[Article Zhang Feast this article version: v1.0 last modified: 2008.05.22 reproduced Please specify from: HTTP://BLOG.S135.COM/F5_BIG_IP]
In the recent comparison of testing the performance of F5 big-IP and Citrix NetScaler load balancers, write this article to document the common application configuration methods for F5 big-IP.
Currently, many vendors have launched a load balancer dedicated to balancing server load, such as NetScaler of F5 Network's Big-ip,citrix company. The official name of the F5 big-IP LTM, called local traffic manager, can do 4-7-tier load balancing with load balancing, application switching, session switching, status monitoring, intelligent network address translation, general persistence, response error handling, IPV6 gateways, advanced routing, smart port mirroring, SSL acceleration, Smart HTTP compression, TCP optimization, layer 7th rate shaping, content buffering, content conversion, connection acceleration, caching, cookie encryption, selective content encryption, application attack filtering, denial of service (DoS) attacks, and SYN flood protection, firewall-packet filtering, packet disinfection, and more.
Below are F5 Big-IP used as HTTP The main features of the load balancer are:
①, F5 big-IP provides 12 flexible algorithms to distribute all traffic evenly to each server, while facing users, it is just a virtual server.
②, F5 big-IP can confirm that the application can return the corresponding data to the request. If a server behind F5 big-IP has a service stop, a crash, and so on, F5 checks it out and identifies the server as down so that the user's access request is not routed to the failed server. This way, the user's access will not be affected as long as the other servers are normal. Once the outage is fixed, F5 big-IP automatically verifies that the application has been able to respond correctly to customer requests and resumes delivery to that server.
③, F5 big-IP has session hold function for dynamic session.
④, F5 big-IP irules function can do HTTP content filtering, according to different domain names, URLs, to transfer access requests to different servers.
Below, in conjunction with the example, configure F5 big-IP LTM v9.x:
①, assuming that the domain name blog.s135.com is resolved to F5 's extranet/public virtual ip:61.1.1.3 (VS_SQUID), there is a server pool (POOL_SQUID) under the virtual IP. The server pool consists of two real squid servers (192.168.1.11 and 192.168.1.12).
②, if the squid cache misses, the F5 intranet virtual ip:192.168.1.3 (Vs_apache) is requested, and there is a default server pool (Pool_apache_default) under the virtual IP. The server pool contains two real Apache servers (192.168.1.21 and 192.168.1.22), and when the virtual IP matches the irules rule, another server pool (pool_apache_irules) is accessed. The server pool also contains two real Apache servers (192.168.1.23 and 192.168.1.24).
③, in addition, the default gateway for all real servers points to F5 's own intranet IP, or 192.168.1.2.
④, all real servers access the Internet via Snat IP address 61.1.1.4.
Detailed configuration steps: First, login to F5 big-IP Management interface:
1 , initial use:
①, open the F5 big-IP power supply, with a network cable (straight line and crossover can be) connected F5 big-IP 3.1 management network port and notebook computer network port, the notebook computer's IP address is configured as "192.168.1.*", the subnet mask is configured as "255.255.255.0".
②, browser access F5 big-IP factory default management IP address https://192.168.1.245 or https://192.168.245.245
③, enter factory Default user name: admin, Password: admin
④, click Activate to enter the F5 big-IP License application and activation page to activate license.
⑤, modify the default administrative password.
2 , log in later: log in by F5 big-IP's own extranet IP.
①, assuming that the F5 itself is set to an extranet IP of 61.1.1.2, you can log in by HTTPS://61.1.1.2/.
②, ②, can also be logged in via SSH, the user name is root, the password is the same as the Web management password.
Ii. creation of two VLAN : Internal and the External , respectively, the intranet and the extranet.
★ Create VLAN Demo page: http://blog.s135.com/book/f5/vlan_create.htm
★vlan List Demo page: http://blog.s135.com/book/f5/vlan_list.htm
1 , creating VLAN : Internal (intranet)
Click the "Create" button on the "Network→vlans" page:
①, Name field fill in: Internal (fill in an English name)
②, Tag column: 4093 (fill in a number)
③, interfaces column: Pull the Available column's "1.1" to the untagged column. 1.1 represents the first NIC for F5 big-IP.
2 , creating VLAN : External (External network)
Click on the "Create" button on the "Network→vlans" page to create the VLAN:
, Name field: internal (fill in an English name)
②, Tag column: 4094 (fill in a number)
③, interfaces column: Pull the Available column's "1.2" to the untagged column. 1.2 represents the second NIC for F5 big-IP.
Third, create F5 Big-IP 's Own IP : Each corresponding Internal (intranet) and External (External network).
