Lab 3: Load Balancing, Monitoring and Persistence

Objectives:

• Configure and review Ratio load balancing
• Build and test priority groups
• Build a content monitor that looks for a receive string and requires authentication
• Build and review simple (source IP) persistence and cookie persistence.

Ratio Load Balancing

1. Go to Local Traffic >> Pools and select www_pool and then Members from the top bar or you could click on the Members link in the Pool List screen.

   

   Note

   When we created the pool, we performed all of our configurations on one page, but when we modify a pool the Resource information is under the Members tab

2. Under Load Balancing section

   1. Change the Load Balancing Method to Ratio (Member)

   2. As you look at the drop-down menu, notice most load balancing methods have two options: (Node) or (Member). Remember the difference?

      

   3. Don’t forget the Update button

   4. Then under Current Members

      1. Select the first member in the pool 10.1.20.11:80.

      2. Under the Configuration section

         1. Change the Ratio of the member to 3

         

   5. Select the Update button

3. Verification

   1. Check the pool statistics by selecting Statistics on the top bar, if you are still in Local Traffic >> Pools, or by going to Statistics >> Module Statistics >> Local Traffic and selecting Pool from Statistics Type.
   2. Reset the statistics for your www_pool pool by checking the boxes next to the pool members and hitting the Reset button
      1. Browse to your www_vs (10.1.10.100) virtual server
      2. Refresh the browser screen several times (use “<ctrl>” F5)
      3. Select the Refresh button on the Statistics screen
      4. How many total connections has each member taken?
      5. Is the ratio of connections correct between the members?
   3. Now go back and put the pool load balancing method back to Round Robin
      1. Reset the statistics
      2. Refresh the virtual server page several times
      3. Refresh the statistics
      4. Does the ratio setting have any impact now?

Priority Groups Lab

Let’s look at priority groups. In this scenario we will treat the .13 server as if it were in a disaster recovery site that can be reached over a backhaul. The customer would like to maintain at least two members in the pool for redundancy and load. They would find this beneficial to allow connections to proceed during a maintenance window or during an outage.

1. Go to Local Traffic >> Pools >> www_pool

   1. Select the Members tab.

      1. Set the Load Balancing Method back to Round Robin

      2. Set the Priority Group Activation to Less than … 2 Available Members.

         

   2. Don’t forget to hit the Update button

   3. Select the pool members 10.128.20.11 and 10.128.20.12 and set their Priority Group to 2.

      1. This will allow you to change the priority on that particular member.

         

2. Review your settings and let’s see how load balancing reacts now

   1. Select the Statistics tab.
   2. Reset the pool statistics.
   3. Browse to your virtual server and refresh several times.
   4. Refresh your statistics.
   5. Are all members taking connections?
   6. Which member isn’t taking connections?

3. Let’s simulate a maintenance window or an outage by disabling a pool member in the highest priority group (2).

   Note

   F5 ranks priority from low number to high number. This means, a priority of 1 has a lower priority than 2, and onwards.

   This should cause priority group activation to kick in, since the number of active members in our high priority group has dropped below one.

4. Select the member in the Priority Group 2 and Disable that pool member.

   1. Select the Disable button

      

   2. The status indicator now goes to black, indicating the member has been disabled

5. Once again, select Statistics, reset the pool statistics, browse to the virtual server and see which pool members are taking hits now.

Once you are done testing re-enable your disabled pool member.

Monitor Labs

Objective:

• Build a default monitor for nodes
• Build a content monitor for your pool

Default Monitors

1. Go to Local Traffic >> Nodes, note the status of the nodes.

   1. Note that the nodes exist in this table, even though they were never specifically configured in the Node section of the GUI. Each time a unique IP address is placed in a pool a corresponding node entry is added and assigned the default monitor (if any).

