Reprint: http://www.zyan.cc/f5_big_ip/
In the recent comparison of testing the performance of F5 big-IP and Citrix NetScaler load balancers, write this article to document the common application configuration methods for F5 big-IP.
Currently, many vendors have launched a load balancer dedicated to balancing server load, such as NetScaler of F5 Network's Big-ip,citrix company. The official name of the F5 big-IP LTM, called local traffic manager, can do 4-7-tier load balancing with load balancing, application switching, session switching, status monitoring, intelligent network address translation, general persistence, response error handling, IPV6 gateways, advanced routing, smart port mirroring, SSL acceleration, Smart HTTP compression, TCP optimization, layer 7th rate shaping, content buffering, content conversion, connection acceleration, caching, cookie encryption, selective content encryption, application attack filtering, denial of service (DoS) attacks, and SYN flood protection, firewall-packet filtering, packet disinfection, and more.
The following are the main features of F5 big-IP as an HTTP load balancer:
①, F5 big-IP provides 12 flexible algorithms to distribute all traffic evenly to each server, while facing users, it is just a virtual server.
②, F5 big-IP can confirm that the application can return the corresponding data to the request. If a server behind F5 big-IP has a service stop, a crash, and so on, F5 checks it out and identifies the server as down so that the user's access request is not routed to the failed server. This way, the user's access will not be affected as long as the other servers are normal. Once the outage is fixed, F5 big-IP automatically verifies that the application has been able to respond correctly to customer requests and resumes delivery to that server.
③, F5 big-IP has session hold function for dynamic session.
④, F5 big-IP irules function can do HTTP content filtering, according to different domain names, URLs, to transfer access requests to different servers.
Below, in conjunction with the example, configure F5 big-IP LTM v9.x:
①, assuming that the domain name blog.zyan.cc is resolved to F5 's extranet/public virtual ip:61.1.1.3 (VS_SQUID), there is a server pool (POOL_SQUID) under the virtual IP. The server pool consists of two real squid servers (192.168.1.11 and 192.168.1.12).
②, if the squid cache misses, the F5 intranet virtual ip:192.168.1.3 (Vs_apache) is requested, and there is a default server pool (Pool_apache_default) under the virtual IP. The server pool contains two real Apache servers (192.168.1.21 and 192.168.1.22), and when the virtual IP matches the irules rule, another server pool (pool_apache_irules) is accessed. The server pool also contains two real Apache servers (192.168.1.23 and 192.168.1.24).
③, in addition, the default gateway for all real servers points to F5 's own intranet IP, or 192.168.1.2.
④, all real servers access the Internet via Snat IP address 61.1.1.4.
Detailed configuration steps:
First, login to the F5 big-IP Management interface:
1. Initial use:
①, open the F5 big-IP power supply, with a network cable (straight line and crossover can be) connected F5 big-IP 3.1 management network port and notebook computer network port, the notebook computer's IP address is configured as "192.168.1.*", the subnet mask is configured as "255.255.255.0".
②, browser access F5 big-IP factory default management IP address https://192.168.1.245 or https://192.168.245.245
③, enter factory Default user name: admin, Password: admin
④, click Activate to enter the F5 big-IP License application and activation page to activate license.
⑤, modify the default administrative password.
2. Login later:
Log in by F5 big-IP's own extranet IP.
①, assuming that the F5 itself is set to an extranet IP of 61.1.1.2, you can log in by HTTPS://61.1.1.2/.
②, you can also login via SSH, the user name is root, the password is the same as the Web management password.
Second, the creation of two vlan:internal and external, respectively, representing the intranet and the external network.
★ Create VLAN Demo page: http://blog.zyan.cc/book/f5/vlan_create.htm
★vlan List Demo page: http://blog.zyan.cc/book/f5/vlan_list.htm
1. Create vlan:internal (Intranet)
Click the "Create" button on the "Network→vlans" page:
①, Name field fill in: Internal (fill in an English name)
②, Tag column: 4093 (fill in a number)
③, interfaces column: Pull the Available column's "1.1" to the untagged column. 1.1 represents the first NIC for F5 big-IP.
2. Create vlan:external (External network)
Click on the "Create" button on the "Network→vlans" page to create the VLAN:
①, Name field fill in: Internal (fill in an English name)
②, Tag column: 4094 (fill in a number)
③, interfaces column: Pull the Available column's "1.2" to the untagged column. 1.2 represents the second NIC for F5 big-IP.
Third, the creation of F5 big-IP self-ips: respectively, corresponding to internal (intranet) and external (external network).
