11 80
Open the Local Traffic > Nodes > Node List page.
The BIG‐IP VE system automatically creates a node for each pool member, using the node IP
address as the node name.
TASK 2 – Create a Virtual Server that Uses the Pool

Create an HTTP virtual server that uses http_pool.
Open the Local Traffic > Virtual Servers > Virtual Server List page, and then click Create.
Create a virtual server using the following information, and then click Finished.
Name http_virtual
Type Standard
Destination Address 10.1.10.20
Service Port 80 (HTTP)
Page | 16
State Enabled
Default Pool http_pool
TASK 3 – Verify the Virtual Server and Pool Functionality

Use a web browser to access http_virtual and ensure that you’re receiving information from all three pool
members.
Use a new tab to access the virtual server at http://10.1.10.20.

Each image file identifies which node supplied it. You can also see which node identified the
index.php page. There are page elements coming from all three of the pool members.
In the Configuration Utility, open the Statistics > Module Statistics > Local Traffic page.
From the Statistics Type list box, select Virtual Servers.
Question:
How many connections were opened to create the Web page? ___________
In the F5 vLab Test Web page, type Ctrl+F5 several times to force the web browser to refresh
without using its cache.
Page | 17
In the Configuration Utility, from the Statistics Type list box, select Pools.
Questions:
Did traffic go to each pool member? _____________
Did each member manage approximately the same number of connections? __________
TASK 4 – Modify the Virtual Server SNAT Setting

Identify the effects of adding SNAT Automap to http_virtual.
In the F5 vLab Test Web page, review the Request Details and examine the Client IP
address/port
Questions:
What is the client IP address? ________________________
Which device is configured with this IP address? ___________________________
In the Configuration Utility, open the Local Traffic > Virtual Servers > Virtual Server List page,
and then click http_virtual.
In the Configuration section, from the Source Address Translation list box, select Auto Map,
and then click Update.
In the F5 vLab Test Web page, use Ctrl+F5 to refresh the page.
Question:
What is the client IP address? ________________________
Which device is configured with this IP address? ___________________________
Close the F5 vLab Test Web Site tab.
In the Configuration Utility, from the Source Address Translation list box select None, and then
click Update.
Without SNAT Automap configured, the pool member sees the client’s actual IP address as the
source IP address. With SNAT Automap configured, the pool member sees the BIG‐IP system’s
internal self IP address as the source IP address.
Page | 18
EXERCISE 2.2 – VIRTUAL SERVER PRIORITY
In this exercise you will configure a pool and a virtual server that listen on all ports, and then test application
access using the virtual server.
• Required virtual images: BIGIP‐12.0_LTMFund, LAMP_v4
TASK 1 – Create a Wildcard Pool

Create a pool containing three pool members listening on all ports.
Access https://10.1.1.245 and log in to the BIG‐IP VE system.
Open the Local Traffic > Pools > Pool List page, and then click Create.
Create a new pool using the following information, and then click Finished.
Name open_pool
Load Balancing Method Round Robin
Priority Group Activation Disabled
New Members Address Service Port

(Click Add for each entry)
10.1.20.11 * All Services

Open the Local Traffic > Nodes > Node List page.
Questions:
Did BIG‐IP LTM create new nodes for this pool? _________________
Why or why not? ____________________________________________________________
TASK 2 – Create a Wildcard Virtual Server

Create a virtual server listening on all ports that references open_pool.
Open the Local Traffic > Virtual Servers > Virtual Server List page, and then click Create.
Name open_virtual
Type Standard
Page | 19
Service Port * All Ports
Default Pool open_pool
There are now two virtual servers listening on the same IP address, one on port 80 only, the other on
all ports.
TASK 3 – Verify the Virtual Server and Pool Functionality

