Professional Documents
Culture Documents
Training Guide
vLab Setup Guide for VMware Workstation
Document version 12.0.0.02
Contents
Part 1 – Configuring VMware Workstation............................................................................................................................ 4
Task 1 – Install VMware Workstation ................................................................................................................................ 4
Task 2 – Set Up the VMware Network Environment ......................................................................................................... 4
Task 3 – Open the BIG-IP VE System VMware Image ........................................................................................................ 6
Task 4 – Open the LAMP VMware Image .......................................................................................................................... 7
Task 5 – Edit the Settings of the LAMP Image ................................................................................................................... 8
Part 2 – Configuring the BIG-IP VE ....................................................................................................................................... 10
Task 1 – Configure BIG-IP Management Interface Settings ............................................................................................ 10
Task 2 – Configure Network Settings on the BIG-IP VE System ...................................................................................... 11
Task 3 – Access the BIG-IP VE System and Complete the Setup Utility .......................................................................... 11
Task 4 – Import an SSL Certificate and Key...................................................................................................................... 13
Task 5 – Create a Client SSL Profile .................................................................................................................................. 14
Task 6 – Update Your Local Hosts File (OPTIONAL) ........................................................................................................ 15
Task 7 – Create an Archive File ........................................................................................................................................ 15
Part 3 - PROCESSING TRAFFIC .............................................................................................................................................. 16
EXERCISE 2.1 – CREATE AN HTTP POOL AND VIRTUAL SERVER ...................................................................................... 16
TASK 1 – Create a Pool ................................................................................................................................................. 16
TASK 2 – Create a Virtual Server that Uses the Pool ................................................................................................... 16
TASK 3 – Verify the Virtual Server and Pool Functionality .......................................................................................... 17
TASK 4 – Modify the Virtual Server SNAT Setting........................................................................................................ 18
EXERCISE 2.2 – VIRTUAL SERVER PRIORITY...................................................................................................................... 19
TASK 1 – Create a Wildcard Pool ................................................................................................................................. 19
TASK 2 – Create a Wildcard Virtual Server .................................................................................................................. 19
TASK 3 – Verify the Virtual Server and Pool Functionality .......................................................................................... 20
EXERCISE 2.3 – USING MONITORS WITH POOLS ............................................................................................................. 21
TASK 1 – Check Current Pool Member Status ............................................................................................................. 21
TASK 2 – Create a Custom HTTP Monitor .................................................................................................................... 21
TASK 3 – Assign the Custom Monitor to the Pool ....................................................................................................... 22
TASK 4 – View the Network Map ................................................................................................................................. 22
EXERCISE 2.4 – USING AN HTTP PROFILE......................................................................................................................... 23
TASK 1 – Create a Custom HTTP Profile ....................................................................................................................... 23
TASK 2 – Modify the Default HTTP Profile ................................................................................................................... 23
TASK 3 – Add the Custom HTTP Profile to a Virtual Server ......................................................................................... 24
TASK 4 – Update the Custom HTTP Profile .................................................................................................................. 25
EXERCISE 2.5 – USING SOURCE ADDRESS PERSISTENCE ................................................................................................. 26
TASK 1 – Update the HTTP Pool ................................................................................................................................... 26
TASK 2 – Create a Source Address Persistence Profile ................................................................................................ 26
EXERCISE 2.6 – SUPPORTING SSL TRAFFIC ....................................................................................................................... 27
TASK 1 – Create HTTPS pool and virtual server ........................................................................................................... 27
TASK 2 – Create a Self‐Signed Certificate .................................................................................................................... 27
TASK 3 – Create a Client SSL Profile ............................................................................................................................. 28
TASK 4 – Create a Custom HTTPS Monitor .................................................................................................................. 28
TASK 5 – Enable SSL Termination with the HTTPS Virtual Server ............................................................................... 29
WWFE vLab Guides – vLab Setup Guide for VMware Workstation; v12.0.0.02 Page | 3
Part 1 – Configuring VMware Workstation
• This guide is written for a Windows workstation
• Estimated completion time: 40 minutes
→NOTE: These exercises are tested for VMware Workstation version 10. There may be issues with
previous versions.
You need to purchase a VMware Workstation license; however, you have 30 days to use
the trial version.
Launch VMware Workstation, and then select Edit > Virtual Network Editor.
Click the Add Network button, and add VMnet1, VMnet2 and VMnet3.