★ Create your own IP Demo page: http://blog.zyan.cc/book/f5/selfip_create.htm
1, create their own intranet ip:192.168.1.2
Click the "Create" button on the "Network→self IPs" page:
①, IP Address column: 192.168.1.2 (fill in the intranet IP addresses)
②, netmask column fill in: 255.255.255.0 (fill intranet subnet mask)
③, VLAN bar selection: Internal
④, Port Lockdown Bar selection: Allow default (default value)
2, create their own external network ip:61.1.1.2
Click the "Create" button on the "Network→self IPs" page:
①, IP Address column: 61.1.1.2 (external network IP addresses)
②, netmask column fill in: 255.255.255.0 (fill out the net mask)
③, VLAN bar selection: External
④, Port Lockdown Bar selection: Allow default (default value)
Iv. Creating a default gateway route
★ Create default Gateway Route Demo page: http://blog.zyan.cc/book/f5/routes_create.htm
1. Create a default gateway route
Click the "Create" button on the "Network→routes" page:
①, type column selection: Default Gateway (Defaults)
②, resource Column selection: Use Gateeay ..., enter the following input box to fill the gateway IP address: 61.1.1.1 (this IP is assumed to be an extranet gateway address)
V. Create a server custom health check
★ Create server Custom Health Check Demo page: http://blog.zyan.cc/book/f5/monitors_create.htm
1. Create a custom HTTP Health check: monitor_http
Click the "Create" button on the "Local traffic→monitors" page:
①, Name field fill in: Monitor_http (fill in an English name)
②, type column selection: HTTP
③, Import settings bar selection: HTTP
④, Interval column: 5 (indicates a health check every 5 seconds)
⑤, timeout column: 16 (indicates a connection timeout of 16 seconds for Health check)
⑥, send string column: GET/(can also be sent according to their own needs other methods of request, such as head/or get/index.htm)
⑦, Receive string column fill in: (Fill in the corresponding return string, default is not filled out)
Vi. Creating Server pools (pool)
★ Create a server Pool Demo page: http://blog.zyan.cc/book/f5/pools_create.htm
1. Create Squid server pool: Pool_squid
Click the "Create" button on the "Local traffic→pools" page:
①, Name field fill in: Pool_squid (fill in an English name)
②, Health monitors column: The Custom HTTP healthy check "Monitor_http" created by step fourth is pulled from the available column to the active column
③, load Balancing method Bar selection: Round Robin (the load balancing method chosen here is polling, or other options available)
④, new Members column: First select new address, add two Squid server IP address 192.168.1.11, 192.168.1.12, and their port 80
2. Create the first set of Apache server pools: Pool_apache_default
Click the "Create" button on the "Local traffic→pools" page:
①, Name field fill in: Pool_apache_default (fill in an English name)
②, Health monitors column: The Custom HTTP healthy check "Monitor_http" created by step fourth is pulled from the available column to the active column
③, load Balancing method Bar selection: Round Robin (the load balancing method chosen here is polling, or other options available)
④, new Members column: First select new address, then add the first set of two Apache server IP addresses 192.168.1.21, 192.168.1.22, and their port 80
3. Create a second set of Apache server pools: Pool_apache_irules
Click the "Create" button on the "Local traffic→pools" page:
①, Name field fill in: Pool_apache_irules (fill in an English name)
②, Health monitors column: The Custom HTTP healthy check "Monitor_http" created by step fourth is pulled from the available column to the active column
③, load Balancing method Bar selection: Round Robin (the load balancing method chosen here is polling, or other options available)
④, new Members column: First select new address, then add the second set of two Apache server IP addresses 192.168.1.23, 192.168.1.24, and their port 80
VII. Create a profiles configuration for seven-tier load balancing use
★ Create Profiles Demo page: http://blog.zyan.cc/book/f5/profiles_create.htm
1. Create Profiles configuration: Profile_http
Click the "Create" button on the "Local traffic→profiles" page:
①, Name field fill in: Profile_http (fill in an English name)
②, Parent profile Bar selection: HTTP
③, insert xforwarded for column: If required, you can choose the Chinese box, select Enable (insert the x-forwarded-for tag in the header, so that the seven-tier load balancer can obtain the user's real IP, The squid server in this article opens follow_x_forwarded_for allow all, so F5 does not need to set this item)
Note: In this setup page, there are also optimizations such as compression, which can be set as needed.
