Tuesday, September 4, 2012

BIG IP F5 LTM Tutorial - Part 10

6. Profiles

Ø  Profile is very powerful configuration tools in BIG IP F5 LTM which hold all traffic management & simplify settings of objects which can be tedious & complicated without these profiles.

Ø  Profiles  Provide :
o   A single place to define specific traffic behaviour.
o   A centralized place to utilize that object settings.
o   A Centralized place to change any settings & have them applied to all application using an existing profile.

Ø  A profile tells a virtual server how to process packets when it receives based upon the profile’s configuration parameters
Ø   Profiles are used by LTM system to manage the processing of traffic through each virtual server.
For Example:
o   If you want to encrypt /decrypt traffic then you can use clientssl/serverssl profile.
o   If you want to increase the speed at which the virtual server processes HTTP requests then assign fasthttp profile.

Ø  You can use existing profile or can create custom profile based on application requirement.

Ø  You can associate multiple profiles to single virtual server.

Ø  We have certain restriction & dependency using these profiles i.e.
o   HTTP profile needs TCP profile in place to process traffic.
o   HTTP & FTP profile cannot associate with single virtual server.

Ø  As a general rule, profile of given layer of OSI model are depend upon profile of lower layers & profile of the same layer cannot co-exists.
o   For Example: HTTP profile is required to process cookies and HTTP profile requires a TCP profile.
o   For Example: TCP & UDP profile cannot co-exist in one Virtual Server.

Ø  At a minimum, a Virtual Server must reference a connection lever profile, based on UDP, FastL4 or TCP profile type. Thus if you have not assigned any profile then LTM adds a default profile (UDP, FastL4, TCP) depend  on Virtual Server protocol setting , If you have selected UDP then it will add UDP profile or if you have selected TCP then it will add FastL4 Profile. ( Types of profile are mention below)

Ø  Types of profile :
o   Protocol (Connection Oriented)
ü  Protocol Support parameters concerning timeouts and connection management. All Virtual Server have at least one protocol profile.
o   Services (Data Type Oriented)  
ü  Service based profile support special feature for select application. For HTTP it’s knowledge of various HTTP headers & data structure. For FTP it’s the ability to support Active / Passive FTP, but both services will have same protocol profile i.e. TCP.
o   Persistence (Session Oriented)
ü  Persistence profile defines multiple methods that the LTM system uses to treat multiple TCP connection to treat TCP connections as Single session. There are different type of persistence profile & you can configured based or your requirement.
o   SSL (Encryption Oriented)
ü  SSL based profile support encryption / decryption.
o   Authentication (Security Oriented)

Ø  Configuration of Profile :
o   Till now we had configured Node, Pool Member, and Pool & Virtual Server.
o   After configuration you can verity that by default Virtual Server will have FastL4 profile.
o   You can modify these profiles or can create custom profile.
o   For MY_SERVER_HTTP - fasthttp  and MY_SERVER_HTTPS- clientssl

root@chetan(Active)(tmos)# modify ltm virtual MY_SERVER_HTTP profiles replace-all-with { fasthttp }
root@chetan(Active)(tmos)# modify ltm virtual MY_SERVER_HTTPS profiles replace-all-with { clientssl }

o   Default available profile options under Virtual Server  : - 

o   Also you can create custom profile based on application requirement.

Note: Check restriction before applying any profile to virtual server

No comments:

Post a Comment