F5 培训教材

BIG-IPV9LocalTrafficManagerF5NetworksTraining7/20/20073IntroductiontoF5•ApplicationDeliveryNetworking–Ensuresnetworkapplicationsare:Secure,FastandAvailableF5Products:–BIG-IPLocalTrafficManager–BIG-IPLinkController–BIG-IPGlobalTrafficManager–FirePass–BIG-IPApplicationSecurityManager–WanJet/WebAccelerator4BIG-IPLocalTrafficManagerInternet•LoadBalanceServers•MonitorServerStatus5BIG-IPGlobalTrafficManager(3-DNS)Internet•LoadBalanceDNSrequests•Letssay=oneof•MonitorServerStatus207.46.134.22265.197.145.183143.166.83.200GTM=?207.46.134.222=?143.166.83.200=?207.46.134.2226ISP#1ISP#2BIG-IPLinkControllerInternet•LoadBalanceServers•LBInboundLinks•LBOutboundLinks3TypesofLoadBalancing7BIG-IPEnterpriseManagerLTMGTM•Centralizedversionandbackupmanagement•CentralizedviewofSSLcertificates•DeviceInventoryandControl•Supportforupto300devices8FirePassFirepassFileServersWebServerstelnettoHostsE-mailServersTermServices/CitrixDesktopSSLVPNPDACellphoneAuthenticationAuthorizationOrFullSSLVPNRemoteAccessthruBrowserAuthorizationbyGroup9BIG-IPApplicationSecurityManager(TrafficShield)ApplicationLayerFirewall•BlocksKnown&UnknownWebAttacks•ReverseProxy•ApplicationCloaking•ScrubsOutgoingContent216.34.94.17:80Internet207.17.117.2510WanJetRemoteOfficeMainOffice•OptimizetheWANLAN-likeresults•Accelerateapplications•Configurablesite-to-siteencryptionusingSSL11WebAcceleratorCustomerWebServer•Acceleratesallwebapplications•Fasterend-userresponsetimes•Extendsservercapacity•Reducessystemload•Reducesnetworkbandwidthneeds•Transparenttoapplications&users12CourseOutline–Day11.Installation2.LoadBalancing3.Monitors4.Profiles13Module1-InstallationInternetBIG-IPLTMsClientsServers14Module1-Outline•BIG-IPPlatformOverview•Installation(SetupUtility)•ConfigurationUtilitiesandUserAccess16ApplicationSwitch–3400ProcessorboardSwitchboardA.ProcessorB.SSLcardBAD.SCCPE.ASIC2F.SwitchchipsDEFC.CF&HDC17SwitchPlatforms6800/64001500PlatformDifferences•8800(2U)–DualDualCoreCPU,4GRam,ASIC10–1210/100/1G&4Gbgports•6800/6400(2U)–DualCPU,2GRam,ASIC2–1610/100/1G&4Gbgports•3400(1U)–SingleCPU,1GRam,ASIC2–810/100/1G&2Gbgports•1500(1U)–SingleCPU,768MRam–410/100/1G&2Gbgports•IntegratedSSLAcceleration•LCDpanelcontrolinterface•Forcurrentinfo-(PVA2)160GBHD+512CFSSL@20KTPS/2GbBulkFIPSSSLoptionHWCompressionoptionASM/WAoption4GbpsTrafficBIG-IP68002x2.80GHzOpteron1610/100/1000+4SFP160GBHD+512CFLayer4ASIC(PVA2)HWCompressionoptionASM/WAoptionSSL@15KTPS/2GbBulk2GbpsTrafficBIG-IP64002x2.6GHzOpteron1210/100/1000or12SFPLayer4ASIC(PVA10)160GBHD+512CFSSL@33KTPS/3GbBulkHWCompressionoptionASM/WAoption6-10GbpsTrafficBIG-IP84002x2.6GHzDualCoreOpteron1210/100/1000or12SFPLayer4ASIC(PVA10)160GBHD+512CFSSL@48KTPS/6GbBulkHWCompressionoptionASM/WAoption7-10GbpsTraffic(7GL7,6GSSL&Compress)BIG-IP88001.8GHzCore2Duo410/100/1000+2SFP160GBHDSSL@5KTPS/750MbBulk750bpsTrafficBIG-IP1600DAGHSBCPUCPUCPUCPUDAGHSBCPUCPUCPUCPUDAGHSBCPUCPUCPUCPUDAGHSBCPUCPUCPUCPUFabricFabricFabricFabricBIG-IP36002.13GHzOpteron810/100/1000+2SFP160GBHD+8GBCFSSL@10KTPS/2GbBulkFIPSSSLoptionASM/WAoption1.5GbpsTraffic19LegacyPlatforms51002400SwitchPlatforms•5100/5110–2410/100&4G•2400–1610/100&2G•1000–810/100&1G•IntegratedSSLAcceleration520/540ServerAppliance•520/540–210/100NICs•NoIntegratedSSL•Mainly3-DNS20CurrentBIG-IPLTMSoftwareLevelsPlatformV4.xV9.01600,3600NV9.46800,6400,3400,1500NY5100,2400,1000YY520,540YV9.221InitialBIG-IPLTMSetup1.Configutility–IPAddressforManagementinterface2.License3.Setuputility–Rootpassword–IPAddressforVLANs–AssigninterfacestoVLANs–WebAdminpassword–SSHAccess22InterfaceNaming(3400chassis)1.12.110/100/1000Portsnumbered:•toptobottom,lefttoright1.12.12.21.21.31.41.51.61.71.8MiniGbgPortsstartat2.1mgmteth0ManagementPortiseth0usbconsolefailoverMgmtURL–AutomatedRunSetuputility•EnterRegistrationKeyPCBIG-IPLicensethebox•GetLicensefromF5•SelectparametersF5LicenseServeractivate.F5.comReboot(v9.2)24LicenseProcess–ManualPCBIG-IPF5LicenseServeractivate.F5.comInternet•CopyProductDossiertoPC•PasteProductDossiertoF5•MovePCtoInternet•DownloadLicensetoPC•Upload&InstallLicensefileRunSetuputilityManuallyLicensetheboxPC••MovePCbackReboot(v9.2)25SetupUtility–Network27WebConfigurationutility28Setup/ConfigurationAccessTwomethods1.WebInterface•https(remote)2.CommandLine•ssh(remote)•SerialTerminal29BIG-IPLTMBackupProcess•Storesconfigurationinonefile•Ifcopiedtoanothersystem,thenre-license30UserAuthenticationProcess31BIG-IPLTMAdminUsers32Module2–LoadBalancing12345678Internet33Module2–Outline•VirtualServers,Members&Nodes•ConfiguringVirtualServers&Pools–VirtualServer&PoolLab•LoadBalancingModes•ConfiguringLoadBalancing–LoadBalancingLabs34Pools,MembersandNodes172.16.20.1172.16.20.2172.16.20.3Node=IPaddress:80:80:80PoolMember=Node+PortPool=Groupofpoolmembers36VirtualServerInternetVirtualServer•IPAddress+Service(