2 BIG-IP 800 LTM v HF2 V LTM L L L IP GUI VLAN.

BIG-IP800 LTM v11.4.0 HF2 V1.0 F5 Networks Japan

2 BIG-IP 800 LTM v11.4.0 HF2 V1.0...1 1....3 1.1. LTM...3 2. L3...4 2.1. L3...4 2.2. L3...5 3....6 3.1....6 3.1.1. IP...6 3.1.2. GUI...10 3.1.3. VLAN...19 3.1.4. Self IP...20 3.1.5....21 3.2. Pool Virtual Server HTTP:Port80...22 3.2.2. HTTP...25 3.3. Virtual Server HTTPS:Port443...26 3.3.1....26 3.3.2. HTTPS...34 4. L3...35 4.1. L3...35 4.2. L3...36 4.3. Active big208.f5jp.local...37 4.4. Standby big209.f5jp.local...43 4.5. Active...46 4.6....49 4.7....50 4.8. ConfigSync...53 4.9. Traffic-group-1...54 4.9.1. HTTP...56 5. L2...57 5.1. L2...57 5.2. L2...58 5.3. Active big208.f5jp.local...59 5.3.1. VLAN...59 5.3.2. VLAN...59 5.3.3. Self IP...60 5.3.4. Pool Virtual Server HTTP:Port80...61 5.3.5. HTTP...62 5.3.6....63 5.3.7. NTP...65 5.4. Standby big209.f5jp.local...66 5.4.1. VLAN...66 5.4.2. VLAN...66 5.4.3. Self IP...67 5.4.4....67 5.5. Active...69 5.6....69 5.7. Traffic-Group...70 5.8. ConfigSync...70 5.9. traffic-group-1 Active big208.f5jp.local...71 5.10. HTTP...72 6....73

1. BIG-IP Local Traffic Manager LTM BIG-IP LTM SSL BIG-IP LTM WEB 1.1. LTM LTM 8 PC 1 URL:www.f5.com 4 2 Internet 3 DNS 7 IP BIG-IP800 LTM 6 5 Internal-IP Web2-IP Web1 Web2 Web3 Web4 Web5 Web BIG-IP800 LTM Web Web URL www.f5.com PC www.f5.com IP DNS DNS www.f5.com IP Web IP HTTP BIG-IP800 LTM Web 1 Web2 HTTP Web Web2 HTTP HTTP HTTP BIG-IP800 LTM HTTP PC www.f5.com Web 3

2. L3 2.1. L3 L3 4 1 IP 2 External-IP 5 3 Internal-IP 6 Web IP IP 192.168.1.245/24 - Big208.f5jp.local IP --- 172.28.15.208/24 External External 10.99.1.208 Internal Internal 10.99.2.208 10.99.1.254 http-vs-001 10.99.1.101:80 https-vs001 10.99.1.101:443 Web 1 --- 10.99.2.215:80 Web 2 --- 10.99.2.217:80 CLI --- ID/Password : root/default GUI --- ID/Password : admin/admin 4

2.2. L3 L3 1 Internet 10.99.1.254 Interface 1.1 VLAN: External External-IP: 10.99.1.208 10.99.1.222 10.99.1.0/24 External http-vs-001: 10.99.1.101:80 https-vs-001: 10.99.1.101:443 Internet big208.f5jp.local Interface 1.2 VLAN: Internal Internal-IP: 10.99.2.208 Web 1 10.99.2.215:80 IP: 172.28.15.208 Web 2 10.99.2.217:80 10.99.2.0/24 Internal 172.28.15.0/24.254 L3sw LAN 10.99.2.208 BIG-IP Virtual Server 10.99.1.101:80 10.99.1.101:443 2 2 10.99.2.215:80 10.99.2.217:80 BIG-IP 10.99.1.254 Web BIG-IP Internal 10.99.2.208 PC 5

3. 3.1. 3.1.1. IP BIG-IP Baud Rate 19,200 RS232C TeraTerm 1 ID: root Password: default 2 IP config Enter 6