Viii. creation of irules rules
★ Create Irules Rules Demo page: http://blog.zyan.cc/book/f5/irules_create.htm
1. Create Irules rule: Irules_apache
Click the "Create" button on the "Local traffic→profiles" page:
①, Name field fill in: Irules_apache (fill in an English name)
②, definition column fill in the following script, the domain name will be accessed as "blog.zyan.cc", the URL visited with ". htm" End, or "/read.php" the beginning of the request all go to the server pool "Pool_apache_irules": When http_request {if {[http::host] equals "blog.zyan.cc" and [Http::uri] ends_with ". htm"} {pool Pool_apache_irules } elseif {[http::host] equals "blog.zyan.cc" and [Http::uri] Starts_with "/read.php"} {Pool Pool_apache_irules}}
ix. Creating a virtual server (Vsan Servers)
★ Create Virtual Server Demo page: http://blog.zyan.cc/book/f5/vs_create.htm
1. Create squid virtual Server in "four layer" load Balancing mode: Vs_squid
Click the "Create" button on the "Local traffic→virtual Servers" page:
⑴, general properties under large categories:
①, Name field fill in: Vs_squid (fill in an English name)
②, destination column: Choose Host, fill out the network virtual IP of Squid server (Vsan IP, referred to as VIP): 61.1.1.3
③, Service port column fill: 80
⑵, configuration under Large categories:
①, configuration Bar Selection: Advanced (select Premium mode, this step is important)
②, type column selection: Performance (Layer 4)
③, SNAT Pool Bar selection: None (Note: This step is important, in layer four mode, make sure this option is none)
⑶, resources under the big category:
①, Default Pool Bar selection: Pool_squid
Note: F5 's four-tier load balancer is handled by a hardware chip that does not consume CPU resources and is capable of handling larger volumes of traffic. In four-tier load Balancing mode, the default gateway for the real server must point to F5 's own intranet IP, which is 192.168.1.2
2. Create Apache virtual Server in "Seven layer" load Balancing mode: Vs_apache
Click the "Create" button on the "Local traffic→virtual Servers" page:
⑴, general properties under large categories:
①, Name field fill in: Vs_apache (fill in an English name)
②, Destination column: Select Host, fill in the Apache server's intranet virtual IP, (virtual IP, referred to as VIP): 192.168.1.3
③, Service port column fill: 80
⑵, configuration under Large categories:
Configuration Bar Selection: Advanced (select High mode, this step is important)
①, type column selection: Standard (Normal mode, seven-layer load Balancing mode)
②, HTTP profile Bar selection: profile_http (Note: The Irules rule cannot be used when this entry is none, so you must select one.) Select the Profile_http created in this sixth step)
③, SNAT Pool bar selection: Auto Map (note: Must be selected in the schema of this article for the following reasons)
Description: When one of the squid server "192.168.1.11" cache misses, the virtual IP "192.168.1.3" is accessed. If the Snat pool chooses the default value of None, the virtual IP "192.168.1.3" back end of the Apache server, see will be squid server's real IP "192.168.1.11". Since the IP addresses of squid and Apache servers belong to the same network segment, the Apache server will not need to go through the F5 gateway "192.168.1.2", directly through the switch back to the squid server "192.168.1.11", so the virtual IP " 192.168.1.3 "will not receive the package information, the HTTP request cannot be completed. Therefore, the need to choose Auto Map, address translation, so that the backend Apache server to see the F5 of its own intranet IP, back to the F5.
⑶, resources under the big category:
①, Irules Bar: Drag the Irules_apache of the available column to the enabled column.
②, Default Pool Bar selection: Pool_apache_default
⑷, Apache virtual server ──vs_apache after creation, if you want to make changes, the following two configuration pages are completed:
★ Modify Virtual Server Demo page 1:http://blog.zyan.cc/book/f5/vs_properties.htm
★ Modify Virtual Server Demo page 2:http://blog.zyan.cc/book/f5/vs_resources.htm
Ten, create Snat secure network address translation, so that the real server can access the Internet, outgoing mail
★ Create Snat Demo page: http://blog.zyan.cc/book/f5/snat_create.htm
1. Create Snat:snat_all_server
Click the "Create" button on the "Local traffic→snats" page:
①, Name field fill in: Snat_all_server (fill in an English name)
②, translation column select: IP address, and fill in Snat IP addresses: 61.1.1.4 (This option can also select Automap, using F5 's own extranet IP as Snat IP)
③, Origin Bar selection: Address List
④, Address list column: ①type column select Host, fill in to access the Internet, external e-mail network IP address. ② or type column select Network and fill in the network segment and subnet mask to access the Internet, outgoing mail.
⑤, VLAN traffic bar selection: Enabled on ...
⑥, VLAN list column: Pulls the available column's "internal" to the selected column.
Note: The default gateway of the real server needs to point to F5 's own intranet IP, that is 192.168.1.2, to access the Internet via Snat, and send outgoing mail.
F5 big-IP Load Balancer configuration instance and Web management interface experience