* Local Traffic Manager, directs different types of protocol  and  application traffic  to an appropriate destination server
  * WebAccelerator™
  * BIGIP+LTM+APM (Local Traffic Manager + Application Security Manager)
\\
TMOS is the f5 operating system: CLI utilities (to configure it) 
  tmsh
  bigpipe
\\


----
Rack and installation: \\

  * 10800i
    * [[https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-system-initial-configuration-11-6-0/1.html#conceptid]]
  * plugged in and with a management ip sometime this week. Just need to use the 'config' utility on the F5 CLI.
    * [[https://support.f5.com/csp/article/K15040]]
  * Each lb 2G SPF+ in a trunk for outside and 2G SPF+ in the LAN trunk.  Management would be on a 1G (cat6)

Activate lldp: (always **save /sys config** at the end)
  modify net lldp-globals enabled
  tcpdump -nni 1.1 ether proto 0x88cc
  

----
**PROFILES**: every setting we apply to a vip is some kind of profile.\\
To deploy changes (profiles in this case), we can follow this process:\\
  - 
  - Use UI in CP02DEVLB01 to create profile.
  - Log into tmos and pull the command defining that profile. We will use this to automate it in Ansible:
  - we can use data ports for sync/heartbeat

  (tmos)# list ltm profile client-ssl bondticker_wildcard one-line
  ltm profile client-ssl bondticker_wildcard { app-service none cert default.crt cert-key-chain { default { cert default.crt key default.key } } chain none defaults-from mktx_tls_1.2 inherit-certkeychain true key default.key passphrase none }
	(create ltm profile ...)
\\
SELF IP  [[https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-routing-administration-11-6-0/5.html|explained]]
----

SYSLOGS:\\
Located in:
  /var/log/ltm



----


**BONDTICKER:**\\ 
it has 4 profiles. eg: compression .
  (tmos)# list ltm virtual dr.bondticker.com  profiles 
\\

  ltm virtual dr.bondticker.com {
      profiles {
          bondticker_wildcard {
              context clientside
          }
          https_front_end_https_on {
              context all
          }
          mktx_bondticker_compression {
              context all
          }
          oneconnect {
              context all
          }
          tcp {
              context all
          }
      }
  }

**irules:** \\
iRULES ~= TRAFFIC POLICIES
\\
	weblogging_math : Not sending to local disk but to the remote webloggong server. 10.30.70.53
\\
2 vips in bondticker
	80 is redirected to 443
Eg: trn.bondticker.com & trn.bondticker.com_http \\
This is to see virtual servers with port 80, for instance: [[https://devcentral.f5.com/questions/how-to-list-virtual-servers-based-on-some-properties-like-destination-pool-profile-used]]

Redirection is done via an irule. (MKTX_http_to_https_redirect)
(tmos)# list ltm virtual trn.bondticker.com_http rules 
  ltm virtual trn.bondticker.com_http {
      rules {
          MKTX_http_to_https_redirect # <<<<<<<<<<<
      }
  }
\\
----

**BONDLINKCS** 
More straightforward: Only has 1 irule for weblogging

**policies.** \\
They are processed in order. Example of usage: responder and action \\
create policy -> publicsh policy -> go to virtual server and select it.
  modify ltm virtual XXXXXX policies add {


----

\\
In F5 BIG-IP:
  * CSR Creation [[https://www.digicert.com/csr-creation-f5-big-ip.htm|Link1]]
  * Certificate installation [[https://uk.godaddy.com/help/installing-an-ssl-certificate-in-f5-big-ip-loadbalancer-5511|Link2]]


----

**__ANSIBLE__**
General scheme of folders is as follows:

  * inventory --- where host information host specific variable 
  * input --- input information where all application specific variables are stored
  * playbooks --- what you actually put together
  * templates --- jinja2 file
  * roles -- function that groups together tasks into one module ...


BONDTICKER 
adding a pool ,  adding a server to a pool

template_f5_bondticker_pools.yml  # this is the playbook. PLAYBOOK geneartes the results in the input file and 
pool-vars-template.j2   # for any vip. generates the bindings 
inputs/pools_template_bondticker.yml

The results are created in input folder (as defined in the playbook. see dest: "../inputs/pools_bondticker_{{item.key}}.yml" )
Validate this input filr manually. Some of the entries will have to be commented out. In this case (F5). This file is FED IN TO THE API
input filer: lists (3) with dictionaries.

then role takes the data from the input file and applied the API. Check the role to see how the api is called.
playbook/f5_pool_bt_dvi.yml  # <<< this is the one really applying it . dvi # dev integration

----

f5_vip_bt_dvi.yml

inputs]$ vim vip_profile_global.yml  --> 

----

with variable in the ansible invocation 

f5_pool_vip_bondticker.yml


---- 
playbook naming convention
anything with L7 deals with the policy. assign is assigning to the vip.

f5_pool : to create node, build pool and make binding

f5_vip : to create a virtual server


----