   2. Select the Default Monitors tab.

      

   3. Notice we have several options. For nodes you will want a generic monitor, so we will choose icmp.

   4. Select icmp from the Available box and hit to place it in the Active box.

   5. Click on the Update button to finalize your changes.

2. Select Node List or Statistics from the top tab.

   1. What are your node statuses?

3. Select Statistics >> Module Statistics >> Local Traffic

   1. What are the statuses of your nodes, pool and virtual server?

For those of you who did the FQDN Pool extra credit lab, you will notice your FQDN in the node list. The status should be Available (Green) even though there wasn’t a monitor. This is because a good status indicates the BIG-IP successfully queried the DNS server for the name. Click on the FQDN node to see additional options, such as query interval.

Content Monitors

The default monitor simply tells us the IP address is accessible, but we really don’t know the status of the particular application the node supports. We are now going to create a monitor to specifically test the application we are interested in. We are going to check our web site and its basic authentication capabilities.

1. Browse to http://10.1.10.100 and on the web page select the Basic Authentication link under Authentication Examples.

   1. User: user.1
   2. Password: password
   3. You could use text from this page or text within the source code to test for availability. You could also use HTTP statuses or header information. You will be looking for the HTTP status “200 OK” as your receive string to determine availability.
   4. Note the URI is /basic. You will need this for your monitor.

2. Select Local Traffic >> Monitor on the side-bar and select the plus (+) sign or Create

   

   1. Now we can create a monitor to check the content of our web page to ensure things are running properly.

      1. Name: www_test

      2. Type: HTTP

         

   2. Once you have selected you parent (Type) monitor, you can access the Configuration section

      1. Send String: Enter the command to retrieve the page you want “GET /basic/r\n" (no quotes)

      2. In the Receive String box put “200 OK” (no quotes)

         Note

         The receive string is not case sensitive.

      3. Enter user.1/password for the Username and Password

         

   3. Click Finish and you will be taken back to Local Traffic >> Monitors

3. Where is your new Monitor?

   1. Hint: Check the lower right hand corner of the Monitors list. Here you can go to the next page or view all Monitors
   2. You can change the number of records displayed per page in System >> Preferences

4. Go to Local Traffic >> Pools >> www_pool and choose Properties from the top bar

   1. Remove the http monitor from the Active box.

   2. Select the www_test monitor from the Available monitor’s window in the Configuration section and move it to the Active window.

      

5. Once you have selected your parent (Type) monitor, you can access the Configuration section

   1. Select Statistics from the tabs.
   2. What is the status of the pool and its members?

6. Go to Local Traffic >> Virtual Servers. What is the status of your virtual server?

   1. Browse to your www_vs virtual server. Which members are taking traffic?
   2. Just for fun reverse the monitor. Now when 200 OK is returned it indicates the server is not responding successfully. You can see where this would be useful if you were looking for a 404 (bad page) response.

Monitor Testing

There is now the ability to test monitors. This is tremendously helpful as you no longer need to create monitors and add them to false objects on the BIG-IP. The functionality is now built in to the monitor itself to be less invasive on your infrastructure, and less time consuming all together.

1. Go to Local Traffic >> Pools >> www_pool

   1. Under Configuration, move the active monitor to Available

2. Go to Monitors and click on http

   1. Click the Test tab

   2. Under Address plug in 10.1.20.11 and in the port field plug in 80

   3. Click Test

      

   4. Go back to Local Traffic >> Pools >> www_pool

      1. Once here, move http back to Active

Persistence Labs

In this lab we will configure a couple types of persistence and view their behavior. For persistence, profiles will have to be created and attached to our virtual server.

Lab Requirements:

• Prior to beginning the lab verify your www_pool has been set to the following parameters:
  • Load Balancing Method: Round Robin
  • Priority Group Activation: Disable
    • The members Ratio and Priority Group mean nothing since we aren’t using Ratio load balancing and Priority Groups are disabled.
  • Hit Update
  • Hit your virtual server several times, you should see all 3 servers respond.

