[go: up one dir, main page]
Scribd
Upload
65 views28 pages

Module 2 - Processing Traffic - Vfinal

The document provides an overview of the BIG-IP Local Traffic Manager (LTM) fundamentals, focusing on traffic processing, including nodes, pools, and virtual servers. It outlines how LTM manages traffic through various configurations and load balancing methods, as well as addressing potential issues like asymmetric routing. The content is intended for F5 internal and partner use only and is based on BIG-IP TMOS version 11.4.

Uploaded by

Hùng Nguyễn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
65 views28 pages

Module 2 - Processing Traffic - Vfinal

The document provides an overview of the BIG-IP Local Traffic Manager (LTM) fundamentals, focusing on traffic processing, including nodes, pools, and virtual servers. It outlines how LTM manages traffic through various configurations and load balancing methods, as well as addressing potential issues like asymmetric routing. The content is intended for F5 internal and partner use only and is based on BIG-IP TMOS version 11.4.

Uploaded by

Hùng Nguyễn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 28

F5 Worldwide Field Enablement

Learn More, Sell More, Sell Faster

BIG-IP Local Traffic Manager (LTM)


Fundamentals

Module 2: Processing Traffic


Approximate Length: 20 minutes
Based on BIG-IP TMOS version 11.4

For F5 internal and partner use only.


2

•Lesson 1: Nodes, Pools, and Virtual Servers

•Lesson 2: How BIG-IP LTM Processes Traffic

•Lesson 3: Configuring Pools and Virtual Servers

•Lesson 4: Network Map, Statistics, and Logging

© F5 Networks, Inc.
3

Nodes

BIG-IP LTM uses several


objects for managing traffic

Physical or logical server

172.20.10.1 172.20.10.2 172.20.10.3 172.20.10.4

Represented by an IP address
© F5 Networks, Inc.
4

Pool Members

Represented by an
IP address and a port
172.20.10.1 172.20.10.2 172.20.10.3 172.20.10.4

172.20.10.1:80 172.20.10.2:80 172.20.10.3:80


172.20.10.2:443 172.20.10.3:443 172.20.10.4:443
© F5 Networks, Inc.
5

Pools

A pool is configured with a


load balancing method

Round Robin Ratio (Member)


Load Balancing Load Balancing

A node can be a member of multiple pools

Group of pool members that


represents an application
HTTP: 8080
HTTPS: 443
172.20.10.1 172.20.10.2 172.20.10.3 172.20.10.4

172.20.10.1:80 172.20.10.2:80 172.20.10.3:8080


172.20.10.3:80
172.20.10.2:443 172.20.10.3:443 172.20.10.4:443
© F5 Networks, Inc.
6

Virtual Servers

Represented by an
IP address and a port
Listener

10.2.2.100:80 10.2.2.100:443

HTTPS: 443

BIG-IP LTM is a
default deny device

172.20.10.1 172.20.10.2 172.20.10.3 172.20.10.4

172.20.10.1:80 172.20.10.2:80 172.20.10.3:8080


172.20.10.2:443 172.20.10.3:443 172.20.10.4:443
© F5 Networks, Inc.
7

•Lesson 1: Nodes, Pools, and Virtual Servers

•Lesson 2: How BIG-IP LTM Processes Traffic

•Lesson 3: Configuring Pools and Virtual Servers

•Lesson 4: Network Map, Statistics, and Logging

© F5 Networks, Inc.
8

How LTM Processes Client Requests – Request Packet #1

18.200.150.10 http://www.f5.com

Module: Pools and Load Balancing


DNS response:
Request packet
www.f5.com – 10.2.2.100
Source IP: 18.200.150.10:4003
Destination IP: 10.2.2.100:80

10.2.2.100:80 10.2.2.100:443

Request packet
Source IP: 18.200.150.10:4003
Member: 172.20.10.1:80
Destination IP: 172.20.10.1:80