Select VMnet1, and configure as follows: o Select the Host-only (connect VMs internally in a private
network) option. o Select the Connect a host virtual adapter to this network checkbox.
o Leave the Use local DHCP service to distribute IP address to VMs checkbox selected.
o In the Subnet IP field enter 10.1.1.0, o In the Subnet mask field enter 255.255.255.0.
o Click the DHCP Settings button.
o Change the Start IP address to 10.1.1.150 and the End IP address to 10.1.1.160, and then click
OK.
→NOTE: You will use this network to access the BIG-IP management interface.
This configures your local workstation with a VMware Network Adapter VMnet1 IP address within the
10.1.1.0 network.
Select VMnet2 and configure as follows: o Select the NAT (shared host’s IP address with VMs) option. o
Select the Connect a host virtual adapter to this network checkbox. o Leave the Use local DHCP service
to distribute IP address to VMs checkbox selected. o In the Subnet IP field enter 10.1.10.0. o In the
Subnet mask field enter 255.255.255.0. o Click the NAT Settings button.
o In the Gateway IP field enter 10.1.10.2, and then click OK. o Click the DHCP Settings button.
o Change the Start IP address to 10.1.10.150 and the End IP address to 10.1.10.160, and then
click OK.
→NOTE: These NAT settings enable the BIG-IP VE system reach the Internet through your
workstation’s network adapter.
This configures your local workstation with a VMware Network Adapter VMnet 2 IP address within
the 10.1.10.0 network.
Page | 5
→NOTE: Ensure that the “Connect a host virtual adapter to this network” checkbox is cleared. This
prevents your local PC from having direct access to the internal network.
Click OK.
Your local workstation should not receive a VMware Network Adapter VMnet3 IP address.
Use the table below to note the IP addresses for your VMnet adapters.
Adapter IPv4 Address
VMnet1
VMnet2
Close the command prompt.
Navigate to the location where you saved the BIG-IP image file, then select the BIGIP-12.0.0.0.0.606.ALL-
scsi.ova image file, and then click Open.
Enter or browse to a location with at least 4 GB of free disk space and click Import.
After the import completes, select BIGIP_A_v12.0 from the Library menu, and then click Edit virtual
machine settings.
Page | 6
For Hard Disk (SCSI), ONLY IF the current value is less than 80 GB, select Hard Disk (SCSI), and then on
the right-side of the window go to Utilities > Expand, then set the Maximum disk size (GB) to 80, and
then click Expand.
For Hard Disk 2 (SCSI), ONLY IF the current value is less than 20 GB, select Hard Disk (SCSI), and then on
the right-side of the window go to Utilities > Expand, then set the Maximum disk size (GB) to 20, and
then click Expand.
Map the network adapters to the appropriate VMware networks using the following table:
Device Network connection Use
Network Adapter 2 Custom:VMnet2 (NAT) Used for the external self IP address
Network Adapter 3 Custom: VMnet3 Used for the internal self IP address
Network Adapter 4 Bridged (Automatic) Not used; clear the Connect at power on
checkbox
Click OK.
Navigate to directory that you unzipped the VMware images and open LAMP_4.
Select LAMP_4 from the Library menu, and then click Edit virtual machine settings.
Map the network adapters to the appropriate VMware networks using the following table:
Page | 7
Device Network connection Use
Select LAMP_4 from the Library menu, and then click Power on this virtual machine.
After the image powers on, within the VMware window on the LAMP desktop, leave the Xubuntu user
account selected and click Login.
Click the Applications Menu icon on the top-left of the screen and go to Settings > Settings Manager.
From the Device MAC address list box, select the MAC address for eth0.
Click Save.
From the Device MAC address list box, select the MAC address for eth1, and then click Save.
→NOTE: The wired connection entries will not be removed from the Network Connections list
until you reboot the image.
Page | 8
In the VMware library, power off the LAMP_4 image.
Right-click LAMP_4 in the Library menu and select Snapshot > Take Snapshot.
Page | 9
Part 2 – Configuring the BIG-IP VE
• Your workstation needs Internet access to complete the licensing portion of this exercise.
• Required virtual images: BIGIP_A_v12.0.0.
• Estimated completion time: 30 minutes
Click BIGIP_A_v12.0.0 from the Library menu, and then click Power on this virtual machine
After the BIG-IP VE system has powered on, you are presented with the localhost login screen.
Log in to the BIG-IP system using the following credentials: localhost login: root Password: default
Use the Tab key to activate the No option, and then press the Enter key.
Edit the IP Address to 10.1.1.245, then press the Tab key to activate the OK option, and then press
the Enter key.
Ensure that the Netmask is 255.255.255.0, press the Tab key to activate the OK option, and then press
the Enter key.
