Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
80 Cards in this Set
- Front
- Back
|
What general information should you have to open a support ticket with F5 |
1. Full description of the issue 2. A description of the impact the issue is having on your site. 3. The hours that you are available to work on the issue and any alternative contacts that can work on the issue 4. Remote access information, if possible |
|
|
What informatino should you collect when opening a support ticket with f5? |
1. qkview or tech.out file 2. Log files 3. Packet Traces 4. UCS Archive 5. Core Files |
|
|
What is the qkview utility? |
An executable program that generates machine-readable (XML_ diagnostic data from the BIG-IP or Enterprise Manager System.
This automatically generates 5 mb of log files and includes them with qkview in a tar output |
|
|
Command to run to collect all the log files? |
tar -czpf /var/tmp/logfiles.tar.gz /var/log/* |
|
|
What are core files? |
Core files contain the contents of the system memory at the time a crash occurred.
|
|
|
Where are core files located? |
/var/savecore directory (9.0 - 9.2.5) /var/core (9.3 and later) |
|
|
Sev1 Sum |
1 hour response time
Software/hardware is preventing the execution of critical business activities. Device will not power up or is not passing traffic |
|
|
Sev2 Sum |
1 hour response time
Software/hardware conditions on your f5 device are preventing or significantly impairing high-level commerce or business activities |
|
|
Sev3 Sum |
4 hour response time
Software/hardawre conditions on your f5 device are creating degradation of service or functionality in normal business or commerce activities |
|
|
Sev4 Sum |
24 hours response time
Questions regarding configurations, troubleshooting non critical issues, or requests for product functionality that is not part of the current product feature set |
|
|
Sev1 keywords |
preventing the execution of critical business activities |
|
|
Sev2 keywords |
preventing or significantly impairing high-level commerce or business activities |
|
|
Sev3 keywords |
degradation of service or functionality in normal business or commerce activites |
|
|
Sev4 keywords |
questions, troubleshooting non-critical issues, or questions for product functionality |
|
|
What is a quantitative observation?? |
observations that can be precisely measured
(taking an extra 20 seconds per connections_ |
|
|
What is a qualitative observation? |
Observations that have more to do with characteristics of what is being observed
(seems to be taking longer to connect than it did this morning) |
|
|
What is included in a full description of the issue? |
1. The symptoms 2. Approximate time the issue first occured 3. Number of times it occured 4. Error output provided by the system 5. Steps to reproduce the issue 6. Any changes you made before it occured 7. Any steps you made to resolve the issue |
|
|
What is the network summary? |
WebUi utility that shows a summary of local traffic objects, as well as a visual map of the virtual servers, pool, and pool members on the BIG-IP system |
|
|
The network map summary displays data for what object types? |
1. Virtual Servers 2. Pools 3. Pool Members 4. Nodes 5. iRules |
|
|
If you configure a pool, but no VS references that pool, will it show in the network map? |
No. |
|
|
Green circle indicator means... |
The objects are enabled and available (able to receive traffic) |
|
|
Orange triangle indicator means... |
The objects are enabled but are currently unavailable. However, the object might become available later, with no user action required. Example would be a VS whose connection limit has been exceeded. |
|
|
Red diamond indicator means... |
The objects are enabled but offline because an associated object has marked the object as unavailable. To change the status so that the object can receive traffic, you must actively enable the object. |
|
|
Black circle indicator means... |
The virtual server or virtual address is operational but set to Disabled. To resume normal operation, you must manually enable the virtual server or virtual address. |
|
|
Blue square indicator means... |
The status of the objects is unknown |
|
|
What is the network map? |
A webUI map that presents a visaul hierarchy of the names and status of virtual servers, pools, pool members, nodes, and iRules defined on the system.