3 OK 4 DHCP DHCP No 5 IP 7

6 7 Yes 8 8

9 Yes 9

3.1.2. GUI PC BIG-IP IP HTTPS PC 1 ID Password ID admin Password admin 10

2 Next 3 Activate 11

4 Next 5 Dossier Step2 Click here to access F5 Licensing Server Dossier 12

6 Web activate.f5.com Enter your dossier Dossier Next Dossier 13

7 Next Next 8 14

9 Web Step3:License Next 15

10 Next 11 SSL Next 16

12 Root/Admin Next FQDN Root Admin OK 17

13 ID : Admin 14 Finished Finished 18

3.1.3. VLAN VLAN Main Network VLAN Create 1 External VLAN 2 Internal VLAN 19

3.1.4. Self IP BIG-IP VLAN IP BIG-IP IP Self IP Main Network Self IPs Create 1 External VLAN IP VLAN SSH/GUI 2 Internal VLAN IP IP VLAN SSH/GUI 20

3 3.1.5. BIG-IP Main Network Routes Add 1 Finished 21

3.2. Pool Virtual Server HTTP:Port80 1 Pool Pool Pool Main Local Traffic Pools Create Address: Service Port add 2 Pool 22

3 http-pool-001 Members Status 23

4 Virtual Server HTTP:Port80 Main Local Traffic Virtual Servers Create IP 80 HTTP Profile Pool 24

5 Status 3.2.2. HTTP 1 Virtual Server Web Web 2 Main Statistics Module Statistics Local Traffic Statistics Type Pools Web Bits,Packets Status Reset 25

3.3. Virtual Server HTTPS:Port443 HTTPS 3.3.1. 1 CSR CA CSR Certificate Signing Request Main System File Management SSL Certificate List Create Certificate Authority Common Name Web FQDN Organization Locality State Or Province Country RSA 26

2 CSR PC CSR Finished a CSR b CSR 3 CSR Key 27

4 Main System File Management SSL Certificate List Key 5 CSR SSL OpenSSL 28

6 SSL Main System File Management SSL Certificate List SSLserver Import Import 7 Import 29

8 Key 30

9 Client SSL Profile Main Local Traffic Profile SSL Client Create Key 31

10 Virtual Server HTTP Port443 IP 443 HTTP Profile SSL Profile Pool 32

11 Status 33

3.3.2. HTTPS 1 Virtual Server HTTPS SSL 2 Main Statistics Module Statistics Local Traffic Statistics Type Pools Web Bits,Packets Status Reset 34

4. L3 4.1. L3 L3 4 1 IP 2 External-IP 5 7 IP 8 External IP 3 Internal-IP 9 Internal IP 6 Web 10 NTP 2 Active IP GW 1 2 big208.f5jp.local big209.f5jp.local --- 172.28.15.208/24 --- 172.28.15.209/24 External External 10.99.1.208/24 External 10.99.1.209/24 Internal Internal 10.99.2.208/24 Internal 10.99.2.209/24 10.99.1.254 Web 1 Web 2 http-vs-001 https-vs-001 10.99.1.101:80 10.99.1.101:443 --- 10.99.2.215:80 --- 10.99.2.217:80 HA 10.99.3.208/24 HA 10.99.3.209/24 External External-flo-ip 10.99.1.253 Internal Internal-flo-ip 10.99.2.253 NTP 10.99.2.217 35

4.2. L3 BIG-IP L3 Internet http-vs-001: https-vs-001: 10.99.1.101:80 10.99.1.101:443 10.99.1.254 External-flo-IP: 10.99.1.253 10.99.1.222 10.99.1.0/24 External Interface 1.1 VLAN: External External-IP: 10.99.1.208 Interface 1.3 VLAN: HA HA-IP: 10.99.3.208 Interface 1.3 VLAN: HA HA-IP: 10.99.3.209 Interface 1.1 VLAN: External External-IP: 10.99.1.209 Internet big208.f5jp.local Interface 1.2 VLAN: Internal Internal-IP: 10.99.2.208 Web 1 10.99.2.215:80 10.99.3.0/24 HA big209.f5jp.local Interface 1.2 VLAN: Internal Internal-IP: 10.99.2.209 IP: 172.28.15.208 Internal-flo-IP: 10.99.2.253 Web 2 10.99.2.217:80 & NTP 10.99.2.0/24 Internal 172.28.15.0/24 IP: 172.28.15.209 L3sw.254 10.99.2.253 Web Internal-flo-IP 10.99.2.253 NTP 10.99.2.217 BIG-IP BIG-IP BIG-IP HA High Availability VLAN VLAN External Internal VLAN HA VLAN HA VLAN 36

