Course Overview
This 5-day bundle course covers the following 2 courses:
Administering BIG-IP v15.1
This 2-day course gives network administrators, network operators, and network engineers a functional understanding of the BIG-IP system as it is commonly deployed in an application delivery network.
The course introduces students to the BIG-IP system, its configuration objects, how it processes traffic, and how typical administrative and operational activities are performed.
The course includes lecture, hands-on labs, interactive demonstrations, and discussions.
Topics covered:
• Getting started with the BIG-IP system
• Traffic processing with BIG-IP Local Traffic Manager (LTM)
• Using TMSH (TMOS Shell) command line interface
• Using NATs and SNATs
• Monitoring application health and managing object status
• Modifying traffic behavior with profiles, including SSL offload and re-encryption
• Modifying traffic behavior with persistence, including source address affinity and cookie persistence
• Troubleshooting the BIG-IP system, including logging (local, high-speed, and legacy remote logging), and using TCPDUMP
• User roles and administrative partitions
• vCMP concepts
• Configuring high availability (including active/standby and connection and persistence mirroring)
Configuring BIG-IP LTM v15.1: Local Traffic Manager
This 3-day course gives network professionals a functional understanding of BIG-IP Local Traffic Manager, introducing students to both commonly used and advanced BIG-IP LTM features and functionality.
Incorporating lecture, extensive hands-on labs, and classroom discussion, the course helps students build the well-rounded skill set needed to manage BIG-IP LTM systems as part of a flexible and high performance application delivery network.
Topics covered:
• BIG-IP initial setup (licensing, provisioning, and network configuration)
• A review of BIG-IP local traffic configuration objects
• Using dynamic load balancing methods
• Modifying traffic behavior with persistence (including SSL, SIP, universal, and destination address affinity persistence)
• Monitoring application health with Layer 3, Layer 4, and Layer 7 monitors (including transparent, scripted, and external monitors)
• Processing traffic with virtual servers (including network, forwarding, and reject virtual servers)
• Processing traffic with SNATs (including SNAT pools and SNATs as listeners)
• Modifying traffic behavior with profiles (including TCP profiles, advanced HTTP profile options, caching, compression, and OneConnect profiles)
• Advanced BIG-IP LTM configuration options (including VLAN tagging and trunking, SNMP features, packet filters, and route domains)
• Customizing application delivery with iRules and local traffic policies
• Securing application delivery using BIG-IP LTM
Course Objectives
At the end of this course, the student will be able to:
Administering BIG-IP v15.1
• Describe the role of the BIG-IP system as a full proxy device in an application delivery network
• Set up, start/restart/stop, license, and provision the BIG-IP system out-of-the-box
• Create a basic network configuration on the BIG-IP system including VLANs and self IPs
• Use the Configuration utility and TMSH to manage BIG-IP resources such as virtual servers, pools, pool members, nodes, profiles, and monitors
• Create, restore from, and manage BIG-IP archives
• View resource status, availability, and statistical information and use this information to determine how the BIG-IP system is currently processing traffic
• Use profiles to manipulate the way the BIG-IP system processes traffic through a virtual server
• Perform basic troubleshooting and problem determination activities including using the iHealth diagnostic tool
• Support, and view traffic flow using TCPDUMP
• Understand and manage user roles and partitions
• Configure and manage a sync-failover device group with more than two members
• Configure stateful failover using connection mirroring and persistence mirroring
Configuring BIG-IP LTM v15.1: Local Traffic Manager
• Back up the BIG-IP system configuration for safekeeping
• Configure virtual servers, pools, monitors, profiles, and persistence objects
