Month: August 2018

BIG-IP-SNAT-POOLS

BIG-IP-SNAT-POOLS

SNAT Pools

Source Network Address Translation (source-nat or SNAT) allows traffic from a private network to go out to the internet. … The gateway has one arm on the public network and as part of SNAT, it replaces the source IP of the originating packet with its own public side IP.

 

First, create SNAT pool list and add member node.

 Then change setting in virtual server and select profile.

 

 Select the SNAT pool which is created.

On wire shark we can see following communication.

Take reference from @cbt_nuggets_Video

BIG-IP-Client-side-IPv6

BIG-IP-Client-side-IPv6

Client-side IPv6

In this example, we can see how we redirect all IPv6 request, which is coming as a request (client side), are served by the node using BigIP.

In this example, we can see client using IpV6 and node configured on Ipv4.

To configure follow this process.

Here we are going to create one IpV6 interface on BigIP.

       Here we have two IPv6 interfaces on external VLAN.

     

Add routing in BigIP.

And finally, we achieve below goal.

 

Take reference from @cbt_nuggets_Video

BIG-IP-HA-Concepts

BIG-IP-HA-Concepts

HA Concepts

Main Points:-

  • Here we setup two BIG-IP appliance.
  • One time only one device in active mode other device in standby mode.
  • The switching between the devices is manage by itself by BIG-IP appliance.
  • The floating address 10.2.0.155 is respect by both BIG-IP appliance as a source address for internal network.

  

 

HA Configuration

Create backup of current configuration.

 

 

 

 

 

 

 

 

 

 

 

Download Full Document.

Take reference from @cbt_nuggets_Video

 

BIG-IP-IRules

BIG-IP-IRules

IRules

  • An iRules, in its most simple terminology, is a script that executes against network traffic passing through an F5 device.
  • iRules can route, re-route, redirect, inspect, modify, delay, discard or reject, log or … do just about anything else with network traffic passing through a BIG-IP.

 

In this example, we redirect HTTP request to https using iRules.

    

Auto error detects in a script if any syntax error.

In addition, iRule editor present for writing script.

 

Some pre-define rules are also as an example.

To apply iRule follow below process.

Click on “Resources”

Then Click on “Manage”

.

.

Download Full Document.

Take reference from @cbt_nuggets_Video

BIG-IP-IApp-Configuration-Log-Management

BIG-IP-IApp-Configuration-Log-Management

IApp configuration in BIG-IP

What the purpose of iApp:-

  • It’s save for any miss happening with configuration.
  • There are lot of changes during node creation, pool creation and virtual machine creation like redirection, NAT, SNAT, One Connection setting…Etc.
  • It is possible to by any system administrator change in setting and we lost our connection or setting.
  • To prevent these changes we create iApp object, which make a new object and not effected by manual changes by any one.   
  • Once iApp created then we cannot directly modify the configuration. Only using iApp.

 

To create iApp follow steps.

  

Customize setting as per our requirement.

Select parent template “f5.http”, put IP address, access port, select http pool…Etc.

Finally, we have bellow object setting which is totally independent from main configuration.

Log Management Tools

 

Open Dashboard to details view.

 

BIG-IP-Add-node-LB-NAT-SNAT-OneConnect-SSL-BIG-IP_ColorCode

BIG-IP-Add-node-LB-NAT-SNAT-OneConnect-SSL-BIG-IP_ColorCode

Adding virtual server.

Steps:-

  1. Create three virtual machine
  2. Connect network adapter to internal VLAN
  3. Turn on VM

Step 1. Create virtual machine with apache web service where in 1st machine example page show like bellow to easily identify.

Same for Green and Blue.

Step2. Each server must be connected with right VLAN.

 

Step3. Then on all VM.

Then check all VM from BIG-IP server, is it connected or not.

Download document file which covers these topics:-

  • Add Node
  • Load Balancer
  • NAT
  • SNAT
  • OneConnect
  • SSL
  • BIG-IP
  • Color-code

Download Full Document.

Take reference from @cbt_nuggets_Video

BIG-IP-Installation and Activation’s

BIG-IP-Installation and Activation’s

Download BIG-IP from the official site of F5 (https://www.f5.com/trials) and start it.

These a are a basic configuratia on of a lab.

 

The default password of root is “default” and for GUI interface username is “admin” and password is also “admin”.

Access web interface of big-ip.

               

Activate license(From f5 site we can take a trial license for 30-90 days).

Download document file which covers these topics:-

  • Activation,
  • Standard network configuration
  • External network
  • HA network configuration

Download Full Document.

Take reference from @cbt_nuggets_Video

BIG-IP-Installation and Activation.

BIG-IP-Installation and Activation.

Installation, Activation and adding Node.

Download BIG-IP from the official site of F5 (https://www.f5.com/trials) and start it.

First, activate it with a trial license.

 

 

Adding a virtual server.

Steps:-

  1. Create three virtual machine
  2. Connect network adapter to internal VLAN
  3. Turn on VM

Step 1. Create a virtual machine with apache web service where in 1st machine example page show like bellow to easily identify.

Same for Green and Blue.

Step2. Each server must be connected with right VLAN.

Step3. Then on all VM.

Then check all VM from BIG-IP server, is it connected or not.

Take reference from @cbt_nuggets_Video

Network Teaming RHEL/CentOS 7

Network Teaming RHEL/CentOS 7

How to Configure Network Teaming in RHEL/CentOS 7

When a system administrator wants to increase the bandwidth available, provide redundancy, and load balancing for data transfers, a kernel feature known as network bonding allows getting the job done in a cost-effective way.

 

 

To configure Teaming, need at least two NIC.

Check NIC details using command[s] ( using ifconfig, ip addr… ).

[root@feenixdv ~]# cat /proc/net/dev
Inter-|   Receive
 face |bytes   
enp0s3:   24307
enp0s8:    4089
enp0s9:    3310
 
In my example enp0s3, enp0s8 and enp0s9 are network interfaces.
enp0s3 is primary interface so in this example I am going to create “team0” with enp0s8 and enp0s9.
Using “nmtui” command, we can create teaming in very simple way.

[root@feenixdv ~]# nmtui

 

Step 1:- Edit connection.
Step 2:- Add new connection.
Step 3:- Select team from list and click on create.
Step 4:- Select add to add NIC interface.

Step 5:- Select interface.
Step 6:- Put NIC details (see ifconfig details for NIC name).
Step 7:- Add interface one by one.
Step 8:- Finally done.

Assign IP to interface (Team0).

[root@feenixdv ~]# nmcli connection modify Team0 ipv4.method manual ipv4.addresses 192.168.1.100/24 connection.autoconnect yes

Activate interface.

[root@feenixdv ~]# nmcli connection up Team0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/9)

Check IP details.

[root@feenixdv ~]# ifconfig
.
.
team0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.100  netmask 255.255.255.0  broadcast 192.168.1.255
.
.

Check ping.

[root@feenixdv ~]# ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
64 bytes from 192.168.1.100: icmp_seq=1 ttl=64 time=0.029 ms
64 bytes from 192.168.1.100: icmp_seq=2 ttl=64 time=0.078 ms