★ Create your own IP Demo page: http://blog.s135.com/book/f5/selfip_create.htm
1 , create their own intranet IP : 192.168.1.2
Click the "Create" button on the "Network→self IPs" page:
①, IP Address column: 192.168.1.2 (fill in the intranet IP addresses)
②, netmask column fill in: 255.255.255.0 (fill intranet subnet mask)
③, VLAN bar selection: Internal
④, Port Lockdown Bar selection: Allow default (default value)
2 , create your own extranet IP : 61.1.1.2
Click the "Create" button on the "Network→self IPs" page:
①, IP Address column: 61.1.1.2 (external network IP addresses)
②, netmask column fill in: 255.255.255.0 (fill out the net mask)
③, VLAN bar selection: External
④, Port Lockdown Bar selection: Allow default (default value)
Iv. Creating a default gateway route
★ Create default Gateway Route Demo page: http://blog.s135.com/book/f5/routes_create.htm
1 , create a default gateway route on the "Network→routes" page, click the "Create" button:
①, type column selection: Default Gateway (Defaults)
②, resource Column selection: Use Gateeay ..., enter the following input box to fill the gateway IP address: 61.1.1.1 (this IP is assumed to be an extranet gateway address)
V. Create a server custom health check
★ Create server Custom Health Check Demo page: http://blog.s135.com/book/f5/monitors_create.htm
1 , create a custom HTTP Health Check: monitor_http Click the "Create" button on the "Local traffic→monitors" page:
①, Name field fill in: Monitor_http (fill in an English name)
②, type column selection: Http③, Import settings bar selection: HTTP
④, Interval column: 5 (indicates a health check every 5 seconds)
⑤, timeout column: 16 (indicates a connection timeout of 16 seconds for Health check)
⑥, send string column: GET/(can also be sent according to their own needs other methods of request, such as head/or get/index.htm)
⑦, Receive string column fill in: (Fill in the corresponding return string, default is not filled out)
VI. Create a server pool ( Pool )
★ Create a server Pool Demo page: http://blog.s135.com/book/f5/pools_create.htm
1 , creating Squid Server pool: pool_squid Click the "Create" button on the "Local traffic→pools" page:
①, Name field fill in: Pool_squid (fill in an English name)
②, Health monitors column: The Custom HTTP healthy check "Monitor_http" created by step fourth is pulled from the available column to the active column
③, load Balancing method Bar selection: Round Robin (the load balancing method chosen here is polling, or other options available)
④, new Members column: First select new address, add two Squid server IP address 192.168.1.11, 192.168.1.12, and their port 80
2 , create the first group Apache Server pool: Pool_apache_default
Click the "Create" button on the "Local traffic→pools" page:
, Name field: Pool_apache_default (fill in an English name)
②, Health monitors column: The Custom HTTP healthy check "Monitor_http" created by step fourth is pulled from the available column to the active column
③, load Balancing method Bar selection: Round Robin (the load balancing method chosen here is polling, or other options available)
④, new Members column: First select new address, then add the first set of two Apache server IP addresses 192.168.1.21, 192.168.1.22, and their port 80
3 , create a second group Apache Server pool: Pool_apache_irules
Click the "Create" button on the "Local traffic→pools" page:
①, Name field fill in: Pool_apache_irules (fill in an English name)
②, Health monitors column: The Custom HTTP healthy check "Monitor_http" created by step fourth is pulled from the available column to the active column
③, load Balancing method Bar selection: Round Robin (the load balancing method chosen here is polling, or other options available)
④, new Members column: First select new address, then add the second set of two Apache server IP addresses 192.168.1.23, 192.168.1.24, and their port 80
Vii. Create a seven-layer load-balanced use Profiles Configuration
★ Create Profiles Demo page: http://blog.s135.com/book/f5/profiles_create.htm
1 , creating Profiles Configuration: profile_http Click the "Create" button on the "Local traffic→profiles" page:
①, Name field fill in: Profile_http (fill in an English name)
②, Parent profile Bar selection: HTTP
③, insert xforwarded for column: If required, you can choose the Chinese box, select Enable (insert the x-forwarded-for tag in the header, so that the seven-tier load balancer can obtain the user's real IP, The squid server in this article opens follow_x_forwarded_for allow all, so F5 does not need to set this item)
Note: In this setup page, there are also optimizations such as compression, which can be set as needed.
Viii. creation of IRules rules ★ Create Irules Rules Demo page: http://blog.s135.com/book/f5/irules_create.htm
1 , creating IRules Rules: Irules_apache Click the "Create" button on the "Local traffic→profiles" page:
①, Name field fill in: Irules_apache (fill in an English name)
②, definition column fill in the following script, the domain name will be accessed as "blog.s135.com", the URL visited with ". htm" End, or "/read.php" the beginning of the request all go to the server pool "Pool_apache_irules":
View Plaincopy to Clipboardprint?
- When Http_request {
- if {[Http::host] equals "blog.s135.com" and [Http::uri] ends_with ". htm"} {
- Pool Pool_apache_irules
- }
- ElseIf {[http::host] equals "blog.s135.com" and [Http::uri] Starts_with "/read.php"} {
- Pool Pool_apache_irules
- }
- }
[C] view Plaincopyprint?