• Test and verify application delivery through the BIG-IP system using local traffic statistics
• Configure priority group activation on a load balancing pool to allow servers to be activated only as needed to process traffic
• Compare and contrast member-based and node-based dynamic load balancing methods
• Configure connection limits to place a threshold on traffic volume to particular pool members and nodes
• Differentiate between cookie, SSL, SIP, universal, and destination address affinity persistence, and describe use cases for each
• Describe the three Match Across Services persistence options and use cases for each
• Configure health monitors to appropriately monitor application delivery through a BIG-IP system
• Configure different types of virtual services to support different types of traffic processing through a BIG-IP system
• Configure different types of SNATs to support routing of traffic through a BIG-IP system
• Configure VLAN tagging and trunking
• Restrict administrative and application traffic through the BIG-IP system using packet filters, port lockdown, and virtual server settings
• Configure SNMP alerts and traps in support of remote monitoring of the BIG-IP system
• Use iRules and local traffic policies appropriately to customize application delivery through the BIG-IP system
• Configure the BIG-IP to detect and mitigate some common attacks at the network and application layers using LTM features such as SYN check, eviction policies, iRules and Local Traffic Policies
Course Content
Administering BIG-IP v16.1
Chapter 1: Setting Up the BIG-IP System
• Introducing the BIG-IP System
• Initially Setting Up the BIG-IP System
• Configuring the Management Interface
• Activating the Software License
• Provisioning Modules and Resources
• Importing a Device Certificate
• Specifying BIG-IP Platform Properties
• Configuring the Network
• Configuring Network Time Protocol (NTP) Servers
• Configuring Domain Name System (DNS) Settings
• Configuring High Availability Options
• Archiving the BIG-IP Configuration
• Leveraging F5 Support Resources and Tools
Chapter 2: Traffic Processing Building Blocks
• Identifying BIG-IP Traffic Processing Objects
• Configuring Virtual Servers and Pools
• Load Balancing Traffic
• Viewing Module Statistics and Logs
• Using the Traffic Management Shell (TMSH)
• Understanding the TMSH Hierarchical Structure
• Navigating the TMSH Hierarchy
• Managing BIG-IP Configuration State and Files
• BIG-IP System Configuration State
• Loading and Saving the System Configuration
• Shutting Down and Restarting the BIG-IP System
• Saving and Replicating Configuration Data (UCS and SCF)
Chapter 3: Using NATs and SNATs
• Address Translation on the BIG-IP System
• Mapping IP Addresses with NATs
• Solving Routing Issues with SNATs
• Configuring SNAT Auto Map on a Virtual Server
• Monitoring for and Mitigating Port Exhaustion
Chapter 4: Monitoring Application Health
• Introducing Monitors
• Types of Monitors
• Monitor Interval and Timeout Settings
• Configuring Monitors
• Assigning Monitors to Resources
• Managing Pool, Pool Member, and Node Status
• Using the Network Map
Chapter 5: Modifying Traffic Behavior with Profiles
• Introducing Profiles
• Understanding Profile Types and Dependencies
• Configuring and Assigning Profiles
• Introducing SSL Offload and SSL Re-Encryption
Chapter 6: Modifying Traffic Behavior with Persistence
• Understanding the Need for Persistence
• Introducing Source Address Affinity Persistence
• Managing Object State
Chapter 7: Administering the BIG-IP System
• Configuring Logging
• Legacy Remote Logging
• Introducing High Speed Logging (HSL)
• High-Speed Logging Filters
• HSL Configuration Objects
• Configuring High Speed Logging
• Using TCPDUMP on the BIG-IP System
• Leveraging the BIG-IP iHealth System
• Viewing BIG-IP System Statistics
• Defining User Roles and Administrative Partitions
• Leveraging vCMP
Chapter 8: Configuring High Availability
• Introducing Device Service Clustering (DSC)
• Preparing to Deploy a DSC Configuration
• Configuring DSC Communication Settings
• Establishing Device Trust