Press the Enter key to activate the Yes option to create a default route for the management port.
Edit the Management Route to 10.1.1.1, then press the Tab key to activate the OK option, and then
press the Enter key.
Press the Enter key to activate the Yes option to accept the settings.
Page | 10
Task 2 – Configure Network Settings on the BIG-IP VE System
Use TMSH to configure the BIG-IP VE system with network settings.
Use an SSH session to access 10.1.1.245, and log in using the following credentials: Username:
root
Password: default
Copy the following TMSH commands and then paste them at the CLI prompt. You can copy and
paste all lines together.
tmsh create net vlan external interfaces add { 1.1 { untagged } }
tmsh create net vlan internal interfaces add { 1.2 { untagged } }
tmsh create net self 10.1.10.241 address 10.1.10.241/24 vlan external allow-service add { tcp:443 }
tmsh create net self 10.1.20.241 address 10.1.20.241/24 vlan internal allow-service default
tmsh create net route Default_Gateway network 0.0.0.0/0 gw 10.1.10.2
tmsh save sys config
Task 3 – Access the BIG-IP VE System and Complete the Setup Utility
Use a web browser to access the management port of your BIG-IP system, and then complete the steps of the
Setup Utility, including activating the BIG-IP system.
Open the email from F5 Networks with your Evaluation Registration Key and copy the Registration
Key text.
In the Setup Utility, in the Base Registration Key field, paste the registration key text.
Select and copy all of the dossier text to your clipboard. (NOTE: Use Ctrl + A and then Ctrl + C.) Select
Click here to access F5 Licensing Server.
Paste the dossier text in the field, and then click Next.
Page | 11
Select to accept the legal agreement, and then click Next.
Select and copy all of the license key text to your clipboard (NOTE: Use Ctrl + A and then Ctrl + C.), and
then close the Activate F5 Product page.
On the Setup Utility > License page, paste the license key text into the Step 3: License field, and then
click Next.
The BIG-IP VE system configuration updates. This takes several seconds.
On the Resource Provisioning page leave Local Traffic (LTM) as the only provisioned module and click
Next.
On the Platform page, configure these settings using the following information, and then click Next.
Host Name bigipA.f5demo.com
On the Redundant Device Wizard Options page leave the default settings and click Next.
In the Internal Network Configuration and Internal VLAN Configuration sections, configure the
highlighted settings using the following information, and then click Next.
Self IP: Address 10.1.20.241
Page | 12
In the External Network Configuration and External VLAN Configuration sections, configure the
highlighted settings using the following information, and then click Finished.
External VLAN Create VLAN external
On the Domain Name Server Configuration page, enter 4.2.2.2 and then click Add.
Select the 10.1.1.1 entry, then click Delete, and then click Next.
On the ConfigSync Configuration page, leave 10.1.20.241 (internal) selected and click Next.
On the Failover Unicast Configuration page, leave the default settings and click Next.
On the Mirroring Configuration page, leave the default settings and click Next.
On the Active/Standby Pair page, under Advanced Device Management Configuration click Finished.
Open the Network > Self IPs page and click 10.1.10.241.
Open the System > File Management > SSL Certificate List page, and then click Import.
In the Certificate Name field, type f5demo, and then click the Browse button.
Page | 13
Navigate to the Exercise_Files folder (within the vLab_Package directory), select the
vlab.f5demo.com.crt file, and then click Open.
Click Import.
Click the Import button again, and then from the Import Type list box, select Key.
In the Key Name box, type f5demo, and then click the Browse button.
Click Import.
Click the Import button again, and then from the Import Type list box, select Certificate.
In the Certificate Name box, type chain, and then click the Browse button.
Open the Local Traffic > Profiles > SSL > Client page, and then click Create.
Create a client SSL profile using the following information: (NOTE: Copy and paste the pass phrase.)
Name f5demo_client_ssl
Certificate f5demo
Key f5demo
Chain chain
Click Finished.
Page | 14
Task 6 – Update Your Local Hosts File (OPTIONAL)
Add several entries for your local hosts file.
→NOTE: Perform this task on either your local workstation or the Windows 7 image if you’ll be
using it for accessing virtual servers.
Right-click on Notepad in the Start menu, and then select to Run as Administrator. Open the
C:\Windows\System32\drivers\etc\hosts file.
Page | 15
Part 3 - PROCESSING TRAFFIC
EXERCISE 2.1 – CREATE AN HTTP POOL AND VIRTUAL SERVER
TASK 1 – Create a Pool
Create a pool containing three HTTP web servers.
