Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
57 Cards in this Set
- Front
- Back
What information do you need to create an IP forwarding Virtual Server?
|
Type (Forwarding IP), Destination Network, source VLAN and SNAT
|
|
Increase the speed of HTTP and TCP using what Profiles?
|
FastHTTP and FastTCP
|
|
Order of precidence for virtual servers?
|
IP:PORT IP:* NETWORK:PORT NETWORK:* *:PORT *:* |
|
VLANs map to interfaces? Self IP's map to VLANs?
|
True
|
|
5 Different types of status indicators on the network map?
|
Green = Enabled and Available Yellow = currently unavailable but enabled Red = Offline due to monitor but enabled Black = Disabled Blue = Unknown Enabled |
|
What is a virtual address?
|
simply an IP address that can be associated with a virtual server when a port is added. |
|
What happens on layer 2 with a virtual address?
|
BigIP associated a MAC address with the IP and will respond to ARP.
|
|
What types of troubleshooting tools are available for testing server connectivity at different layers?
|
Ping, traceroute, telnet, openssl, curl
|
|
Monitors are associated with pools or pool members?
|
Pool Members, each member can have a different monitor. |
|
Force offline can only be applied to the?
|
Pool Member
|
|
What is the difference between force offline and disabled?
|
Disabled allows persistent connections and existing connections. Force Offline only allows existing connections to time out. |
|
Difference between Pool Member ratio and Priority?
|
Priority sets which pool members take priority over others, eg 1 or 2 servers will service ALL requests, until one of those is unavailable, another server with lower priority will take over. Ratio sets the weight of how many connections can be sent to a certain pool member |
|
What features do you use to manage the number of incomming connections and the rate a which connections are made? |
On either VS, Pool member or node, change connection rate limit or connection limit. |
|
Name the two most common session persistence methods on F5 BigIP?
|
Cookie and Source Address Affinity Others include: dest address, SSL, SIP, Hash |
|
What are the two objects used to configure session persistence?
|
Persistence profiles and iRules.
|
|
Difference between persistence and session persistence?
|
Persistence can refer to HTTP keeping itself alive instead of closing after each transaction. Session persistence is the act of keeping a session active on a single server instead of load balancing. |
|
What is the difference between primary and fallback persistence?
|
You can only set address based persistence for a fallback. When the primary persistence is not working, the address based persistence record is used.
|
|
Are cookie persistence records viewable on the F5?
|
No |
|
Saving and restoring archive in CLI?
|
tmsh save sys ucs /path/to/save tmsh load sys ucs /path/to/ucs |
|
How to view address based persistence in the GUI and CLI?
|
GUI = Statistics > Module Statistics > Local Traffic > Persistence Records CLI = show ltm persistence persist-records |
|
What is EUD and how can you run it?
|
stored in /var/log/ directory |
|
Where are alerts from alertd written to file?
|
/shared/log/ltm |
|
Name 3 of the 5 types of logs stored in /var/log
|
System Messages /log/messages Linux related events Audit log /log/audit incl usernames and ID Local Traffic Events /log/ltm LTM TMM etc Packet filter /log/pktfilter GTM Global traffic manager |
|
How does a failover to standby help in troubleshooting?
|
By failing over to a secondary device which is in sync, you can see if the issue is related to the formerly active device hardware. If the issue persists, it is likely a configuration issue.
|
|
To create a stateful failover, each system must be configured to mirror what?
|
connection table, persistence records and SNAT table. |
|
Running tcpdump on a heavily loaded system can cause preformance issues, what can be done to mitigate this?
|
Use tcpdump filter expressions such as: -nni = no DNS resolution and using interface "x" -network = listen on specific network or ports -w = write to file -s0 = capture whole packet or specify different length |
|
quantitative vs qualitative?
|
Quantitiy: What measurable indicators can we take from the issue that are different from normal operation? vs What can you observe about the issue? How is it different from normal operation? |
|
What are the different port lockdown options for self-IPs?