Use a web browser to access both http_virtual and open_virtual and verify which virtual server processes
requests for different applications.
Open the Statistics > Module Statistics > Local Traffic page, and then select to view Virtual Servers
statistics.
Ensure the statistics for both virtual servers are reset.
Use a new tab to access http://10.1.10.20.
In the Configuration Utility, on the Virtual Servers statistics page, click Refresh.
Question:
Which virtual server processed this request? _________________________
Reset the virtual server statistics.
Use an SSH client to access 10.1.10.20.
→NOTE: It’s not necessary to log into the CLI to complete this task.
Close the SSH session.
Question:
Reset the virtual server statistics.
In the F5 vLab Test Web Site tab, edit the URL to https://10.1.10.20.
You can identify the port used to access the pool member in the Request Details section and the
Pool member address/port row.
Page | 20
Question:
The HTTP request was processed by http_virtual, as this virtual server is more specific than
open_virtual. The SSH and HTTPS requests were processed by open_virtual.
Open the Local Traffic > Virtual Servers > Virtual Server List page.
Select the open_virtual checkbox, and then click Delete twice.
Open the Local Traffic > Pools > Pool List page.
Select the open_pool checkbox, and then click Delete twice.
EXERCISE 2.3 – USING MONITORS WITH POOLS

In this exercise you will create a custom HTTP monitor and assign the monitor to the HTTP pool. You will then
view the effects of using monitors on the virtual server, pool, pool members, and nodes.
TASK 1 – Check Current Pool Member Status

Use the Pool List page to examine the current status of the members of the HTTP pool.
Open the Local Traffic > Pools > Pool List page, then click http_pool, and then open the Members
page.
Examine the Status of the listed members.
Question:
Will BIG‐IP LTM distribute traffic to pool members that are unknown? _____________
TASK 2 – Create a Custom HTTP Monitor

Create a custom HTTP monitor that requests a specific Web page from the pool member and that verifies a
specific text string is returned in the HTTP response.
Open the Local Traffic > Monitors page, and then click Create.
Create a monitor using the following information, and then click Finished.
Name custom_http_monitor
Type HTTP
Interval 3
Timeout 10
Page | 21
Send String GET /HealthCheck.html\r\n
Receive String SERVER_UP
TASK 3 – Assign the Custom Monitor to the Pool

Assign custom_http_monitor to http_pool.
Open the Local Traffic > Pools > Pool List page, and then click http_pool.
For Health Monitors, select custom_http_monitor, then click <<, and then click Update.
TASK 4 – View the Network Map

View the status of virtual server, pool, pool members, and nodes using Network Map.
Open the Local Traffic > Network Map page.
Page | 22
EXERCISE 2.4 – USING AN HTTP PROFILE
In this exercise you will create a custom HTTP profile and add it to the HTTP virtual server. You will then
examine how the HTTP profile changes the traffic management behavior.
TASK 1 – Create a Custom HTTP Profile

Create a custom HTTP profile.
Open the Local Traffic > Profiles > Services > HTTP page, and then click Create.
Create an HTTP profile using the following information, and then click Finished.
Name custom_http_profile
Proxy Mode Reverse
Fallback Host http://www.f5.com
Fallback on Error Codes 404 500‐503
Response Headers Allowed Content‐Type Set‐Cookie Location
Insert X‐Forwarded‐For Enabled
Maximum Requests 50
Notice the current inherited setting for Maximum Header Size is 32768 bytes.
TASK 2 – Modify the Default HTTP Profile

Modify the BIG‐IP system default http profile, and then examine which values were inherited by
custom_http_profile.
On the Profiles: Services: HTTP page, click http.
Edit the profile using the following information, and then click Update.
Maximum Requests 30
Maximum Header Size 16384

Open the Profiles: Services: HTTP page, and then click custom_http_profile.
Questions:
Did the custom profile inherit the Maximum Requests setting? _______________
Did the custom profile inherit the Maximum Header Size setting? ________________
Page | 23
TASK 3 – Add the Custom HTTP Profile to a Virtual Server
Add custom_http_profile to http_virtual.
In the HTTP Request and Response Information section, click Request and Response Headers. Leave
this tab open.
In the Configuration Utility, open the Virtual Server List page, and then click http_virtual.
In the Configuration section, from the HTTP Profile list box, select custom_http_profile, and then click
Update.
Use a new tab to access http://10.1.10.20, and then click the Request and Response Headers link.
Using both tabs, examine the different Response Headers delivered to the Client sections.
Questions:
Why are there less response headers in the second version of this Web page?
_______________________________________________________________
Which response headers that were exposed in the first version of this Web page could be
exploited by a hacker?
________________________________________________________________
Using both tabs, examine the different Request Headers Received at the Server section.
Question:
On the second version, what is the X‐Forwarded‐For value? _________________________
Page | 24
TASK 4 – Update the Custom HTTP Profile
Update custom_http_profile with additional settings.
In the Configuration Utility, open the Local Traffic > Profiles > Services > HTTP page, and then click
custom_http_profile.
Edit the profile using the following information, and then click Update.
Request Header Erase User‐Agent
Request Header Insert Bigip‐Http‐Virtual:10.1.10.20
Response Headers Allowed Content‐Type Set‐Cookie Location X‐Injected