Simple (Source Address) Persistence

1. Go to Local Traffic >> Profiles and select the Persistence tab.

   1. From the Persistence Profiles screen select the Create button.

      

   2. At the New Persistence Profile screen enter:

      1. Name: my-src-persist

      2. Persistence Type: Source Address Affinity

         

   3. This will add the Configuration section to the General Properties section.

      1. Note the parent profile.

   4. In the Configuration section, set the

      1. Timeout: 60 seconds
      2. Prefix Length: None
         1. This is the default and is a /32 prefix (255.255.255.255 mask).
         2. Each new IP address will create a new persistence record.
      3. Hint: You can’t change these settings until you have checked the Custom box. This prevents unwanted or unauthorized changes from within the GUI, without explicitly allowing it. Also, it allows you to know what has changed from the default settings.

   5. You have just created your first custom Profile.

      1. Note the check box for your new custom profile isn’t grayed out and can be selected to allow you to delete the profile if desired.

2. Now let’s attach our new profile to the virtual server.

   1. Go to Local Traffic >> Virtual Server and ….

      1. Select www_vs and the Resources tab or ….
      2. Take the shortcut directly to the Resources of the virtual server. (Can you find it?)

   2. Set the Default Persistence Profile to my-src-persist.

      

   3. Don’t forget to Update before leaving the page. (Be careful, the reminders will stop!)

   4. Testing Source Address Affinity

      1. At this point you may want to open a second browser window to the management GUI.

      2. From one management window go to Statistics >> Module Statistic >> Local Traffic

      3. Select Persistence Records for the Statistics Type menu

         

3. At this point you will see that the Persistence Records statistics display has been disabled (way back in v12.1). A TMSH database command is required to activate it.

   1. SSH to you BIG-IP at 10.1.1.245. Username: root Password: default
   2. At the prompt enter: tmsh
   3. At the TMSH prompt enter the command in the Persistence Value GUI.
      1. modify sys db ui.statistics.modulestatistics.localtraffic.persistencerecords value true
         1. Tab completion will make this a little easier

4. Now, in this window you can watch your persistence records. You may want to set Auto Refresh to 20 seconds.

   

5. In your other management GUI window go to www_pool and clear the member statistics.

   1. Open a browser session to your virtual server and refresh several times.
   2. How many members are taking traffic?
   3. Check you Persists Records window. Are there any persistence records?
      1. If you are not Auto Refreshing, don’t forget to hit Refresh
   4. Refresh you web page prior to the Age column reaching 60. What happens?

Cookie Persistence (Cookie Insert)

1. Go to Local Traffic >> Profiles >> Persistence tab and hit Create

   1. Let’s name our profile my_cookie_insert (original isn’t it)

   2. Our Persistence Type will be Cookie

   3. This brings us to the Configuration section.

      

2. As you can see, the default Cookie Method is HTTP Cookie Insert, so we won’t have to modify the Cookie Method

   1. The BIG-IP will also create a cookie name for you using a combination of “BIGipServer” and the pool name the virtual server service. We will take this default also.

   2. We will use a session cookie. Which means the cookie is deleted when the browser is closed.

   3. Select Finished

   4. Now attach your cookie persistence profile to your virtual server’s Default Persistence Profile by:

      1. Go to Local Traffic >> Virtual Server >> www_vs >> Resources tab
      2. Set the Default Persistence Profile to my_cookie_insert
      3. Hit Update

   5. Whoa! Did you just get this error message?

      

   6. Remember what we said earlier about some Profiles requiring prerequisite Profiles? Since we are looking in the HTTP header for the cookie the prerequisite for the Cookie Profile is the HTTP profile.

3. We will have to go to the virtual server to add the HTTP profile, prior to adding the Cookie Persistence profile.

   1. Select the Properties tab on your virtual server

   2. Go to HTTP Profile in the Configuration section and select the default HTTP (http) profile.

      

   3. Hit the Update button

   4. Now we can go back to the Resource tab and add our cookie persistence profile.

4. Testing cookie persistence.

   1. If you wish you can watch the member statistics to validate your persistence.

   2. Open a new browser session to your virtual server and refresh several times.

   3. Does the page ever change?

   4. Did you hit a different server?

   5. Refresh several times. Are you hitting the same server?

      1. On the web page under HTTP Request and Response Information click the Display Cookie link.

         

Archive your work in the file: lab3_lb_monitor_and_persist