BIG-IP LTM modifies the packet

172.20.10.1 172.20.10.2 172.20.10.3 172.20.10.4

172.20.10.1:80 172.20.10.2:80 172.20.10.3:8080 172.20.10.4:80


172.20.10.2:443 172.20.10.3:443 172.20.10.4:443
© F5 Networks, Inc.
9

How LTM Processes Client Requests – Request Packet #2

18.200.150.10

Request packet #2
Source IP: 18.200.150.10:4003
Destination IP: 10.2.2.100:80

10.2.2.100:80 10.2.2.100:443

Request packet #2
Source IP: 18.200.150.10:4003
Member: 172.20.10.2:80
Destination IP: 172.20.10.2:80

172.20.10.1 172.20.10.2 172.20.10.3 172.20.10.4

172.20.10.1:80 172.20.10.2:80 172.20.10.3:8080 172.20.10.4:80


172.20.10.2:443 172.20.10.3:443 172.20.10.4:443
© F5 Networks, Inc.
10

Pool Member Availability

18.200.150.10

Module: Using Monitors


SNMP traps can send alerts
Request packet #3
Source IP: 18.200.150.10:4003
about offline pool members
Destination IP: 10.2.2.100:80

10.2.2.100:80 10.2.2.100:443

Request packet #3
Source IP: 18.200.150.10:4003
Member: 172.20.10.4:80
Destination IP: 172.20.10.4:80

What if a pool member


is unavailable?
172.20.10.1 172.20.10.2 172.20.10.3 172.20.10.4

172.20.10.1:80 172.20.10.2:80 172.20.10.3:8080 172.20.10.4:80


172.20.10.2:443 172.20.10.3:443 172.20.10.4:443
© F5 Networks, Inc.
11

Port Translation

18.200.150.10

Request packet
Source IP: 18.200.150.10:4003
Destination IP: 10.2.2.100:80

10.2.2.100:80 10.2.2.100:443

Request packet
Source IP: 18.200.150.10:4003
Member: 172.20.10.3:8080
Destination IP: 172.20.10.3:8080

BIG-IP LTM translates both the


destination IP address and port

172.20.10.1 172.20.10.2 172.20.10.3 172.20.10.4

172.20.10.1:80 172.20.10.2:80 172.20.10.3:8080 172.20.10.4:80


172.20.10.2:443 172.20.10.3:443 172.20.10.4:443
© F5 Networks, Inc.
12

How LTM Processes Server Responses

18.200.150.10

BIG-IP LTM modifies the packet

Request packet
Source IP: 18.200.150.10:4003 Response packet
Destination IP: 10.2.2.100:80 Source IP: 10.2.2.100:80
Destination IP: 18.200.150.10:4003

10.2.2.100:80 10.2.2.100:443

Response packet
Source IP: 172.20.10.1:80
Destination IP: 18.200.150.10:4003

172.20.10.1 172.20.10.2 172.20.10.3 172.20.10.4

172.20.10.1:80 172.20.10.2:80 172.20.10.3:8080 172.20.10.4:80


172.20.10.2:443 172.20.10.3:443 172.20.10.4:443
© F5 Networks, Inc.
13

Asymmetric Routing Problem

18.200.150.10
If BIG-IP LTM changes an IP address,
the response must return through BIG-IP LTM
Request packet Response packet
Source IP: 18.200.150.10:4003 Source IP: 172.20.10.1:80
Destination IP: 10.2.2.100:80 Destination IP: 18.200.150.10:4003

10.2.2.100:80 10.2.2.100:443

Request packet
Source IP: 18.200.150.10:4003 172.20.10.240
172.20.10.241
Destination IP: 172.20.10.1:80
Solution #1: Response packet
Configure the default gateway or Source IP: 172.20.10.1:80
static routing on every pool member Destination IP: 18.200.150.10:4003

DG: 172.20.10.241
Solution #2:
172.20.10.1 172.20.10.2
Use 172.20.10.3
Secure Network Address 172.20.10.4
Translation (SNAT)
172.20.10.1:80 172.20.10.2:80 172.20.10.3:8080 172.20.10.4:80
172.20.10.2:443 172.20.10.3:443 172.20.10.4:443
© F5 Networks, Inc.
14

Modify the Pool Member’s Default Gateway

18.200.150.10

Request packet Response packet


Source IP: 18.200.150.10:4003 Source IP: 10.2.2.100:80
Destination IP: 10.2.2.100:80 Destination IP: 18.200.150.10:4003

