• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

163 Cards in this Set

  • Front
  • Back

What are somethings a Virtual Server object does

1) Distribute client requests across multiple servers to balance server load
2) Apply various behavioral settings to a specific type of traffic
3) Enable persistence for a specific type of traffic4) Direct traffic according to user-written iRules

Can a virtual server share an IP address with a vlan node

Yes. Create a vlan group that includes the node's vlan, assign a self-ip address to the vlan group, disable the virtual server on the relative vlan.

What is a virtual server

A traffic-management object represented by IP and service port number. Virtual servers increase the availability of resources for processing client requests.

What is a forwarding virtual server

Just like other virtual servers but has no pool members to load balance. It just forwards the packets directly to the destination IP.

What are some things LTM does with a forwarding virtual server

adds, tracks and reaps connections. You can also view statistics.

What is a performance (HTTP) virtual server

A virtual server with which you associate a fast HTTP profile. Together the vs and profile increase the speed at which the VS processes HTTP requests.

What is a performance (L4) VS

A VS that has a fast L4 profile. Speeds up processing of L4 requests.

What can a VS do with DHCP

You can createa VS that relays DHCP between clients and servers in different networks. Known as a DHCP relay agent.

What does a DHCP relay agent VS do

Listens for DHCP client messages being broadcast on the subnet and relays to the server which then sends them back via the f5.

What is the criteria for virtual server precedence

1) First precedent of the algorithm chooses the virtual server that has the longest subnet match for the incoming connection

2) If the number of bits in subnet mask match then the virtual server that has a port match.

3) If no port match is found it uses the wildcard server if a wildcard VS is defined

What are the results of the algorithm for order of precedence in VS precedence


What type of proxy in the LTM TMOS

Full Proxy for VS configured with a TCP profile.

What allows the LTM to maintain compatibility to disparate server OSes

TCP Profile

In full proxy architecture how with the LTM appear

As a TCP peer to both the client and the server by associating 2 independent TCP connections with the end to end session.

Standard virtual server requires

TCP or UDP profile. HTTP, FTP, SSL profiles are optional.

Describe the TCP connection setup for a standard virtual server

3 way TCP handshake occurs on the clientside before the LTM initiates the TCP handshake on the server side.

Client Syn -> LTM Syn-ACK -> Client ACK
LTM Syn -> Pool Member Syn/Ack -> LTM ACK

What are the VS Status indicators for enabled and able to receive traffic

Green Circle

What is the VS status indicator for enabled but unavailable, may become available later. For example: Connection limit exceeded.

Yellow Triangle

What is the VS status indicator for enabled but offline. Must actively enable.

Red Diamond

What is the VS status indicator for Operational but set to disabled. Must actively enable.

Black Circle

What is the VS status indicator for Unknown

Blue Square

Can you create a many to one relationship between Virtual Servers and Virtual Server Addresses

Yes.,, for example

How do you create a virtual address

Created indirectly when you first create a virtual server. LTM associates the virtual address with a MAC address. LTM responds to ARP requests and sends gratuitous ARP requests

Things to check when troubleshooting VS connectivity

1) DNS
2) Network connectivity
3) Virtual server configuration (right address/ right listen port)
4) Destination URL the clients are using
5) Right profiles eg HTTP and not HTTPS

What are examples of VS resources

POols, iRules and persistence profiles

Easy way to see if a VS is unavailable due to lack of resources

LTM -> Network Map

What will a virtual server with an unknown status due with traffic?

Take in traffic and send on to the resources even if they are not online.

Difference between a disabled pool member and pool member marked down by a monitor

Disabled pool member continues to process persistent and active connections

What is the pool member status icon for available and processing

Green circle

What is the pool member status icon for no pool members available but could become available later such as when the concurrent connections to the pool member in question no longer exceeds connection limit

Yellow Triangle

What is the pool member status icon for all pool members unavailable such as EAV monitor has detcted that the pool member is unavailable

Red Diamond

What is the pool member status icon for status of at least one pool member = unknown.