Tries to show all objects in context, starting with the virtual server at the top. |
|
|
What is a virtual server? |
A traffic management object on the BIG-IP system that is represented by an IP address and a service. |
|
|
To summarize, a virtual server can do the following: |
1. Distribute client requests across multiple servers to balance server load 2. Apply various behavioral settings to a specific type of traffic 3. Enable persistence for a specific type of traffic 4. Direct traffic according to user-written iRules |
|
|
What is a pool? |
A load balancing pool is a logical set of devices, such as web servers, that you group together to receive and process traffic. |
|
|
What is a pool members? |
A logical object that represents a physical node (server), on the network. |
|
|
What is a node? |
A logical object on the BIG-IP LTM system that identifies the IP address of a physical resource on the network. |
|
|
What is the difference between a node and a pool member? |
A node is designated by the devices IP address only (10.10.10.10), while designation of a pool member includes an IP address and a server (10.10.10.10:80) |
|
|
What is the difference between health monitors of a node and of a pool members? |
A health monitor for a pool member reports the status of a service running on the device, whereas a health monitor associated with a node reports the status of the device itself. |
|
|
What is the main Dashaboard screen and what does it display? |
The main Dashboard screen is of the system overview. This screen displays a graphical representation of CPU and Memory utiliation, Connections and Throughput of the system. |
|
|
What is Analytics? |
Analytics is a module on the BIG-IP system that lets you analyze performance of web applications. |
|
|
What is Analytics also refered to as? |
Application Visibility and Reporting |
|
|
What are some things that Analytics shows? |
- Transactions per second - Server and Client Latency - Request and Response throughput - Sessions |
|
|
What all can you view metrics for with Analytics? |
- Applications - Virtual Servers - Pool Members - URLs - Specific Countries - Application Traffic |
|
|
What is an Analytics profile? |
A set of definitions that determine the circumstances under which the system gathers, logs, notifies, and graphically displays information regarding traffic to an application |
|
|
In the Analytics profile, you customize what? (4) |
1. What statistics to collect 2. Where to collect data (locally, remotely, both) 3. Whether to capture traffic itself 4. Whether to send notifications |
|
|
What ways can you restoring configuration data? (4) |
1. Configuration Utility 2. CLI using tmsh 3. On replacement RMA 4. Running later software version |
|
|
How to restart the system in the configuration utility? |
System -> Configuration -> Reboot |
|
|
Command to load configuration from CLI? |
tmsh load /sys ucs <path/to/ucs> |
|
|
What command would you run to verify that the new or replaced secure shell (SSH) keys from the UCS file are synchronized between the BIG-IP system and the Switch Card Control Processor? |
keyswap.sh sccp |
|
|
When is the UCS archive actually restored when done on the same device it was taken? |
After a reboot of the device |
|
|
What is an alternative way to reactivate the BIG-IP system after a UCS restore done on a different device? |
Replace the /config/bigip.license file with the original file.
If you don't you simply re-license the system. |
|
|
According to the Study Guide, when should to create a UCS? |
Prior to the change and after the change for both active and stand-by systems |
|
|
What are some common operation tasks you can automate with the Enterprise Manager? (5) |
- Configuration - Certificate management - Software Updates - Node Management - Policy control |
|
|
What is a rotating archive? |
Archives that are created and saved on a schedule |
|
|
What does the EM compare when it created a rotating archive? |
It compares the most recently stored UCS archive file to the current configuration on the device at the specified interval. If there are any difference, EM stores a copy of the current configuration. If there are not, it does not store an additional copy (Read: extra space) |
|
|
By default, the EM stores up to how many rotating archives? |
Up to 10 rotating archives each, for itself and every managed device. |
|
|
What is a pinning archive? |
EM created an archive of a specific UCS for a device. Pinned archives are stored until you delete them |
|
|
Path to create a scheduled archive on the EM? |
Enterprise Management -> Tasks -> Schedules -> Archive Collection -> Create |
|
|
Where will you a see a task failure on the EM? |
In the 'Task List' |
|
|
Red Flag (EM Device Certificates) |