10.2.2.100:80 10.2.2.100:443

172.20.10.240
172.20.10.241

DG: 172.20.10.240
172.20.10.241

172.20.10.1 172.20.10.2 172.20.10.3 172.20.10.4

172.20.10.1:80 172.20.10.2:80 172.20.10.3:8080 172.20.10.4:80


172.20.10.2:443 172.20.10.3:443 172.20.10.4:443
© F5 Networks, Inc.
15

Using SNAT

18.200.150.10
Use SNAT when modifying the
Module: NATs and SNATs pool members is not an option

Request packet Response packet


Source IP: 18.200.150.10:4003 Source IP: 10.2.2.100:80
Destination IP: 10.2.2.100:80 Destination IP: 172.20.10.240:80

10.2.2.100:80 10.2.2.100:443

Request packet
Source IP: 172.20.10.240:80 Self IP: 172.20.10.240
172.20.10.241
Destination IP: 172.20.10.2:80 Member: 172.20.10.2:80
Broadcast for 172.20.10.240
Response packet
Source IP: 172.20.10.2:80
Destination IP: 172.20.10.240:80
DG: 172.20.10.241

172.20.10.1 172.20.10.2 172.20.10.3 172.20.10.4

172.20.10.1:80 172.20.10.2:80 172.20.10.3:8080 172.20.10.4:80


172.20.10.2:443 172.20.10.3:443 172.20.10.4:443
© F5 Networks, Inc.
16

TMOS – A Full TCP Proxy Architecture

18.200.150.10

10.2.2.100:80 10.2.2.100:443

TMOS:
Traffic Management Operating System

172.20.10.1 172.20.10.2 172.20.10.3 172.20.10.4

172.20.10.1:80 172.20.10.2:80 172.20.10.3:8080 172.20.10.4:80

© F5 Networks, Inc.
17

•Lesson 1: Nodes, Pools, and Virtual Servers

•Lesson 2: How BIG-IP LTM Processes Traffic

•Lesson 3: Configuring Pools and Virtual Servers

•Lesson 4: Network Map, Statistics, and Logging

© F5 Networks, Inc.
18

Creating a New Pool

© F5 Networks, Inc.
19

Configuring a Pool

If you leave Node Name blank,


the IP address is used as the node name

Node Name: http_server_1


Address: 10.128.20.201
Service Port: 80

© F5 Networks, Inc.
20

Creating a New Virtual Server

© F5 Networks, Inc.
21

Configuring a Virtual Server

General Properties section

Using SNAT to solve the issue of


Configuration section asymmetric routing (slide #17)

Resources section

Content Rewrite section You can create a new pool while


Acceleration section creating a new virtual server

© F5 Networks, Inc.
22

•Lesson 1: Nodes, Pools, and Virtual Servers

•Lesson 2: How BIG-IP LTM Processes Traffic

•Lesson 3: Configuring Pools and Virtual Servers

•Lesson 4: Network Map, Statistics, and Logging

© F5 Networks, Inc.
23

Using the Network Map

View the BIG-IP system configuration

© F5 Networks, Inc.
24

Statistics

Know how much traffic


BIG-IP LTM is processing

© F5 Networks, Inc.
25

Logging

Module: Using Monitors


Use log files to help with debugging

Use SNMP traps or a centralized syslog


server for automatic notifications

Audits BIG-IP system objects


and user account activity

© F5 Networks, Inc.
26

Module Review

•Lesson 1: Nodes, Pools, and Virtual Servers

•Lesson 2: How LTM Processes Traffic

•Lesson 3: Configuring Pools and Virtual Servers

•Lesson 4: Network Map, Statistics, and Logging

© F5 Networks, Inc.
27

Hands-On Exercise 2.1 – 2.2

• Create a pool of HTTP Web


servers
• Create a virtual server that
uses the new pool
• Test the virtual server and
view statistics
• Modify the SNAT settings

• View logging and the


Network Map

© F5 Networks, Inc.
F5 Worldwide Field Enablement
Learn More, Sell More, Sell Faster

You might also like