Blue Square

Some reasons why a pool member status might be unknown

1) One or more pool members has no associated monitor
2) Monitor results not yet available

3) Pool member's IP address not configured
4) Parent node has been disconnected

What monitor types are not available for association with pools

Monitors specifically designed to monitor nodes, that is monitors going to an IP address only and not an IPaddress and port.

What specific monitors are unavailable for monitoring pools

2) TCP Echo
3) Real Server
5) SNMP DCA Base
6) WMI

What happens when you associate a health monitor with an entire pool instead of individual server

LTM automatically associates that monitor with all pool members and pool members you add later

You can associate multiple monitors with the same pool. For example

HTTP and HTTPS monitors

Describe flexibility of monitoring

You can monitor multiple processes on the same server and port by associating that server with multiple pools.

You can exclude servers when monitoring an entire pool and associate a different monitor. EG http for some and HTTPs for others.

What does a green circle mean for pool member monitors

Set to enabled
Parent node is up
Monitor has marked pool member as up

What does a yellow triangle mean for pool member monitors

Pool member is unavailable but could become availabile later

What does a red diamond mean for pool member monitors

Unavailable because parent node is down, a monitor has marked it as down or a user has disabled the pool member.

What does a black circle mean for pool member monitors

Pool member is set to disabled although a monitor has marked it up. The parent node could also be down. Must enable manually.

What does a black diamond mean for pool member monitors

Set to disabled and is offline because parent node is down or a user disabled or a monitor marked as down.

What does a blue square mean for pool member monitors

Pool member or node has no monitor associated with it.

List the ratio-based load balancing methods

Ratio (node, member and sessions)
Dynamic Ratio (Node and member)
Ratio Least Connections (node and member)

Difference between connection limit and connection rate limit

Connection limit = max concurrent connections
Connection rate limit = max number of new connections per second

Point of Persistence

Ensure client requests are directed to the same pool member through the life of the session or subsequent sessions as required by an app

What can session persistence track

Session data such as the specific pool member
User prefs

User /password

Define Cookie Persistence

Uses an HTTP cookie to allow the client to reconnect to the same server

Destination address affinity

AKA Sticky Persistence, supports TCP and UDP protocols and directs session to the same server based on dest IP

Hash persistence

Create a persistence hash based on an existing iRule

MSRDP Persistence

Maintains persistence specifically for RDP

SIP Persistence

Type of persistence to receive SIP messages sent through UDP, SCTP or TCP

Source Address Affinity Persistence

AKA Simple Persistence, supports TCP and UDP directs based on source IP of the packet

SSL Persistence

Tracks non terminated SSL sessions using SSL session ID. Maintained even when client IP address changes.

Universal Persistence

An expression you write that defines what to persist on in a packet.

What is required for fallback persistence

An IP address based persistence type

What's an easy way to see if the client is connecting to the same server resources for validating persistence

Watermarks on the application pages. If no watermark then
tmsh show sys conn cs-client-addr "client IP"

Where to find source address persistence methods for troubleshooting

GUI: Statistics -> Module Statistics -> Local Traffic and select Persistence Records from statistics Type.

tmsh show /ltm persistence persist-records

How to start EUD

Boot off of CD, USB or select EUD option from boot menu

How do you exit EUD

Use option 21. DO NOT REBOOT

Where is EUD report stored

eud.log is in /shared/log

Describe the LCD screen

Info menu: Find info about LCD and its function
Sys Menu: Reboot/netboot/halt set mgmt port and serial port
Screens: Setup info screens for LCD to cycle thru
Options: Set properties of the LCD panel

How to configure LED alarms

/etc/alertd/alert.conf. lcdwarn function defines which alerts will modify alarm LED indicator

LED alarm logs are stored where


Describe LED buttons

X for menu
Arrows to move
Check for ok

What are the log message categories for syslog local logging

System Messages
Packet Filter Messages
Local Traffic Messages
Global Traffic Messages
Audit/Sys Config messages

How do you syslog irules

Define the local facility

Where are packet filter events stored


What is required for a stateful failover environment

Pair configured to mirror current connection table, persistence records and SNAT table.

