Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
106 Cards in this Set
- Front
- Back
|
What is a Standard Virtual Server |
It directs client traffic to load balancing pool and is most basic type and is general purpose. |
|
|
What is a Forwarding Layer 2 Virtual Server |
It typically shares the same IP as a node in an associated VLAN. It is used with a VLAN group. |
|
|
What is a Forwarding IP Virtual Server |
It forwards packets directly to the destination based on the routing table and has no pool members. |
|
|
What is a Performance Layer 4 Virtual Server |
It has a FastL4 profile and increases speed of processing. |
|
|
How does Persistence Match Across Services work |
It matches a persistence record as a valid destination based on the IP address of the node of the pool member. Good for persistence from HTTP to HTTPS. |
|
|
How does Persistence Match Across Virtual Servers work |
It allows persistence record match regardless of the virtual server IP and port to the same pool member node IP. |
|
|
How does Persistence Match across Pools work |
It will use any pool which has a persistence record which matches the same client source IP. |
|
|
What is a FastL4 Profile |
It makes load balancing based on socket (IP and port) information only. No OneConnect. |
|
|
What is a FastHTTP Profile |
Faster than HTTP+TCP and requires SNAT. Includes some OneConnect features. No compression or IPv6. |
|
|
What is a performance HTTP Virtual Server |
It has a FastHTTP profile and increases speed of HTTP processing compared to a Standard Virtual Server with HTTP+TCP profiles. |
|
|
What is a Stateless Virtual Server |
It improves UDP performance in some circumstances. |
|
|
What is a Reject Virtual Server |
It discards all traffic which matches the Virtual Server. |
|
|
What is a DHCP Relay Virtual Server |
It forwards DHCP requests for an IP to a pool of DHCP servers and returns the response to the requesting client. |
|
|
What is TCP Express |
This is when a Virtual Server has a TCP WAN profile on the client side and a TCP LAN profile on the server side. |
|
|
What are two ways to have a Virtual Server listen for multiple ports on the same IP |
1. Have multiple Virtual Servers, one for each port. 2. Have a Virtual Server with a wildcard port and an iRule discarding any traffic coming to undesired ports. |
|
|
What is a Packet Filter |
It is an ACL ingress rule and you can create global Packet Filters which apply to all Packet Filter rules. |
|
|
What is the general virtual server matching order for new connections |
1. Virtual Server with the closest subnet match (longest) 2. Matched Virtual Server with same port 3. Wildcard port Virtual Server on IP used if present and no port match 4. Wildcard Virtual Server used if present |
|
|
What are the 6 Virtual Server matching order values |
1. Address:port 2. Address:* 3. Network:port 4. Network:* 5. *:port 6. *:* |
|
|
What is the difference between static and dynamic load balancing |
Static load balancing uses a metric calculated by the BIG-IP independent of the load of the pool members. Dynamic load balancing uses the pool member load as a weight, based on queries to the pool member. |
|
|
How does Outbound load balancing work |
The pool members are the outbound routers and the Virtual Server is either wildcard or matches the external destination. The clients are the internal resources. |
|
|
What is Cache Array Routing Protocol (CARP) |
It is stateless and is used for load balancing HTTP requests by hashing the URI and distributing evenly between pool members. This is similar to hashing done in LACP for trunk members. This does not utilize the persistence table in the BIG-IP. |
|
|
How does CMP affect load balancing |
Load balancing is performed per TMM rather than per BIG-IP so load balancing may appear uneven. |
|
|
What does the OneConnect profile do |
It increases throughput by efficiently managing server-side connections. Ingress IPs are matched against Mask and then server-side connection is reused if match and available. Also allows per higher level protocol load balancing rather than per TCP connection. |
|
|
Can Access Controls be applied to the MGMT interface |
No, only to TMM interfaces |
|
|
What traffic should use the MGMT interface |
Trusted administrative traffic only |
|
|
What are three ways to perform a Clean Install |
1. USB DVD Drive 2. USB Thumb Drive 3. Network |
|
|
What are the four ways to change the Management IP address |
1. Configuration Utility 2. tmsh config 3. tmsh modify 4. LCD Panel |
|
|
What is AOM and how is it accessed |
It is Always On Management, a management system separate from the main system. It is accessed via console port or SSH on the management IP's subnet if AOM is configured with its own address. It can power on/off the system among other things. |
|
|
Why is the subnet of a Self IP important |
It determines the scope of what networks are routed out that interface. For VLAN groups it would need to represent the address space covering all the VLANs in that group. |
|
|
Which as a lower metric: Management or TMM routes |
TMM routes |
|
|
Will TMMs use management routes |
No, only TMM routes |
|
|
What happens to TMM routes when no TMMs are active |
They are removed from the routing table |
|
|
When are static management routes recommended |
When the destination host/network is not in an adjacent management network. This ensures the packets use the desired route and interface. |
|
|