Indicates that the certificate has expired. When the client systems require this certificate for authentication, the client receives an expired certificate warning |
|
|
Yellow Flag (EM Device Certificates) |
Indicates that a certificate will expire in 30 days or less. The certificate is still valid, but you should take action to prevent certificate expiration |
|
|
Green Flag (EM Device Certificates) |
Indicates that a certificate is valid and will remain valid for at least 30 more days |
|
|
What does the cpcfg command allow you to do? |
Copy a configuration from a specified source boot location to a specified target boot location. |
|
|
What are 3 common issues that can be impactful to an environment when doing software upgrades? |
1 Known issues with the release 2. iRule compatibility 3. Older version configurations migrating forwards successfully |
|
|
What happens when you set a node or pool to Disabled? |
The node or pool member continues to process persistent and active connections. It can accept new connections only if the connections belong to an existing persistence session. |
|
|
What happens when you set a node or pool to Forced Offline? |
The node or pool members allows existing connections to time out, but no new connections are allowed. |
|
|
What is an example case for disabling a member? |
If the administrator needs to make changes, such as configuration maintenance to a server, that is the resource of a pool, but wants to gracefully allow users to finish what they are doing. |
|
|
What is an example case for forcing down a member? |
If the administrator needs to take a resource out of a pool immediately due to a critical misconfiguration or system error that is impacting business. |
|
|
If a virtual server is using persistence and the administrator sets the pool to 'Disabled,' what will happen? |
The persistence record will be honored until it expires. Thus the administrator could disable a pool member and that member can still receive new connection from the existing persisted clients. |
|
|
If a virtual server is using persistence and the administrator sets the pool to 'Forced Offline,' what will happen? |
The virtual service will not allow any new connections to the pool member even if persistence is configured on the virtual server. |
|
|
What can an administrator do if he needs to stop all connections immediately from a pool resource without any completion of the current connection? |
Remove the pool member from the pool will kill all connections immediately. This is not recommended for day-to-day maintenance but is an option for emergencies. |
|
|
What is Port-Lockdown? |
A BIG-IP security feature that allows you to specify particular protocols and services from which the self-IP address defined on the BIG-IP system can accept traffic. |
|
|
What are the Port-Lockdown settings? (4) |
- Allow Default - Allow All - Allow Custom - Allow None -Allow Customer (Include Default) |
|
|
Port-Lockdown Allow Default port are? (11) |
- OSPF - TCP 4353 iQuery - UDP 4353 iQuer - 443 HTTPS - TCP 161 SNMP - UDP 161 SNMP - 22 SSH - TCP 53 DNS - UDP 53 DNS - 520 RIP - 1026 Network Failover |
|
|
What is the default Port-Lockdown setting? |
Version 10.x - Allow default Version 11.x - None |
|
|
Command to modify Port-Lockdown settings from tmsh? |
modify /net self <self-ip> allow-server <option> |
|
|
What are Packet Filters? |
Packet filters enforce an access policy on incoming traffic. They apply to incoming traffic only. The primary purpose of a packet filter rule is to define the criteria that you want the BIG-IP system to use when filtering packets. |
|
|
Example criteria that you can specify in a packet filter are? (3) |
- Source IP - Destination IP - Destination port |
|
|
What are the possible values for the order of packet filters? (4) |
- First - Last - After
|
|
|
What are the possible Packet Filter Actions? (4) |
- Accept -Discard - Reject (sends rejection packet) - Continue (acknowledge packet for logging or statistical purposed) |
|
|
What is PAM technology? |
PAM (Pluggable Authentication Module) allows you to choose from a number of different authentication and authorization schemes to use to authenticate or authorize network traffic. |
|
|
Where does the BIG-IP system normally route remote authentication traffic? |
Through a Traffic Management Microkernel (TMM) switch interface, rather than through the management interface. That is, VLAN and Self-IP address. |
|
|
What are the BIG-IP Authentication Modules? (7) |
- LDAP - RADIUS - TACACS+ - SSL client Certificate LDAP - Online Certificate Status Protocol - Certificate Revocation List Distribution Point - Kerberos Delegation |
|
|
What two sources does BIG-IP use to resolve host names? |
- host files (first) - DNS (second) |
|
|
Steps to configure DNS in Configuration Utility |
System -> Configuration _> Device -> DNS -> DNS Lookup Server List |