What's one way f5 deals with congestion

TCP profile has Nagles algorithm setting which reduces congestion by aggregating smaller TCP packets into larger ones.

How to view Performance statistics in conf util

Stastics -> Performance

Port lockdown: allow default

Allows OSPF, iquery (tcp/udp 4353), 443, SNMP (161 UDP/TCP), ssh, tcp/udp dns, RIP and network failover (udp 1026). tmsh list net self-allow for a list

Port lockdown: allow none

everything except ICMP and if in a redundant pair ports that are listed as exceptions are always allowed. ICMP is always allowed, even in custom

Default value for packet filter VLAN setting

All Vlans

What is the goal of PAM

To separate an application, such as BIGIP from its underlying authentication technology

How does BIgip normally route remote auth traffic

Through TMM (Traffic Management MicroKernel) switch interface, that is the interface associated with a vlan and self-ip rather than through mgmt interface.

What happens if TMM service is stopped with regards to authentication

Remote authentication is not available

How do you configure and manage auth profiles

Conf Utility > Main -> Local Traffic -> Authentication

What are the Bigip Authentication modules

LDAP, Radius, TACACS+, SSL Client cert LDAP, OCSP, CRLDP, Kerberos.

When opening a case with f5 support what details are required for the description

1) Symptoms
2) Time issue first occured
3) Number of times has recurred
4) Any error output
5) Steps to reproduce
6) Changes made prior to issue
7) Steps made to resolve

When opening a case with f5 what is the definition of a 'site down' impact

All network traffic has ceased, critical business impact

When opening a case with f5 what is the definition of a 'site at risk' impact

Primary unit has failed leaving no redundancy. Site is at risk of going down.

When opening a case with f5 what is the definition of a 'Performance degrated' impact

Partially functioning network traffic causing some applications to be unreachable

What is required when opening a case:

1) Description of symptoms/issue
2) Description of site impact
3) Hours/contacts
4) Remote access info
5) Collect qkview/logs

How much log info does qkview collect

5 MB

Example of creating a tarball of logs

tar -czpf /var/log/*

What are some info you can provide when opening a case

packet capture
UCS archive
Core files

Severity 1 case

1 hour response. Critical business activities down. Device(s) not powering up and/or not passing traffic.

Severity 2 case

1 hour response. Software or hardware conditions preventing or significantly impairing high-level commerce or business activities.

Severity 3 case

4 hour business response. Degrade service or functionality in normal busines or commerce activities.

Severity 4 case

24 hour response. Questions such as how-to, non-critical troubleshooing, requests for enhancements

Difference between quantitative and qualitative

Quantitative observation = Observations that can be precisely measure, eg 20 extra seconds per connection.

Qualitative observation = Characteristics of what is being observed, eg it is taking longer to connect

Network Map shows:

Virtual Servers
Pool Members

Network map icons

Green circle = enabled and available
Yellow Triangle = Enabled but currently unavailable
Red Diamond = Offline because they were marked unavailable
Blue square = Unknown

Difference between a node and a pool member

Node has an IP
Pool member has IP and service port

What does the analytics module require for monitoring

The analytics (AVR) module requires an Analytics profile for each application you want to monitor.

How many analytics profiles can a VS have associated?


What can you customize in analytics profiles

1) What statistics to collect
2) Where to collect data (local or remote or both)
3) Whether to capture the traffic itself
4) Whether to send notifications

Syntax for saving ucs

tmsh save /sys ucs

No path it will look in /var/local/ucs

Command to verify that the new or replaced SSH keys from UCS are synchronized

keyswap.sh sccp

Load UCS w/o license

load /sys ucs no-license

List tasks that can be automated by the Enterprise Manager

Cert Management
Software Updates
Node Management
Policy Control

Default number of rotating UCS archives EM will create


What is a pinned archive?

A UCS archive of a device at a certain place in time

Example of EM sub-task

After installing a new version as a regular task the subtask might be to reboot.

Where are custom EM events applied

To individual devices or a device group

What happens when you setup a daily rotating archive schedule in EM?