What are three reasons time should be accurate on the BIG-IP |
1. HA may not work 2. Log timestamps may be inaccurate between network devices 3. SSL Certificate Expiration may not be enforced |
|
|
What happens to all remote administrative users when a user role and/or partition assignment is changed for any remote user account |
All remote users are logged off |
|
|
What object uses MAC Masquerade |
A traffic group. This means there can be multiple MAC Masquerades if there are multiple traffic groups configured. |
|
|
How does HA Group determine which BIG-IP should be Active |
Each BIG-IP has a score based on values from Pools and/or Trunk member state and whichever has the highest score is Active. |
|
|
How are statistics generated against iRules |
With "timing on" in the iRule before the first clause. |
|
|
When can Global Variables by used in iRules without CMP demotion |
When they are static Global Variables since they never change. Since they are static the TMMs will never cache differing values and then never have to CMP demote to compensate. |
|
|
How is the Session Table used in iRules |
It is a common space shared by all TMMs to store and retrieve values. This provides a location for dynamic Global Variables. |
|
|
How does the RAM Cache help Pool Members |
By caching content frequently requested by clients it reduces the need for the pool member to keep sending that through the BIG-IP as the BIG-IP can provide it directly. |
|
|
What is the system impact of RAM cache |
This increases memory utilization on the BIG-IP |
|
|
What is the system impact of HTTP Compression |
This increases CPU utilization on the BIG-IP |
|
|
What is vCMP Configured state |
The vCMP Guest is not running and no resources are allocated. Similar to an unformatted physical device. |
|
|
What is vCMP Provisioned state |
The vCMP Guest is not running and it has resources allocated. Similar to a powered-off physical device |
|
|
What is vCMP Deployed state |
The vCMP Guest is running and has resources allocated. Similar to a powered-on physical device |
|
|
What is does the FastL4 Profile use to accelerate traffic |
The Packet Velocity Accelerator (PVA) to process traffic. Note that any traffic processed by this (typically post-SYN) is not visible to TCPDump. |
|
|
How do iRules interact with Profiles |
The iRule can use the profile command to get values from a specific profile when the event is triggered. |
|
|
What does a Standby send out as it becomes Active for a Traffic Group |
Gratuitous ARPs indicating that the floating Self IPs have new MAC addresses. Traffic Groups with MAC Masquerade on their Self IPs don't have GARPs sent out - that is the whole port of that feature. |
|
|
How does the Streams profile's functionality change with the addition of HTTP profile |
Without the HTTP profile it can manipulate the entire payload sent to client. With the HTTP profile it only manipulates the HTTP payload. |
|
|
What is the idle timeout on the BIG-IP |
It is how long a connection is kept in the connection table without data flow before being marked ready for deletion. |
|
|
Does changing setting in a profile take effect immediately |
The changes only take effect for new connections |
|
|
How does OneConnect work with SNAT |
SNAT is applied to the connection before it is compared to the OneConnect Mask to see if it matches |
|
|
What is OneConnect Transformations |
When the BIG-IP transforms HTTP/1.0 headers on server-side to HTTP/1.1 so that the connection can be kept in Keepalive state |
|
|
What profile should be added to a Virtual Server with a OneConnect profile which is processing HTTP traffic |
A HTTP profile |
|
|
When could OneConnect cause problems |
With Non-HTTP traffic or TCP traffic without clear start/stop to its flow. |
|
|
By default does the LTM load balance by TCP connection or HTTP request |
By TCP |
|
|
What happens to load balancing when a Virtual Server has HTTP and OneConnect profiles |
It can perform Content Switching where it load balances per HTTP request rather than per TCP connection |
|
|
Does OneConnect change load balancing for Virtual Servers with TCP and OneConnect profiles but no HTTP profile |
Yes, it can still perform Content Switching if there is a clear request/response format to the traffic |
|
|
How does Fallback Host in HTTP profile work |
If the pool is down, the HTTP profile causes the Virtual Server to return a HTTP 302 along with the fallback host information |
|
|
What is the HTTP Class profile |
Last used in version 11.3, it allows performing matching and then actions (like rewrite) against different components (classes) of HTTP traffic. Replaced with Local Traffic Policies in 11.4. |
|
|
What is the goal of reducing redundancy in configuration |
It makes things more efficient and easier to understand |
|
|
How is a vCMP guest's initial software partition created |
From an image in the vCMP host's /shared/images/ directory |
|
|
What is a SCF |
Single Configuration File, a list of non-default values which can be loaded to customize a BIG-IP. |
|
|
What is an UCS |
User Configuration Set, an archive containing all the data to restore a BIG-IP including configuration, license, SSL certificates and optionally SSL private keys. |
|
|
What iRule command prints data to log |
The log command. It is very useful for troubleshooting. |
|
|
What are HTTP 1xx codes |
Informational, like request received |
|
|
What are HTTP 2xx codes |
Success, like OK |
|
|
What are HTTP 3xx codes |
Redirection, like page has moved |
