Lab 1 – DDoS Hybrid Defender Setup

Task 1 – Initial Set-up

  • Login to the BIG-IP Configuration Utility via the desktop shortcut (DHD WEB GUI). You will land on the welcome page.

Note

When you first power up a F5 DHD device you would go through the steps of Licensing and Provisioning. We have assigned the management IP, hostname, NTP and DNS servers. We have already licenesed the device for you.

  • Review and Verify the following: System -> Configuration -> Device -> NTP page. This should be already populated with pool.ntp.org

  • Review and Verify the following: System -> Configuration -> Device ->DNS page. This should be already populated with 8.8.8.8

  • Click System and explore Resource Provisioning page.

    image23

Note

The above task ensures that you are using a purpose built DDoS Hybrid Defender. If you are familiar with other F5 Modules/Technology that you have used in the past, you will notice that we have none of those provisioned. We have a new section DDOS Protection only.

Task 2 – DDoS Hybrid Defender iApp and Base Configuration

  • In the BIG-IP Configuration Utility, open DoS Protection > Quick Configuration page.

  • If not already installed, Select Install RPM method of Onboard.

  • Click Install.

    image7

  • After the RPM is installed you will see the following:

  • Open the About page.

    image8

  • This page displays the current version of DDoS Hybrid Defender (DHD). You use this page to install and update the iApp LX version for DHD when newer versions are released.

    image9

  • Open the DoS Protection > Quick Configuration Network Configuration page.

    image17

  • In the Default Network section click default VLAN.

  • Configure the VLANs using following information, and then click Done Editing.

    Internal: VLAN Tag 20
    Internal: Interfaces 1.2 Untagged
    Internal: IP Address / Mask 10.1.20.240/21 (Click Add)
    External: VLAN Tag 10
    External: Interfaces 1.1 Untagged (Click Add)

    image18

  • At the bottom of the page click Update to create the default network.

  • Open the Network > VLANs > VLAN Groups page and click defaultVLAN.

Note

A Bridged (VLAN Group) L2 configuration consistent with recommended practices for most deployments was automatically created. Also called “Bump in the Wire”. F5 can support Routed mode, SPAN and Netflow as well.

  • Open the Network > DNS Resolvers > DNS Resolver list page and click Create.

  • Enter default_DNS_resolver and then click Finished.

  • A DNS resolver is required by bot signatures to allow for proper detection of benign search engines such as Google and Bing.

  • On the Jumpbox desktop, SSH to the BIG-IP, it will log you in automatically as user root, using the shortcut.

  • Verify DNS by typing the following:

    nslookup api.f5silverline.com

  • Verify the Date by typing the following:

    date

  • If the BIG-IP system date is not accurate, correct it using the following commands:

    bigstart stop ntpd
    ntpdate 10.1.1.254
    bigstart start ntpd
    

Task 3 – Explore DHD Device Bandwidth Thresholds

  • In the DoS Protection > Quick Configuration page, open the Protected Objects page.

  • In the Network Protection section click Create.

  • This page is where you would supply values to protect your bandwidth and integrate with Silverline or use BGP to change your routing to go through a scrubbing center.

  • Click Cancel when done exploring the available settings.

    image22

  • That completes the initial setup for BIG-IP DDoS Hybrid Defender.