EM creates a UCS archive on each day that the managed device configuration changes.

What can EM do with SSL certificates

Monitor expiration status of all the certificates on the managed device. View status of both traffic and system certificates.

Difference between EM system and traffic certs

System = web certs that allow clients to login to conf util
Traffic = Server certs that a managed device uses in its traffic management tasks

EM Certificate status flags

Red = Cert expired.
Yellow = Expire in 30 days or less.
Green = Valid and good for 30+ days

What does the cpcfg command do

Allows you to copy a configuration from a specified source boot location to a specified target boot location.

What reasons might cpcfg fail

if you run cpcfg and the target boot location is an earlier version that the source or is the active boot location

List possible issues with upgrades

known issues with release
irule compatibility with new version
failure to migrate old configurations forward

"What is the qkview utility?"
"An executable program that generates machine–readable (XML_ diagnostic data from the BIG–IP or Enterprise Manager System.

This automatically generates 5 mb of log files and includes them with qkview in a tar output"
"What are core files?"
"Core files contain the contents of the system memory at the time a crash occurred."
"Where are core files located?"
"/var/savecore directory (9.0 – 9.2.5)
/var/core (9.3 and later)"
"What is the network summary?"
"WebUi utility that shows a summary of local traffic objects, as well as a visual map of the virtual servers, pool, and pool members on the BIG–IP system"
"If you configure a pool, but no VS references that pool, will it show in the network map?"
"What is the network map?"
"A webUI map that presents a visaul hierarchy of the names and status of virtual servers, pools, pool members, nodes, and iRules defined on the system.

Tries to show all objects in context, starting with the virtual server at the top."
"What is a virtual server?"
"A traffic management object on the BIG–IP system that is represented by an IP address and a service."
"To summarize, a virtual server can do the following:"
"1. Distribute client requests across multiple servers to balance server load
2. Apply various behavioral settings to a specific type of traffic
3. Enable persistence for a specific type of traffic
4. Direct traffic according to user–written iRules"
"What is a pool?"
"A load balancing pool is a logical set of devices, such as web servers, that you group together to receive and process traffic."
"What is a pool members?"
"A logical object that represents a physical node (server), on the network."
"What is a node?"
"A logical object on the BIG–IP LTM system that identifies the IP address of a physical resource on the network."
"What is the difference between a node and a pool member?"
"A node is designated by the devices IP address only (, while designation of a pool member includes an IP address and a server ("
"What is the difference between health monitors of a node and of a pool members?"
"A health monitor for a pool member reports the status of a service running on the device, whereas a health monitor associated with a node reports the status of the device itself."
"What is the main Dashaboard screen and what does it display?"
"The main Dashboard screen is of the system overview. This screen displays a graphical representation of CPU and Memory utiliation, Connections and Throughput of the system."
"What is Analytics?"
"Analytics is a module on the BIG–IP system that lets you analyze performance of web applications."
"What is Analytics also refered to as?"
"Application Visibility and Reporting"
"What are some things that Analytics shows?"
"– Transactions per second
– Server and Client Latency
– Request and Response throughput
– Sessions"
"What all can you view metrics for with Analytics?"
"– Applications
– Virtual Servers
– Pool Members
– URLs
– Specific Countries
– Application Traffic"
"What is an Analytics profile?"
"A set of definitions that determine the circumstances under which the system gathers, logs, notifies, and graphically displays information regarding traffic to an application"
"In the Analytics profile, you customize what? (4)"
"1. What statistics to collect
2. Where to collect data (locally, remotely, both)
3. Whether to capture traffic itself
4. Whether to send notifications"
"What ways can you restoring configuration data? (4)"
"1. Configuration Utility
2. CLI using tmsh
3. On replacement RMA
4. Running later software version"
"How to restart the system in the configuration utility?"
"System –> Configuration –> Reboot"
"When is the UCS archive actually restored when done on the same device it was taken?"
"After a reboot of the device"
"What is an alternative way to reactivate the BIG–IP system after a UCS restore done on a different device?"
"Replace the /config/bigip.license file with the original file.

