F5 Solutions for DDoS > Class 1: Introduction to DDoS with F5 Herculon > DDoS Hybrid Defender Setup Source | Edit on
Lab 1 – DDoS Hybrid Defender Setup¶
Estimated completion time: 45 minutes
Task 1 – Initial Set-up¶
- Open a web browser and access supplied link.(Given at Location)
- Login to the BIG-IP Configuration Utility via your preferred browser?
When you first power up a F5 DHD device you would go through the steps of Licensing and Provisioning. We have assigned the management IP, hostname, NTP and DNS servers. You will be re-activating the license using a new license key.
On the System > Platform page configure the following, and then click Update.
Host Name <your name>.f5demo.com Root Account (Password and Confirm) f5DEMOs4u Admin Account (Password and Confirm) f5DEMOs4u
This will log you out. Log back in
On Device Management->Devices select the device and then click “Change Device Name…”. Update the device name to match the hostname you have chosen. Retain Current Authority
Click Update to save changes
Review and Verify the following: System -> Configuration -> Device -> NTP page add pool.ntp.org to the Time Server List, and then click Update.
Review and Verify the following: System -> Configuration -> Device ->DNS page add 188.8.131.52 to the DNS Lookup Server List, and then click Update.
Open the System > License page and re-activate the BIG-IP system using the new development license key using Manual mode. Copy and Paste License file.
Click Next and explore Resource Provisioning page
The above task ensures that you are using a purpose built DDoS Hybrid Defender. If you are familiar with other F5 Modules/Technology that you have used in the past, you will notice that we have none of those provisioned.
When done click Submit.
Access the Jumbox via RDP. PuTTY into the Hybrid Defender. Login with
rootand restart services
Take a break, ask questions, talk to your neighbor ..it will take several minutes to restart
You MUST re-activate, even if the current license key hasn’t expired. For Silverline access each BIG-IP system must use a unique license key.
Task 2 – DDoS Hybrid Defender iApp and Base Configuration¶
In the BIG-IP Configuration Utility, open DoS Protection > Quick Configuration page.
Select Install RPM method of Onboard
Open the About page
This page displays the current version of DDoS Hybrid Defender (DHD). You use this page to install and update the iApp LX version for DHD when newer versions are released.
In the BIG-IP Configuration Utility, click iApps, Templates and Import, importing the two templates located on the jumpbox documents folder.
Use the Browse and Upload buttons. (You will do this once for each template)
In the BIG-IP Configuration Utility, open iApps > Application Services and select Create
You will be creating two services based on the two Silverline Templates:
Use the default settings for the Silverline connector
Use the Silverline username and password supplied
This is case sensitive – make sure email address is all lowercase
Create the 2nd service for the Silverline DOS Monitor (f5.silverline_dos_monitor)
Use the default settings for the dos_connector except for Volumetric Attack Event Monitoring, switch the network object from interface to VLAN.
Open the DoS Protection > Quick Configuration Network Configuration page.
In the Default Network section click default VLAN.
Configure the VLANs using following information, and then click Done Editing.
Internal: VLAN Tag 20 Internal: Interfaces 1.2 Untagged Internal: IP Address / Mask 10.1.20.240/21 (Click Add) External: VLAN Tag 10 External: Interfaces 1.1 Untagged (Click Add)
At the bottom of the page click Update to create the default network.
Open the Network > VLANs > VLAN Groups page and click defaultVLAN.
A Bridged (VLAN Group) L2 configuration consistent recommended practices for most deployments was automatically created
Open the Network > DNS Resolvers > DNS Resolver list page and click Create.
Enter default_DNS_resolver and then click Finished.
A DNS resolver is required by bot signatures to allow for proper detection of benign search engines such as Google and Bing.
On the Jumpbox desktop, PuTTY to the BIG-IP
Verify DNS by typing the following
Type the following to verify the correct date setting:
If the BIG-IP system date is not accurate, correct it using the following commands:
bigstart stop ntpd ntpdate 10.1.1.254 bigstart start ntpd
Task 3 – Configure Silverline Signaling¶
In the BIG-IP Configuration Utility, open the DoS Protection > Quick Configuration page.
Open the Silverline page.
Configure using following information, and then click Update.
Username firstname.lastname@example.org Password HybridDefense!Wins! Service Address https://api.f5silverline.com
Register the device with the Silverline iApp, to provide bandwidth utilization updates in iApps->Application Services->Applications->silverline_connector. In the iApp, select Reconfigure and then click Finished. This will cause the iApp to register under the new device name.
Use a web browser and access https://portal.f5silverline.com.
Log in with the above credentials
In the Silverline browser, open the Config->Hybrid Configuration->Hybrid Device Management page.
Locate your DHD device by searching for (<your name prefix>.f5demo.com) .
Click the Approve button to approve device registration.
For Silverline device registration to function properly there must be some specific considerations. The BIG-IP system must have a unique device ID, which is comprised of attributes like Base MAC and registration key. In Ravello and similar virtual environments the Hybrid Defender VE must be re-licensed uniquely each time.
Task 4 – Configure DHD Device Bandwidth Thresholds¶
- In the DoS Protection > Quick Configuration page, open the
Protected Objects page.
In the Network Protection section click Create.
Configure using following information, and then click Save.
Maximum Bandwidth: Specify 500 Scrubbing Threshold: Type Percentage 1.20Scrubbing Threshold: Value 75 Advertisement Method Silverline Scrubber Details: Type Advertise All
That completes the setup for BIG-IP DDoS Hybrid Defender with Silverline integration.