Differences

This shows you the differences between two versions of the page.

--- network_stuff:f5 [2016/03/10 20:09] – created jotasandoku
+++ network_stuff:f5 [2023/11/02 14:38] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
-TMOS is the f5 operating system:
   * Local Traffic Manager, directs different types of protocol  and  application traffic  to an appropriate destination server
   * WebAccelerator™
-  * Application Security Manager
+  * BIGIP+LTM+APM (Local Traffic Manager + Application Security Manager)
+\\
+TMOS is the f5 operating system: CLI utilities (to configure it)
+  tmsh
+  bigpipe
+\\
+----
+Rack and installation: \\
+  * 10800i
+    * [[https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-system-initial-configuration-11-6-0/1.html#conceptid]]
+  * plugged in and with a management ip sometime this week. Just need to use the 'config' utility on the F5 CLI.
+    * [[https://support.f5.com/csp/article/K15040]]
+  * Each lb 2G SPF+ in a trunk for outside and 2G SPF+ in the LAN trunk.  Management would be on a 1G (cat6)
+Activate lldp: (always **save /sys config** at the end)
+  modify net lldp-globals enabled
+  tcpdump -nni 1.1 ether proto 0x88cc
+----
+**PROFILES**: every setting we apply to a vip is some kind of profile.\\
+To deploy changes (profiles in this case), we can follow this process:\\
+  -
+  - Use UI in CP02DEVLB01 to create profile.
+  - Log into tmos and pull the command defining that profile. We will use this to automate it in Ansible:
+  - we can use data ports for sync/heartbeat
+  (tmos)# list ltm profile client-ssl bondticker_wildcard one-line
+  ltm profile client-ssl bondticker_wildcard { app-service none cert default.crt cert-key-chain { default { cert default.crt key default.key } } chain none defaults-from mktx_tls_1.2 inherit-certkeychain true key default.key passphrase none }
+	(create ltm profile ...)
+\\
+SELF IP  [[https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-routing-administration-11-6-0/5.html|explained]]
+----
+SYSLOGS:\\
+Located in:
+  /var/log/ltm
+----
+**BONDTICKER:**\\
+it has 4 profiles. eg: compression .
+  (tmos)# list ltm virtual dr.bondticker.com  profiles
+\\
+  ltm virtual dr.bondticker.com {
+      profiles {
+          bondticker_wildcard {
+              context clientside
+          }
+          https_front_end_https_on {
+              context all
+          }
+          mktx_bondticker_compression {
+              context all
+          }
+          oneconnect {
+              context all
+          }
+          tcp {
+              context all
+          }
+      }
+  }
+**irules:** \\
+iRULES ~= TRAFFIC POLICIES
+\\
+	weblogging_math : Not sending to local disk but to the remote webloggong server. 10.30.70.53
+\\
+vips in bondticker
+is redirected to 443
+Eg: trn.bondticker.com & trn.bondticker.com_http \\
+This is to see virtual servers with port 80, for instance: [[https://devcentral.f5.com/questions/how-to-list-virtual-servers-based-on-some-properties-like-destination-pool-profile-used]]
+Redirection is done via an irule. (MKTX_http_to_https_redirect)
+(tmos)# list ltm virtual trn.bondticker.com_http rules
+  ltm virtual trn.bondticker.com_http {
+      rules {
+          MKTX_http_to_https_redirect # <<<<<<<<<<<
+      }
+  }
+\\
+----
+**BONDLINKCS**
+More straightforward: Only has 1 irule for weblogging
+**policies.** \\
+They are processed in order. Example of usage: responder and action \\
+create policy -> publicsh policy -> go to virtual server and select it.
+  modify ltm virtual XXXXXX policies add {
+----
+\\
+In F5 BIG-IP:
+  * CSR Creation [[https://www.digicert.com/csr-creation-f5-big-ip.htm|Link1]]
+  * Certificate installation [[https://uk.godaddy.com/help/installing-an-ssl-certificate-in-f5-big-ip-loadbalancer-5511|Link2]]
+----
+**__ANSIBLE__**
+General scheme of folders is as follows:
+  * inventory --- where host information host specific variable
+  * input --- input information where all application specific variables are stored
+  * playbooks --- what you actually put together
+  * templates --- jinja2 file
+  * roles -- function that groups together tasks into one module ...
+BONDTICKER
+adding a pool ,  adding a server to a pool
+template_f5_bondticker_pools.yml  # this is the playbook. PLAYBOOK geneartes the results in the input file and
+pool-vars-template.j2   # for any vip. generates the bindings
+inputs/pools_template_bondticker.yml
+The results are created in input folder (as defined in the playbook. see dest: "../inputs/pools_bondticker_{{item.key}}.yml" )
+Validate this input filr manually. Some of the entries will have to be commented out. In this case (F5). This file is FED IN TO THE API
+input filer: lists (3) with dictionaries.
+then role takes the data from the input file and applied the API. Check the role to see how the api is called.
+playbook/f5_pool_bt_dvi.yml  # <<< this is the one really applying it . dvi # dev integration
+----
+f5_vip_bt_dvi.yml
+inputs]$ vim vip_profile_global.yml  -->
+----
+with variable in the ansible invocation
+f5_pool_vip_bondticker.yml
+----
+playbook naming convention
+anything with L7 deals with the policy. assign is assigning to the vip.
+f5_pool : to create node, build pool and make binding
+f5_vip : to create a virtual server
+----

dokucama

User Tools

Site Tools

Differences

Page Tools