4.3. Active big208.f5jp.local 1 HA VLAN Main Network VLANs Create HA VLAN 2 HA VLAN IP Main Network Self IPs Create HA VLAN IP IP VLAN SSH/GUI 37

3 4 Main Device Management Devices big208.f5jp.local self 38

5 Device Connectivity ConfigSync HA VLAN IP Update HA VLAN IP 6 Device Connectivity Failover Add 39

7 HA VLAN IP HA VLAN IP 8 Device Connectivity Mirroring HA VLAN IP Secondary Internal VLAN IP Update Primary HA VLAN IP Secondry Internal VLAN 9 NTP Main System Configuration Device NTP Address NTP IP Add 40

NTP Add NTP NTP Tera Term SSH User name root Use challenge/response to log in 41

default SSH ntpq -np [root@big208:active:standalone] config # ntpq -np remote refid st t when poll reach delay offset jitter ============================================================================== 10.99.2.217 133.243.238.163 2 u 115 128 377 1.927-2.995 1.491 42

4.4. Standby big209.f5jp.local 1 Active VLAN Self IP Devices Standby 2 Standby VLAN 3 Standby Self IP 43

4 Main Device Management Devices big209.f5jp.local self Active Device Connectivity ConfigSync HA VLAN IP 5 Failover HA VLAN IP 44

6 Mirroring Primary HA VLAN IP Secondry Internal VLAN 45

4.5. Active Active 1 Main Device Management Device Trust Peer List Add 2 Standby IP ID Admin Retrieve Device Information Standby IP Admin 46

3 Standby Finished 4 47

5 Device Management Devices self Standby 48

4.6. BIG-IP 3 1 2 2 3 2 1 Main Device Management Device Groups Sync-Failover 2 49

4.7. Virtual Server IP Floating IP Main Device Management Traffic Groups 1 Traffic-group-1 Traffic-group-1 Floating IP Virtual Server 50

2 Internal VLAN IP Floating IP Floating IP Active Standby IP Self IP IP Active/Standby Main Network Self IPs Traffic-group-1 IP VLAN IP SSH/GUI traffic-group-1 3 External VLAN IP Floating IP IP VLAN IP SSH/GUI traffic-group-1 51

4 Main Local Traffic Virtual Servers Virtual Address List Properties Traffic Group traffic-group-1 traffic-group-1 5 Main Device Management Traffic Groups Traffic-group-1 Failover Objects 52

4.8. ConfigSync Active Standby ConfigSync 1 Main Device Management Overview Active Big208.f5jp.local Sync 2 53

4.9. Traffic-group-1 IP Traffic-group-1 Active Standby big209.f5jp.local Traffic-group-1 Active Active big208.f5jp.local Traffic-group-1 Active 1 Main Device Management Traffic Groups Traffic-group-1 Failover Order Active 2 ConfigSync 54

3 big209.f5jp.local Main Device Management Traffic Groups Traffic-group-1 Force to Standy 4 big209.f5jp.local Standby 55

5 big208.f5jp.local Active 4.9.1. HTTP 1 Virtual Server Web Web 2 Main Statistics Module Statistics Local Traffic Statistics Type Pools Web Bits,Packets Status Reset 56

