F5 Networks Configuring BIG-IP LTM v12: Local Traffic Manager

COURSE OUTLINE:

Description

This course provides networking professionals a functional understanding of the BIG-IP LTM v12 system as it is commonly used, as well as an in-depth understanding of its advanced features. This hands-on course covers installation, configuration, and management of BIG-IP LTM systems and includes lectures, labs, and discussions.

Audience

This course is intended for system and network administrators responsible for installation, setup, configuration, and administration of the BIG-IP LTM system.

Prerequisites

Administering BIG-IP, OSI model, TCP/IP addressing and routing, WAN, LAN environments, and server redundancy concepts; or having achieved TMOS Administration Certification.

Learning Objectives

  • Configure and manage an AFM system
  • Configure AFM Network Firewall in a positive or negative security model
  • Configure Network Firewall to allow or deny network traffic using rules
  • Pre-build firewall rules using lists and schedule components
  • Enforce firewall rules immediately or test them using policy staging
  • Use Packet Tester and Flow Inspector features to check network connections against your security configurations for Network Firewall, IP intelligence and DoS features
  • Configure various IP Intelligence features to identify, record, allow or deny access by IP address
  • Configure the Device DoS detection and mitigation feature to protect the BIG-IP device and all applications from multiple types of attack vectors
  • Configure DoS detection and mitigation on a per-profile basic to protect specific applications from attack
  • Use DoS Dynamic Signatures to automatically protect the system from DoS attacks based on long term traffic and resource load patterns
  • Configure and use the AFM local and remote log facilities
  • Configure and monitor AFM�s status with various reporting facilities
  • Export AFM system reports to your external monitoring system directly or via scheduled mail
  • Allow chosen traffic to bypass DoS checks using Whitelists
  • Isolate potentially bad clients from good using the Sweep Flood feature
  • Isolate and re-route potentially bad network traffic for further inspection using IP Intelligence Shun functionality
  • Restrict and report on certain types of DNS requests using DNS Firewall
  • Configure, mitigate, and report on DNS based DoS attacks with the DNS DoS facility
  • Configure, mitigate, and report on SIP based DoS attacks with the SIP DoS facility
  • Build Network Firewall rules using BIG-IP iRules
  • Configure, block, and report on the misuse of system services and ports using the Port Misuse feature
  • Detect, mitigate, and report on violations of various network protocols and well-known attack traffic signatures using the Intrusion Protection System feature
  • Be able to monitor and do initial troubleshooting of various AFM functionality

Lesson 1 : Setting up the BIG-IP System

  • Introducing the BIG-IP System
  • Initially Setting Up the BIG-IP System
  • Archiving the BIG-IP Configurations
  • Leveraging F5 Support Resources and Tools

Lesson 2 : Reviewing Local Traffic Configuration

  • Reviewing Nodes, Pools, and Virtual Servers
  • Reviewing Address Translation
  • Reviewing Routing Assumptions
  • Reviewing Application Health Monitoring
  • Reviewing Traffic Behavior Modification with Profiles
  • Reviewing the TMOS Shell (TMSH)
  • Reviewing Managing BIG-IP Configuration Data

Lesson 3 : Load Balancing Traffic with LTM

  • Exploring Dynamic Load Balancing Options
  • Using Priority Group Activation and Fallback Host
  • Comparing Member and Node Load Balancing

Lesson 4 : Modifying Traffic Behavior with Persistance

  • Reviewing Persistence
  • Introducing SSL Persistence
  • Introducing SIP Persistence
  • Introducing Universal Persistence
  • Introducing Destination Address Affinity Persistence
  • Using Match Across Options for Persistence

Lesson 5 : Monitoring Application Health

  • Differentiating Monitor Types
  • Customizing the HTTP Monitor
  • Monitoring an Alias Address and Port
  • Monitoring a Path vs. Monitoring a Device
  • Managing Multiple Monitors
  • Using Application Check Monitors
  • Using Manual Resume

Lesson 6 : Processing Traffic with Virtual Servers

  • Virtual Servers Concepts
  • Path Load Balancing
  • Introducing Auto Last Hop

Lesson 7 : Processing Traffic with SNATs

  • Overview of SNATs
  • SNAT Auto Map
  • SNAT Pools
  • SNATs as Listeners
  • SNAT Specificity
  • VIP Bounceback
  • Additional SNAT Options
  • Network Packet Processing

Lesson 8 : Configuring High Availability

  • Sync-Failover Group Concepts
  • Synchronization, State and Failover
  • Traffic Group Concepts
  • N+1 Concepts

Lesson 9 : Configuring High Availability Part 2

  • Failover Triggers and Detection
  • Stateful Failover
  • Device Group Communication
  • Sync-Only Device Groups

Lesson 10 : Modifying Traffic with Profiles

  • Profiles Review
  • Common Protocol Profile Types and Settings
  • TCP Express Optimization
  • Performance Improvements
  • Configuring and Using Profiles
  • HTTP Profile Options
  • OneConnect
  • HTTP Compression
  • HTTP Caching
  • Stream Profiles
  • F5 Acceleration Technologies
  • Analytics

Lesson 11 : Selected Topics

  • VLAN, VLAN Tagging, and Trunking
  • Restricting Network Access
  • SNMP Features
  • Internet Protocol Version 6 (IPv6)
  • Route Domains

Lesson 12 : Deploying Application Services with iApps

  • Simplifying Application Deployment with iApps Using iApps Templates
  • Deploying an Application Service
  • Reconfiguring an Application Service
  • Leveraging the iApps Ecosystem on DevCentral

Lesson 13 : Customizing Application Delivery with iRules and Local Traffic Policies

  • Getting Started with iRules
  • Triggering an iRules
  • Introducing iRules Constructs
  • Leveraging the DevCentral Ecosystem
  • Deploying and Testing iRules
  • Getting Started with Local Traffic Policies
  • Constructing and Managing Rules

Lesson 14: Final Lab Project