Configuring BIG-IP LTM: Local Traffic Manager v16.1

This course is intended for system and network administrators responsible for installation, setup, configuration, and administration of the BIG-IP LTM system.

Back up the BIG-IP system configuration for safekeeping

Configure virtual servers, pools, monitors, profiles, and persistence objects

Test and verify application delivery through the BIG-IP system using local traffic statistics

Configure priority group activation on a load balancing pool to allow servers to be activated only as needed to process traffic

Compare and contrast member-based and node-based dynamic load balancing methods

Configure connection limits to place a threshold on traffic volume to particular pool members and nodes

Differentiate between cookie, SSL, SIP, universal, and destination address affinity persistence, and describe use cases for each

Describe the three Match Across Services persistence options and use cases for each

Configure health monitors to appropriately monitor application delivery through a BIG-IP system

Configure different types of virtual services to support different types of traffic processing through a BIG-IP system

Configure different types of SNATs to support routing of traffic through a BIG-IP system

Configure VLAN tagging and trunking

Restrict administrative and application traffic through the BIG-IP system using packet filters, port lockdown, and virtual server settings

Configure SNMP alerts and traps in support of remote monitoring of the BIG-IP system

Use an F5-supplied iApp template to deploy and manage a website application service

Use iRules and local traffic policies appropriately to customize application delivery through the BIG-IP system

Configure the BIG-IP to detect and mitigate some common attacks at the network and application layers using LTM features such as SYN check, eviction policies, iRules and Local Traffic Policies

Students must complete one of the following F5 prerequisites before attending this course:

Administering BIG-IP instructor-led course
F5 Certified BIG-IP Administrator
The following free web-based courses, although optional, will be very helpful for any student with limited BIG-IP administration and configuration experience. These courses are available at F5 University:

Getting Started with BIG-IP web-based training
Getting Started with BIG-IP Local Traffic Manager (LTM) web-based training
;

The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:

OSI model encapsulation
Routing and switching
Ethernet and ARP
TCP/IP concepts
IP addressing and subnetting
NAT and private IP addressing
Default gateway
Network firewalls
LAN vs. WAN
The following course-specific knowledge and experience is suggested before attending this course:

Web application delivery
HTTP, HTTPS, FTP and SSH protocols
TLS/SSL

Introducing the BIG-IP System

Initially Setting Up the BIG-IP System

Archiving the BIG-IP Configuration

Leveraging F5 Support Resources and Tools

Reviewing Nodes, Pools, and Virtual Servers

Reviewing Address Translation

Reviewing Routing Assumptions

Reviewing Application Health Monitoring

Reviewing Traffic Behavior Modification with Profiles

Reviewing the TMOS Shell (TMSH)

Reviewing Managing BIG-IP Configuration Data

Exploring Load Balancing Options

Using Priority Group Activation and Fallback Host

Comparing Member and Node Load Balancing

Reviewing Persistence

Introducing Cookie Persistence

Introducing SSL Persistence

Introducing SIP Persistence

Introducing Universal Persistence

Introducing Destination Address Affinity Persistence

Using Match Across Options for Persistence

Differentiating Monitor Types

Customizing the HTTP Monitor

Monitoring an Alias Address and Port

Monitoring a Path vs. Monitoring a Device

Managing Multiple Monitors

Using Application Check Monitors

Using Manual Resume and Advanced Monitor Timer Settings

Understanding the Need for Other Virtual Server Types

Forwarding Traffic with a Virtual Server

Understanding Virtual Server Order of Precedence

Path Load Balancing

Overview of SNATs

Using SNAT Pools

SNATs as Listeners

SNAT Specificity

VIP Bounceback

Additional SNAT Options

Network Packet Processing Review

Profiles Overview

TCP Express Optimization

TCP Profiles Overview

HTTP Profile Options

OneConnect

Offloading HTTP Compression to BIG-IP

HTTP Caching

Stream Profiles

F5 Acceleration Technologies

VLAN, VLAN Tagging, and Trunking

Restricting Network Access

SNMP Features

Segmenting Network Traffic with Route Domains

Simplifying Application Deployment with iApps

Using iApps Templates

Deploying an Application Service

Leveraging the iApps Ecosystem on DevCentral

Getting Started with iRules

Triggering an iRule

Introducing iRule Constructs

Leveraging the DevCentral Ecosystem

Deploying and Testing iRules

Getting Started with Local Traffic Policies

What Can You Do with a Local Traffic Policy?

How Does a Local Traffic Policy Work?

Understanding Local Traffic Policy Workflow

Introducing the Elements of a Local Traffic Policy

Specifying the Matching Strategy

What Are Rules?

Understanding Requires and Controls

Configuring and Managing Policy Rules

Configuring a New Rule

Including Tcl in Certain Rule Settings

Understanding Today's Threat Landscape

Integrating LTM Into Your Security Strategy

Defending Your Environment Against SYN Flood Attacks

Defending Your Environment Against Other Volumetric Attacks

Addressing Application Vulnerabilities with iRules and Local Traffic Policies

About the Final Lab Project

Possible Solution to Lab 13.1