5. L2 5.1. L2 BIG-IP L2 External VLAN Internal VLAN L2 & 4 2 & 3 VLAN 1 IP 2 External VLAN 5 7 IP 3 Internal VLAN 6 Web & 10 NTP External VLAN Internal VLAN BIG-IP L2 VLAN IP IP 1 2 big208.f5jp.local big209.f5jp.local --- 172.28.15.208/24 --- 172.28.15.209/24 External External --- External --- Internal Internal --- Internal --- & VLAN vgroup 10.99.1.208 vgroup 10.99.1.209 10.99.1.254 http-vs-001 10.99.1.101:80 Web 1 Web 2 --- 10.99.1.215:80 --- 10.99.1.217:80 HA 10.99.3.208/24 HA 10.99.3.209/24 NTP 10.99.1.217 57

5.2. L2 BIG-IP Internet http-vs-001: 10.99.1.101:80 10.99.1.254 10.99.1.222 10.99.1.0/24 External Interface 1.1 VLAN: External Active Interface 1.2 VLAN: Internal big208.f5jp.local VLAN-group: vgroup vgroup-ip: 10.99.1.208 Web 1 10.99.1.215:80 Interface 1.3 VLAN: HA HA-IP: 10.99.3.208 Interface 1.3 VLAN: HA HA-IP: 10.99.3.209 10.99.3.0/24 HA IP: 172.28.15.208 Interface 1.2 VLAN: Internal big209.f5jp.local VLAN-group: vgroup vgroup-ip: 10.99.1.209 Web 2 10.99.1.217:80 & NTP Interface 1.1 VLAN: External Standby 10.99.1.0/24 Internal 172.28.15.0/24 IP: 172.28.15.209 Internet L3sw.254 LAN 10.99.1.254 Web 10.99.1.254 NTP 10.99.1.217 BIG-IP 58

5.3. Active big208.f5jp.local 5.3.1. VLAN VLAN 5.3.2. VLAN VLAN Main Network VLAN VLAN Groups 59

1 VLAN Group VLAN 5.3.3. Self IP VLAN Group IP 1 VLAN Group IP IP VLAN Group SSH/GUI 60

2 HA VLAN IP 5.3.4. Pool Virtual Server HTTP:Port80 1 Pool Pool 10.99.1.x Status 61

2 Virtual Server HTTP Port80 IP 80 HTTP Profile Pool 5.3.5. HTTP 1 Virtual Server Web Web 2 Main Statistics Module Statistics Local Traffic Statistics Type Pools Web Bits,Packets 62

Status Reset 5.3.6. Main Device Management Devices self 1 Config Sync 63

2 Failover 3 Mirroring 64

5.3.7. NTP Main System Configuration Device NTP Address NTP IP Add NTP NTP Add 65

5.4. Standby big209.f5jp.local 5.4.1. VLAN Active 5.4.2. VLAN Active 66

5.4.3. Self IP Active Standby IP 5.4.4. Standby Active Main Device Management Devices self 1 Config Sync 67

2 Failover 3 Mirroring 68

5.5. Active Active big208.f5jp.local Main Device Management Device Trust Peer List Standby 5.6. 2 BIG-IP 69

5.7. Traffic-Group Traffic Groups traffic-group-1 Failover Order 5.8. ConfigSync Main Device Management Overview 70

5.9. traffic-group-1 Active big208.f5jp.local IP Active Standby big209.f5jp. local Active Standby big209.f5jp.local traffic-group-1 Force to Standby big208. f5jp.local Active 1 Force to Standby 2 Big208.f5jp.local Active 71

5.10. HTTP 1 Virtual Server Web Web 2 Main Statistics Module Statistics Local Traffic Statistics Type Pools Web Bits,Packets Status Reset 72

6. BIG-IP IP Syslog irule BIG-IP 800 BIG-IP SSL-VPN WEB F5 WEB F5 http://www.f5networks.co.jp/ F5 Tech Depot http://www.f5networks.co.jp/depot/ AskF5 http://support.f5.com/kb/en-us.html DevCentral F5 https://devcentral.f5.com/ Guido Vosmeer 73

DevCentral DevCentral F5 DevCentral 122,000 Forum http://www.f5networks.co.jp/dcj/ 2013 9 A