|
Allow None Allow Custom Allow Default |
|
Name 4 protocols allowed for the port lockdown "Allow Default" setting?
|
DNS HTTPS SSH SNMP iQuery RIP Network Failover |
|
What is the port lockdown setting on a brand new device running 11.x? Is it different for 10.x versions?
|
Allow None Yes, Allow Default |
|
Why use port lockdown?
|
To restrict self-ip access to only allow what is required by administrators. |
|
Does a packet filter apply to management traffic?
|
Yes, Packet filter apply to all traffic. |
|
What input must be provided for a basic packet filter rule?
|
Action = Accept, Discard, Reject, Continue VLAN = VLAN to filter expression = what to filter logging = yes or no |
|
What is PAM? (Pluggable Authentication Module)
|
PAM allows the use of a number of different AAA providers to be used through BigIP
|
|
Does PAM use TMM or Self?
|
TMM |
|
Name 3 authentication modules supported by the BigIP
|
RADIUS TACACS+ CRLDP KEREBOS SSL client Cert LDAP OCSP |
|
What are the two methods BigIP uses to resolve names?
|
DNS server configured |
|
How can an admin verify if DNS is working?
|
Using DIG or nslookup on the CLI |
|
Guidlines for information to provide when raising a support ticket.
|
2. Description of the impact the issue is having 3. The hours available and contact info 4. remote access info if possible 5. qkview or tech.out file 6. packet traces 7. UCS archive 8. Core files |
|
To provide f5 with more log files what would you do?
|
tar -czpf /var/tmp/logfiles.tar.gz /var/log/* |
|
Name the 4 severities for cases, their response times and what the criteria is for each sev.
|
Sev1 = 1 hour - preventing critical business activities Sev2 = 1 hour - significantly imparing high level commerce or business activities Sev3 = 4 hour - degredation of service or functionality for normal business or commerce Sev4 = 24 hour = Informational and troubleshooting non critical issues. |
|
Two different views included in the network map?
|
Network Map |
|
Summary of what virtual servers can do:
|
Apply various behavioral settings Enable persistence Direct traffic according to iRules |
|
Main difference between a node and pool member
|
Pool member uses a node object and adds a port. Will then be added to a pool which can be added to a virtual server. |
|
Standard Dashboard overview displays what?
|
CPU usage, memory usage, connections and throughput |
|
Analytics also known as AVR is a module providing what kind of statistics?
|
Application Visibility and Reporting shows how applications are performing. It provides detailed metrics such as TPS, server and client latency, request and response throughput and sessions. |
|
What must you create to allow Analytics to work?
|
Profiles contain: - What stats to collect - Where to collect data (locally, remotely or both) -Whether to capture trafic itself -Whether to send notifications |
|
Where are statistics relating to iRules, profiles, SNAT lists, pools, nodes and virtual addresses located?
|
Statics > Module Statistics > Local Traffic |
|
When would you restore a UCS archive?
|
In event of a device failure, RMA or disaster recovery. |
|
When would you create a UCS archive?
|
Before and after making changes to a device on both active and standby devices in a HA pair. |
|
Which tasks can be automated using the EM?
|
Software updates Cert management Node Management Policy Control |
|
How does a rotatig archive work?
|
A task can be scheduled to check every week, day, month etc to check current config of devices against the latest backup. If changes have occured, EM takes a backup. Only 10 archives are stored and the oldest is deleted.
|
|
What happens to a pinned archive in the EM?
|
It will not be deleted unless done so by and admin. |
|
There is no way of knowing if a task has failed on a specific device. True or false?
|
False, you can create custom alerts to nitify you or others if a device becomes unreachable or tasks fail etc. |
|
By default certificate management is enabled, what are the different flags for? (Red, Yellow, Green)
|
Red = Expired Yellow = About to expire in 30 days Green = Cert has at least 30 days left or more |
|
Common issues when moving to a new software version are?
|
Configuration Known issues with the release |
|
All changes to virtual servers take effect immediately. True or false?
|
False, some settings only apply to new connections made after the chage.
|