Open the Local Traffic > Pools > Pool List page, and then click Create.
Create a pool using the following information, and then click Finished.
Name http_pool
Open the Local Traffic > Nodes > Node List page.
The BIG‐IP VE system automatically creates a node for each pool member, using the node IP
address as the node name.
Open the Local Traffic > Virtual Servers > Virtual Server List page, and then click Create.
Create a virtual server using the following information, and then click Finished.
Name http_virtual
Type Standard
Page | 16
State Enabled
In the Configuration Utility, open the Statistics > Module Statistics > Local Traffic page.
Question:
How many connections were opened to create the Web page? ___________
In the F5 vLab Test Web page, type Ctrl+F5 several times to force the web browser to refresh
without using its cache.
Page | 17
In the Configuration Utility, from the Statistics Type list box, select Pools.
Questions:
Did traffic go to each pool member? _____________
Did each member manage approximately the same number of connections? __________
In the F5 vLab Test Web page, review the Request Details and examine the Client IP
address/port
Questions:
What is the client IP address? ________________________
In the Configuration Utility, open the Local Traffic > Virtual Servers > Virtual Server List page,
and then click http_virtual.
In the Configuration section, from the Source Address Translation list box, select Auto Map,
and then click Update.
In the F5 vLab Test Web page, use Ctrl+F5 to refresh the page.
Question:
What is the client IP address? ________________________
In the Configuration Utility, from the Source Address Translation list box select None, and then
click Update.
Without SNAT Automap configured, the pool member sees the client’s actual IP address as the
source IP address. With SNAT Automap configured, the pool member sees the BIG‐IP system’s
internal self IP address as the source IP address.
Page | 18
EXERCISE 2.2 – VIRTUAL SERVER PRIORITY
In this exercise you will configure a pool and a virtual server that listen on all ports, and then test application
access using the virtual server.
• Required virtual images: BIGIP‐12.0_LTMFund, LAMP_v4
• Estimated completion time: 10 minutes
Open the Local Traffic > Pools > Pool List page, and then click Create.
Create a new pool using the following information, and then click Finished.
Name open_pool
Questions:
Did BIG‐IP LTM create new nodes for this pool? _________________
Open the Local Traffic > Virtual Servers > Virtual Server List page, and then click Create.
Create a virtual server using the following information, and then click Finished.
Name open_virtual
Type Standard
Page | 19
Service Port * All Ports
There are now two virtual servers listening on the same IP address, one on port 80 only, the other on
all ports.
Open the Statistics > Module Statistics > Local Traffic page, and then select to view Virtual Servers
statistics.
In the Configuration Utility, on the Virtual Servers statistics page, click Refresh.
Question:
Which virtual server processed this request? _________________________
→NOTE: It’s not necessary to log into the CLI to complete this task.
In the Configuration Utility, on the Virtual Servers statistics page, click Refresh.
Question:
Which virtual server processed this request? _________________________
In the F5 vLab Test Web Site tab, edit the URL to https://10.1.10.20.
You can identify the port used to access the pool member in the Request Details section and the
Pool member address/port row.
Page | 20
In the Configuration Utility, on the Virtual Servers statistics page, click Refresh.
Question:
Which virtual server processed this request? _________________________
The HTTP request was processed by http_virtual, as this virtual server is more specific than
open_virtual. The SSH and HTTPS requests were processed by open_virtual.
Open the Local Traffic > Virtual Servers > Virtual Server List page.
Open the Local Traffic > Pools > Pool List page.
Open the Local Traffic > Pools > Pool List page, then click http_pool, and then open the Members
page.
Question:
Will BIG‐IP LTM distribute traffic to pool members that are unknown? _____________
Open the Local Traffic > Monitors page, and then click Create.
Create a monitor using the following information, and then click Finished.
Name custom_http_monitor
Type HTTP
Interval 3
Timeout 10
Page | 21
Send String GET /HealthCheck.html\r\n
Open the Local Traffic > Pools > Pool List page, and then click http_pool.
For Health Monitors, select custom_http_monitor, then click <<, and then click Update.
Page | 22
EXERCISE 2.4 – USING AN HTTP PROFILE
In this exercise you will create a custom HTTP profile and add it to the HTTP virtual server. You will then
examine how the HTTP profile changes the traffic management behavior.
• Required virtual images: BIGIP‐12.0_LTMFund, LAMP_v4
• Estimated completion time: 15 minutes
Open the Local Traffic > Profiles > Services > HTTP page, and then click Create.