- When Http_request {
- if {[Http::host] equals "blog.s135.com" and [Http::uri] ends_with ". htm"} {
- Pool Pool_apache_irules
- }
- ElseIf {[http::host] equals "blog.s135.com" and [Http::uri] Starts_with "/read.php"} {
- Pool Pool_apache_irules
- }
- }
When http_request {if {[http::host] equals "blog.s135.com" and [Http::uri] ends_with ". htm"} {pool Pool_apache_irules } elseif {[http::host] equals "blog.s135.com" and [Http::uri] Starts_with "/read.php"} {pool Pool_apache_irules}}
Nine, create a virtual server ( Virtual Servers ★ Create Virtual Server Demo page: http://blog.s135.com/book/f5/vs_create.htm
1 , to " Four Floor " load Balancing Mode creation Squid Virtual Server: vs_squid Click the "Create" button on the "Local traffic→virtual Servers" page:
⑴, general properties under large categories:
, Name field: Vs_squid (fill in an English name)
②, destination column: Choose Host, fill out the network virtual IP of Squid server (Vsan IP, referred to as VIP): 61.1.1.3
③, Service port column fill: 80
⑵, configuration under Large categories:
①, configuration Bar Selection: Advanced (select Premium mode, this step is important)
②, type column selection: Performance (Layer 4)
③, SNAT Pool Bar selection: None (Note: This step is important, in layer four mode, make sure this option is none)
⑶, resources under the big category:
①, Default Pool Bar selection: Pool_squid
Note: F5 's four-tier load balancer is handled by a hardware chip that does not consume CPU resources and is capable of handling larger volumes of traffic. In four-tier load Balancing mode, the default gateway for the real server must point to F5 's own intranet IP, which is 192.168.1.2
2 , to " Seven Floor " load Balancing Mode creation Apache Virtual Server: Vs_apache
Click the "Create" button on the "Local traffic→virtual Servers" page:
⑴, general properties under large categories:
①, Name field fill in: Vs_apache (fill in an English name)
②, Destination column: Select Host, fill in the Apache server's intranet virtual IP, (virtual IP, referred to as VIP): 192.168.1.3
③, Service port column fill: 80
⑵, configuration categories under: Configuration Bar Selection: Advanced (Select the high-level mode, this step is important)
①, type column selection: Standard (Normal mode, seven-layer load Balancing mode)
②, HTTP profile Bar selection: profile_http (Note: The Irules rule cannot be used when this entry is none, so you must select one.) Select the Profile_http created in this sixth step)
③, SNAT Pool bar selection: Auto Map (note: Must be selected in the schema of this article for the following reasons): When one of the squid servers "192.168.1.11" cache misses, the virtual IP "192.168.1.3" is accessed. If the Snat pool chooses the default value of None, the virtual IP "192.168.1.3" back end of the Apache server, see will be squid server's real IP "192.168.1.11". Since the IP addresses of squid and Apache servers belong to the same network segment, the Apache server will not need to go through the F5 gateway "192.168.1.2", directly through the switch back to the squid server "192.168.1.11", so the virtual IP " 192.168.1.3 "will not receive the package information, the HTTP request cannot be completed. Therefore, the need to choose Auto Map, address translation, so that the backend Apache server to see the F5 of its own intranet IP, back to the F5.
⑶, resources under the big category:
①, Irules Bar: Drag the Irules_apache of the available column to the enabled column.
②, Default Pool Bar selection: Pool_apache_default
⑷, Apache virtual server ──vs_apache after creation, if you want to make changes, the following two configuration pages are completed:
★ Modify Virtual Server Demo page 1:http://blog.s135.com/book/f5/vs_properties.htm
★ Modify Virtual Server Demo page 2:http://blog.s135.com/book/f5/vs_resources.htm
10. Create SNAT Secure network address translation, allowing real servers to access the Internet and send messages to the outside world
★ Create Snat Demo page: http://blog.s135.com/book/f5/snat_create.htm
1 , creating SNAT : snat_all_server Click the "Create" button on the "Local traffic→snats" page:
①, Name field fill in: Snat_all_server (fill in an English name)
②, translation column select: IP address, and fill in Snat IP addresses: 61.1.1.4 (This option can also select Automap, using F5 's own extranet IP as Snat IP)
③, Origin Bar selection: Address List
④, Address list column: ①type column select Host, fill in to access the Internet, external e-mail network IP address. ② or type column select Network and fill in the network segment and subnet mask to access the Internet, outgoing mail.
⑤, VLAN traffic bar selection: Enabled on ...
⑥, VLAN list column: Pulls the available column's "internal" to the selected column.
Note: The default gateway of the real server needs to point to F5 's own intranet IP, that is 192.168.1.2, to access the Internet via Snat, and send outgoing mail.
F5 big-IP Load Balancer configuration instance and Web management interface experience