• Establishing a Sync-Failover Device Group
• Synchronizing Configuration Data
• Exploring Traffic Group Behavior
• Understanding Failover Managers and Triggers
• Achieving Stateful Failover with Mirroring
Configuring BIG-IP LTM v15.1: Local Traffic Manager
Chapter 1: Setting Up the BIG-IP System
• Introducing the BIG-IP System
• Initially Setting Up the BIG-IP System
• Archiving the BIG-IP Configuration
•Leveraging F5 Support Resources and Tools
Chapter 2: Reviewing Local Traffic Configuration
• Reviewing Nodes, Pools, and Virtual Servers
• Reviewing Address Translation
• Reviewing Routing Assumptions
• Reviewing Application Health Monitoring
• Reviewing Traffic Behavior Modification with Profiles
• Reviewing the TMOS Shell (TMSH)
• Reviewing Managing BIG-IP Configuration Data
Chapter 3: Load Balancing Traffic with LTM
• Exploring Load Balancing Options
• Using Priority Group Activation and Fallback Host
• Comparing Member and Node Load Balancing
Chapter 4: Modifying Traffic Behavior with Persistence
• Reviewing Persistence
• Introducing Cookie Persistence
• Specifying Default and Fallback Persistence
• Introducing SSL Persistence
• Introducing SIP Persistence
• Introducing Universal Persistence
• Introducing Destination Address Affinity Persistence
• Using Match Across Options for Persistence
Chapter 5: Monitoring Application Health
• Differentiating Monitor Types
• Customizing the HTTP Monitor
• Monitoring an Alias Address and Port
• Monitoring a Path vs. Monitoring a Device
• Managing Multiple Monitors
• Using Application Check Monitors
• Using Manual Resume and Advanced Monitor Timer Settings
Chapter 6: Processing Traffic with Virtual Servers
• Understanding the Need for Other Virtual Server Types
• Forwarding Traffic with a Virtual Server
• Understanding Virtual Server Order of Precedence
• Path Load Balancing
Chapter 7: Processing Traffic with SNATs
• Overview of SNATs
• Using SNAT Pools
• SNATs as Listeners
• SNAT Specificity
• VIP Bounceback
• Additional SNAT Options
• Network Packet Processing Review
Chapter 8: Modifying Traffic Behavior with Profiles
• Profiles Overview
• TCP Express Optimization
• TCP Profiles Overview
• HTTP Profile Options
• HTTP/2 Profile Options
• OneConnect
• Offloading HTTP Compression to BIG-IP
• Web Acceleration Profile and HTTP Caching
• Stream Profiles
• F5 Acceleration Technologies
Chapter 9: Selected Topics
• VLAN, VLAN Tagging, and Trunking
• Restricting Network Access
• SNMP Features
• Segmenting Network Traffic with Route Domains
Chapter 10: Customizing Application Delivery with iRules
• Getting Started with iRules
• Understanding When iRules are Triggered
• Deploying iRules
• Constructing an iRule
• Testing and Debugging iRules
• Exploring iRules Documentation
Chapter 11: Customizing Application Delivery with Local Traffic Policies
• Getting Started with Local Traffic Policies
• Configuring and Managing Policy Rules
Chapter 12: Securing Application Delivery with LTM
• Understanding Today’s Threat Landscape
• Integrating LTM Into Your Security Strategy
• Defending Your Environment Against SYN Flood Attacks
• Defending Your Environment Against Other Volumetric Attacks
• Addressing Application Vulnerabilities with iRules and Local Traffic Policies
• Detecting and Mitigating Other Common HTTP Threats
Chapter 13: Final Lab Project
• About the Final Lab Project
Chapter 14: Additional Training and Certification
• Getting Started Series Web-Based Training
• F5 Instructor Led Training Curriculum
• F5 Professional Certification Program
Course Changes since v15
Administering BIG-IP v.16.1
• No significant changes to course outline or materials since the v15 release.
• Minor updates to the course include review and update of referenced knowledge articles, GUI screenshots, hardware platform images in introduction and chapter 1 slides and student guide pages, and removed information for obsolete topics such as Link Controller.
Configuring BIG-IP LTM v16.1: Local Traffic Manager
• Updates for the v16.1 release include changes to TCP Profiles and Securing Application Delivery chapters.
• All remaining content was reviewed and updated for relevance to the BIG-IP v16.1 release.