In the F5 vLab Test Web Site tab, type Ctrl+F5 to refresh the Request and Response Headers page.
Questions:
Is the new Bigip‐Http‐Virtual request header displaying? ________________
Are you still seeing the User‐Agent header? __________________
Close the F5 vLab Test Web Site tab.
Page | 25
EXERCISE 2.5 – USING SOURCE ADDRESS PERSISTENCE
In this exercise you will create a source address persistence profile and examine how it changes the BIG‐IP
load balancing decision.
TASK 1 – Update the HTTP Pool

Update http_pool to use round robin load balancing.
Open the Pool List page, then click http_pool, and then open the Members page.
From the Load Balancing Method list box, select Round Robin, and then click Update.
TASK 2 – Create a Source Address Persistence Profile

Create a custom source address persistence profile and add it to http_virtual.
Open the Local Traffic > Profiles > Persistence page, and then click Create.
Create a persistence profile using the following information, and then click Finished.
Name custom_source_address
Persistence Type Source Address Affinity
Timeout 15 seconds
Prefix Length Specify: IPv4 : 24

Open the Virtual Server List page, and then click http_virtual.
Open the Resources page.
From the Default Persistence Profile list box, select custom_source_address, and then click Update.
Use Ctrl+F5 several times to refresh the page.
Questions:
Are responses coming from one or several pool members? ______________________
Which pool member is supplying the content for this request? ____________________
Wait over 20 seconds and then use Ctrl+F5 to refresh the page again.
Questions:
Page | 26
Was the same pool member used for this request? _______________
Why or why not? _________________________________________________________
EXERCISE 2.6 – SUPPORTING SSL TRAFFIC

In this exercise you’ll configure BIG‐IP LTM to support processing SSL traffic. First you’ll configure the
BIG‐IP system to simply pass SSL traffic through to the pool members. Then you’ll configure the BIG‐IP
system for SSL termination.
TASK 1 – Create HTTPS pool and virtual server

View how requests are currently being handled through http_virtual and a new https_virtual.
Create a pool using the following information, and then click Finished.
Name https_pool
Health Monitors https
Members Node Service Port

(Use the Node List option)
10.1.20.11 443
10.1.20.12 443
10.1.20.13 443
10.1.20.14 443
10.1.20.15 443
Name https_virtual
Service Port 443 (HTTPS)
Default Pool https_pool
TASK 2 – Create a Self‐Signed Certificate

Create a self‐signed certificate for www.f5demo.com.
Page | 27
Open the System > File Management > SSL Certificate List page, and then click Create.
Create a self‐signed certificate using the following information, and then click Finished.
Name custom_ssl_cert
Type Self
Common Name www.f5demo.com
Lifetime 3650 days
TASK 3 – Create a Client SSL Profile

Create a client SSL profile using custom_ssl_cert.
Open the Local Traffic > Profiles > SSL > Client page, and then click Create.
Create a client SSL profile using the following information.

Name custom_client_ssl
Parent Profile clientssl
Certificate custom_ssl_cert
Key custom_ssl_cert
Click Add for Certificate Key Chain, and then click Finished.
TASK 4 – Create a Custom HTTPS Monitor

Create a custom HTTPS monitor that requests the index.php Web page from the pool member and then
verifies that a text string is returned in the response. Then apply this Monitor to https_pool.
Open the Local Traffic > Monitors page, and then click Create.
Create a monitor using the following information, and then click Finished.
Name custom_https_monitor
Type HTTPS
Send String GET /index.php\r\n
Receive String FSE vLab Test Web Site