|
|
What are HTTP 4xx codes |
Client Error, like Not Authorized |
|
|
What are HTTP 5xx codes |
Server Error, like Failed to Provide Resource. Best practice is to hide these from clients. A proxy like BIG-IP can do that. |
|
|
What are three important HTTP headers |
1. Version: HTTP/1.0, HTTP/1.1 2. Accept-Encoding: gzip, deflate 3. Connection: Keep-Alive, Close |
|
|
Where are Cookies kept in a packet |
In the HTTP header in Cookie headers |
|
|
What decrypts encrypted cookies |
Client browser or the server |
|
|
What are three common HTTP methods |
1. Get 2. Post 3. Put Others are 4. Delete 5. Head |
|
|
What are three differences between HTTP/1.0 and HTTP/1.1 |
1. 1.1 has Options method 2. 1.1 always performs Connection Keepalives 3. 1.1 has better Caching |
|
|
What are the two items needed to decrypt SSL/TLS traffic |
Either the asymmetric private key or the symmetric pre-master shared key. SSLDump can create the pre-master with the private key and a TCPDump as inputs. |
|
|
What are three things AVR can track to assist with troubleshooting |
1. Latency 2. Throughput 3. Reduced transactions per second |
|
|
How do you locate a SSL private key file |
1. Look at Virtual Server to determine SSL profile 2. Look at SSL profile to determine key logical name 3. Look at bigip.conf to determine file path to actual file from the logical name |
|
|
How is HTTP Post data decoded by the BIG-IP |
Via iRule |
|
|
What is HTTP Chunking |
The process of sending a response to a client in chunks rather than waiting until the payload files up before sending to client. |
|
|
What is the default chunking behavior of the HTTP profile |
Selective. This means the BIG-IP only rechunks if it has modified the payload. |
|
|
What is Cookie persistence |
An HTTP cookie is provided to the client and when provided to the BIG-IP is used to associate to a persistence record |
|
|
What is Destination Address Affinity persistence |
Also called Sticky Persistence, it is based off the destination IP address in the client's packet |
|
|
What is Hash persistence |
Persistence records are created based on hash which is determined via an iRule. |
|
|
What is MSRDP persistence |
Microsoft Remote Desktop Protocol. Persistence designed for RDP. |
|
|
What is SIP persistence |
For SIP calls regardless of which transport protocol is used. |
|
|
What is Source Address Affinity persistence |
Also called Simple Persistence, based on the source IP address of the client's packet |
|
|
What is SSL persistence |
Based on the SSL session ID |
|
|
What is Universal Persistence |
Using syntax similar to iRules, something is user-designated to persist against in the packets |
|
|
How is persistence enabled for only some, not all traffic on a Virtual Server |
By using iRules to elect which traffic is persisted and which is not |
|
|
How does the OneConnect profile help persistence |
In the rare circumstance where persistence may not fire, OneConnects parsing ability helps ensure it does. This would usually only happen with session data. |
|
|
What is the TCPDump "-e" flag |
-e prints Ethernet layer (MAC addresses) information to stdout |
|
|
How does PVA affect TCPDump |
Any packets handled by the PVA cannot be captured by a TCPDump on the BIG-IP |
|
|
What is the TCPDump limitation when capturing on an interface instead of VLAN or 0.0 |
200 packets per second |
|
|
How does an Extended Application Monitor indicate success |
An EAV monitor which returns anything to stdout indicates success. Only lack of any response indicates failure. |
|
|
What is an Address Check type monitor |
A monitor which only checks the IP address, for example the IP of a MySQL server. It does not check if the service is running. |
|
|
What is a Service Check type monitor |
One which checks a service, like logging into MySQL. It does not check if the service has good data however. |
|
|
What is a Content Check type monitor |
It checks the data of a service to ensure it is good. For example, logging into MySQL, running a command and verifying the output is expected. |
|
|
What is a Performance type monitor |
Like BIG-IP or SNMP, it gathers performance data of the device rather than state of a specific service. |
|
|
What is an Application Check type monitor |
It checks to see if a service is running. For example, checking the port used by MySQL when that service is running. It does not determine if the service is healthy, just if it is running. |
|
|
What is CMP demotion |
This occurs when an iRule has TMMs create individual copies of a shared variable. To avoid this situation only TMM0 will process the traffic. To prevent this from happening, global variables should be static or be kept in the Session Table. |
|
|
What is a Path Check type monitor |
This checks the path to the node with ICMP echo or similar. |
|
|
How does VLAN Failsafe check for a failure |
When the BIG-IP stops receiving any traffic on the VLAN it sends out ARPs to entries in the VLAN's table, IPv6 Ping and Multicast Probe |
|
|
What is the difference between Device Trust and Device Groups |
Device Trust is trust between devices using SSL/TLS certificates. Device Groups are logical grouping made of devices which trust each other through Device Trust. |
|
|
How does the HTTP profile manipulate traffic from HTTP to HTTPS |
With Rewrite Redirections it can rewrite the redirections to change from HTTP to HTTPS. What exactly triggers the rewrite and the scope are customizable in the Profile. |