If you don't you simply re–license the system."
"According to the Study Guide, when should to create a UCS?"
"Prior to the change and after the change for both active and stand–by systems"
"What does the EM compare when it created a rotating archive?"
"It compares the most recently stored UCS archive file to the current configuration on the device at the specified interval. If there are any difference, EM stores a copy of the current configuration. If there are not, it does not store an additional copy (Read: extra space)"
"By default, the EM stores up to how many rotating archives?"
"Up to 10 rotating archives each, for itself and every managed device."
"What is a pinning archive?"
"EM created an archive of a specific UCS for a device. Pinned archives are stored until you delete them"
"Path to create a scheduled archive on the EM?"
"Enterprise Management –> Tasks –> Schedules –> Archive Collection –> Create"
"Where will you a see a task failure on the EM?"
"In the 'Task List'"
"What happens when you set a node or pool to Disabled?"
"The node or pool member continues to process persistent and active connections. It can accept new connections only if the connections belong to an existing persistence session."
"What happens when you set a node or pool to Forced Offline?"
"The node or pool members allows existing connections to time out, but no new connections are allowed."
"What is an example case for disabling a member?"
"If the administrator needs to make changes, such as configuration maintenance to a server, that is the resource of a pool, but wants to gracefully allow users to finish what they are doing."
"What is an example case for forcing down a member?"
"If the administrator needs to take a resource out of a pool immediately due to a critical misconfiguration or system error that is impacting business."
"If a virtual server is using persistence and the administrator sets the pool to 'Disabled,' what will happen?"
"The persistence record will be honored until it expires. Thus the administrator could disable a pool member and that member can still receive new connection from the existing persisted clients."
"If a virtual server is using persistence and the administrator sets the pool to 'Forced Offline,' what will happen?"
"The virtual service will not allow any new connections to the pool member even if persistence is configured on the virtual server."
"What can an administrator do if he needs to stop all connections immediately from a pool resource without any completion of the current connection?"
"Remove the pool member from the pool will kill all connections immediately. This is not recommended for day–to–day maintenance but is an option for emergencies."
"What is Port–Lockdown?"
"A BIG–IP security feature that allows you to specify particular protocols and services from which the self–IP address defined on the BIG–IP system can accept traffic."
"What are the Port–Lockdown settings?"
"– Allow Default
– Allow All
– Allow Custom
– Allow None
–Allow Customer (Include Default)"
"Port–Lockdown Allow Default port are?"
– TCP 4353 iQuery
– UDP 4353 iQuer
– 443 HTTPS
– TCP 161 SNMP
– UDP 161 SNMP
– 22 SSH
– TCP 53 DNS
– UDP 53 DNS
– 520 RIP
– 1026 Network Failover"
"What is the default Port–Lockdown setting?"
"Version 10.x – Allow default
Version 11.x – None"
"Command to modify Port–Lockdown settings from tmsh?"
"modify /net self allow–server"
"What are Packet Filters?"
"Packet filters enforce an access policy on incoming traffic. They apply to incoming traffic only. The primary purpose of a packet filter rule is to define the criteria that you want the BIG–IP system to use when filtering packets."
"Example criteria that you can specify in a packet filter are?"
"– Source IP
– Destination IP
– Destination port"
"What are the possible values for the order of packet filters?"
"– First
– Last
– After"
"What are the possible Packet Filter Actions?"
"– Accept
– Reject (sends rejection packet)
– Continue (acknowledge packet for logging or statistical purposed)"
"What is PAM technology?"
"PAM (Pluggable Authentication Module) allows you to choose from a number of different authentication and authorization schemes to use to authenticate or authorize network traffic."
"What are the BIG–IP Authentication Modules?"
– SSL client Certificate LDAP
– Online Certificate Status Protocol
– Certificate Revocation List Distribution Point
– Kerberos Delegation"
"Steps to configure DNS in Configuration Utility"
"System –> Configuration _> Device –> DNS –> DNS Lookup Server List"