Open https_pool, and change the Monitor to custom_https_monitor, and then click Update.
Page | 28
Part 2 – Configuring the BIG-IP VE
TASK 5 – Enable SSL Termination with the HTTPS Virtual Server
Enabled SSL termination on https_virtual and verify the results.
In the Configuration Utility, on the https_virtual page, open the Properties page.
From the SSL Profile (Client) list box, select custom_client_ssl, and then click <<.
From the SSL Profile (Server) list box, select serverssl, then click <<, and then click Update.
Use a new tab to access https://10.1.10.20.
Use Ctrl+F5 several times to refresh F5 vLab Test Web Site tab.
Questions:
Did the Web page display? _____________
Is the connection between the client and BIG‐IP LTM secured? _____________
Is the connection between BIG‐IP LTM and the pool member secured? _____________
In the Configuration Utility, on the https_virtual page, open the Properties page.
From the SSL Profile (Server) list box, select serverssl, then click >> to remove it and then click
Update.
Go to Resources menu, change the Default Pool to http_pool and click update
Use a new tab to access https://10.1.10.20.
Use Ctrl+F5 several times to refresh F5 vLab Test Web Site tab.
Questions:
Did the Web page display? _____________
Is the connection between the client and BIG‐IP LTM secured? _____________
Is the connection between BIG‐IP LTM and the pool member secured? _____________
Page | 29

F5 LTM Handson - V12.x

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

F5 LTM Handson - V12.x

Uploaded by

Copyright:

Available Formats

F5 BIG-IP LTM Hands on

Task 1 – Install VMware Workstation

Open a new Web browser and access http://www.vmware.com/products/workstation/overview.html.

Download and install the trial version of VMware Workstation 12.

Task 2 – Set Up the VMware Network Environment

Remove any existing VMnet Networks except for VMnet0.

Select VMnet3, and configure as follows:

Open a command prompt and type:

Task 3 – Open the BIG-IP VE System VMware Image

In VMware Workstation, go to File > Open.

Name the new virtual machine BIGIP_A_v12.0.

Click the Accept button.

Adjust the Memory to 4096 MB.

Network Adapter Custom: VMnet1 (Host-only) Management port access

Task 4 – Open the LAMP VMware Image

In VMware Workstation, go to File > Open.

Select the LAMP_4.vmx image file, and then click Open.

In the VMware Workstation dialog box, click Take Ownership.

Network Adapter Custom: Communicates with the management port

Task 5 – Edit the Settings of the LAMP Image

If prompted, click “I copied it”.

In the Hardware section, click Network Connections.

Select Wired connection 1, and then click Edit.

Select Wired connection 3, and then click Edit.

Delete Wired connection 2 and Wired connection 4.

Close the Network Connections and Settings dialog boxes.

Name the snapshot LAMP_4_Clean, and then click Take Snapshot.

Task 1 – Configure BIG-IP Management Interface Settings

At the CLI prompt, type:

→NOTE: The following must be completed using your keyboard only.

Press the Enter key to activate the OK option.

Open a web browser and access https://10.1.1.245.

Log into the BIG-IP VE system using the following credentials:

On the Welcome page click Next.

On the License page click Activate.

For Activation Method, select Manual, and then click Next.

On the Activate or Upgrade BIG-IP page, click Activate License.

After the configuration changes complete, log in to the BIG-IP VE system.

On the Device Certificates page click Next.

Root Account (Password and Confirm) default

Admin Account (Password and Confirm) admin

Click OK, and then log back in to the BIG-IP VE system.

Under Standard Network Configuration click Next.

Self IP: Netmask 255.255.255.0

Self IP: Port Lockdown Allow Default

Floating IP: Address 10.1.20.240

Floating IP: Port Lockdown Allow Default

Interfaces 1.2 (untagged)

Self IP: Address 10.1.10.241

Self IP: Netmask 255.255.255.0

Self IP: Port Lockdown Allow 443

Default Gateway 10.1.10.2

Floating IP: Address 10.1.10.240

Floating IP: Port Lockdown Allow 443

VLAN Interfaces 1.1 (untagged)

Select VLAN internal

Self IP: Address 10.1.20.241

Self IP: Netmask 255.255.255.0

VLAN Interfaces 1.2 (untagged)

Add TCP port 22 to the Custom List and click Update.

Task 4 – Import an SSL Certificate and Key

From the Import Type list box, select Certificate.

Select the vlab.f5demo.com.privatekey file, and then click Open.

Select the entrust-chain.txt file, and then click Open.