Create an HTTP profile using the following information, and then click Finished.
Name custom_http_profile
Maximum Requests 50
Notice the current inherited setting for Maximum Header Size is 32768 bytes.
Edit the profile using the following information, and then click Update.
Maximum Requests 30
Questions:
Did the custom profile inherit the Maximum Requests setting? _______________
Did the custom profile inherit the Maximum Header Size setting? ________________
Page | 23
TASK 3 – Add the Custom HTTP Profile to a Virtual Server
Add custom_http_profile to http_virtual.
In the HTTP Request and Response Information section, click Request and Response Headers. Leave
this tab open.
In the Configuration Utility, open the Virtual Server List page, and then click http_virtual.
In the Configuration section, from the HTTP Profile list box, select custom_http_profile, and then click
Update.
Use a new tab to access http://10.1.10.20, and then click the Request and Response Headers link.
Using both tabs, examine the different Response Headers delivered to the Client sections.
Questions:
Why are there less response headers in the second version of this Web page?
_______________________________________________________________
Which response headers that were exposed in the first version of this Web page could be
exploited by a hacker?
________________________________________________________________
Using both tabs, examine the different Request Headers Received at the Server section.
Question:
On the second version, what is the X‐Forwarded‐For value? _________________________
Page | 24
TASK 4 – Update the Custom HTTP Profile
Update custom_http_profile with additional settings.
In the Configuration Utility, open the Local Traffic > Profiles > Services > HTTP page, and then click
custom_http_profile.
Edit the profile using the following information, and then click Update.
Request Header Erase User‐Agent
Questions:
Is the new Bigip‐Http‐Virtual request header displaying? ________________
Page | 25
EXERCISE 2.5 – USING SOURCE ADDRESS PERSISTENCE
In this exercise you will create a source address persistence profile and examine how it changes the BIG‐IP
load balancing decision.
• Required virtual images: BIGIP‐12.0_LTMFund, LAMP_v4
• Estimated completion time: 15 minutes
Open the Pool List page, then click http_pool, and then open the Members page.
From the Load Balancing Method list box, select Round Robin, and then click Update.
Open the Local Traffic > Profiles > Persistence page, and then click Create.
Create a persistence profile using the following information, and then click Finished.
Name custom_source_address
Timeout 15 seconds
From the Default Persistence Profile list box, select custom_source_address, and then click Update.
Questions:
Are responses coming from one or several pool members? ______________________
Which pool member is supplying the content for this request? ____________________
Wait over 20 seconds and then use Ctrl+F5 to refresh the page again.
Questions:
Page | 26
Was the same pool member used for this request? _______________
Create a pool using the following information, and then click Finished.
Name https_pool
10.1.20.12 443
10.1.20.13 443
10.1.20.14 443
10.1.20.15 443
Create a virtual server using the following information, and then click Finished.
Name https_virtual
Page | 27
Open the System > File Management > SSL Certificate List page, and then click Create.
Create a self‐signed certificate using the following information, and then click Finished.
Name custom_ssl_cert
Type Self
Open the Local Traffic > Profiles > SSL > Client page, and then click Create.
Certificate custom_ssl_cert
Key custom_ssl_cert
Click Add for Certificate Key Chain, and then click Finished.
Open the Local Traffic > Monitors page, and then click Create.
Create a monitor using the following information, and then click Finished.
Name custom_https_monitor
Type HTTPS
Page | 28
Part 2 – Configuring the BIG-IP VE
TASK 5 – Enable SSL Termination with the HTTPS Virtual Server
Enabled SSL termination on https_virtual and verify the results.
In the Configuration Utility, on the https_virtual page, open the Properties page.
From the SSL Profile (Client) list box, select custom_client_ssl, and then click <<.
From the SSL Profile (Server) list box, select serverssl, then click <<, and then click Update.
Use Ctrl+F5 several times to refresh F5 vLab Test Web Site tab.
Questions:
Did the Web page display? _____________
Is the connection between the client and BIG‐IP LTM secured? _____________
Is the connection between BIG‐IP LTM and the pool member secured? _____________
In the Configuration Utility, on the https_virtual page, open the Properties page.
From the SSL Profile (Server) list box, select serverssl, then click >> to remove it and then click
Update.
Go to Resources menu, change the Default Pool to http_pool and click update
Use Ctrl+F5 several times to refresh F5 vLab Test Web Site tab.
Questions:
Did the Web page display? _____________
Is the connection between the client and BIG‐IP LTM secured? _____________
Is the connection between BIG‐IP LTM and the pool member secured? _____________
Page | 29