- Big IP is default deny system, configure listener to permit certain traffic
- port lock down exception, port allowed by default
- UDP 53 (DNS) 161 (SNMP) 520 (RIP)
- TCP 22 (SSH) 53 (DNS) 161 (SNMP traps) 443 (SSL Web) 4303 (iQuery language)
- Traffic policy type
- traffic group local : static ip (non fialover )
- traffic group-1 (default) : regular rule for floating IP (failover ip)
- Full proxy architecture
- It acts like end-point and originator of protocol.
- Connection between client and big ip is independent of server and big ip
- It has its own tcp connection behavior such as buffering, retransmit and tcp option.
- It optimizes every connection uniquely irrespective of destination or originator
- Actively participate in application it delivers
- It act like centralized device offloading time consuming and resource intensive function from application server e.g. ssl encryption, compression, encryption and caching.
- System can be configured to inspect, accept, reject or modify packet based on known attack signature.
The big-IP system
|
|
V
Two function area
1: TMOS : application deliver system
- Real time os
- High performance hardware
- Ssl compression
2: Linux : administration ( GUI / TMSH* / CLI ) * TMOS Shell
Set of independent module run on TMOS
LTM, GTM, AAM, AFM, APM, ASM, CGNAT, PEM
No comments:
Post a Comment