Wednesday, 23 October 2019

Introduction to PROFILES in F5?



--> Profiles are the collection of settings that define traffic behavior or traffic policy applied on a virtual server.

--> In simple terms, a profile is an object in BIG IP LTM that controls the behavior of a particular type of network traffic such as HTTP.

--> By using profiles in F5 LTM, we can perform following tasks,

1) Change the traffic behavior of some types of network traffic.

2) Improves performance and throughput in the network.

3) We can implement persistence and SSL offloading by using profiles.

4) Implement Authentication on Virtual Server.

--> It is possible to apply multiple profiles to the single virtual server.

--> By default, BIG IP LTM comes with some set of profiles which we can apply to virtual servers.

--> This profiles are called default profiles.

--> It is also possible to create custom profiles in BIG IP LTM.

--> A profile can be associated to a virtual server at the time of the creation of virtual server or later on.


1) Protocol Profile:

--> This is the default Profile.

--> Each and every Virtual Server need to configured with Protocol Profile.

--> Protocol Profile defines connection timeouts and other parameters.

--> Once you select Protocol Profile, F5 BIG IP System automatically assigns client side and server side protocol based upon the protocol profile chosen.

EX: TCP, UDP, TCP LAN Optimized, TCP Mobile Optimized, TCP WAN Optimized, Fast L4, FAST HTTP

2) Application Profile

--> Application Profile defines how to manipulate traffic at Application Layer.

--> For example if you want to manipulate HTTP traffic or enable compression you need HTTP Profile to be configured on Virtual Server.

Ex: HTTP,HTTPS,FTP,DNS,SIP,RADIUS,DIAMETER

3) SSL Profile

--> SSL Profile is used to decrypt/encrypt SSL traffic on the Virtual Server.

--> SSL Profile can be of two types: 

1) Client SSL Profile: Used to decrypt/encrypt client side traffic

2) Server SSL Profile: Used to decrypt/encrypt Server Side traffic.

4) Persistence Profile:

--> Persistence Profile is used to redirect the client traffic to the same pool member during the session.

--> Persistence Profile can be of following types:

1) Source Address

2) Cookie

3) SSL

4) Hash

5) Microsoft RDP

6) Destination Address

7) SIP

8) Universal

9) SPDY

10) RTSP

11) XML

5) Authentication Profiles

--> Authentication Profile is used to authenticate client/server traffic on Virtual Server.

--> Authentication Profile can be of following types:

1)LDAP

2) RADIUS

3) TACACS

4) KERBEROS

5) LDAPS

6) OCSP

7) XMP

6) OneConnect Profile:

--> OneConnect Profile provides faster performance by reusing server-side connections.

7) Analytic Profile

--> Analytic Profile is used to collect statistical information related to the virtual server.


--> Each and every profile working on a given layer of the OSI model is dependent upon the lower layers.

--> In simple terms, if a profile is working on Application layer is dependent on the transport layer.

--> Every virtual server have a layer 4 profile assigned to it.

--> Profiles working on same OSI Layer cannot be assigned to one Virtual Server.

--> It is not possible to apply both TCP and UDP profiles to a virtual server as well as FTP and HTTP profile also.

--> All the default profiles are stored in config/profiles.base.conf file in F5 LTM and it is not recommended to delete the file.

--> Each and every custom profile created on F5 LTM must be associated with Parent Profile.

--> The Parent Profile can be a custom profile or default profile.

--> Whatever the changes you make on parent profile automatically inherited to child profile.

--> If you want to delete any custom profile make sure that it is not a parent profile to any child profile.


No comments:

Post a Comment

iRule

  iRule: -- o iRule is a powerful and flexible feature within the BIG-IP local traffic management (LTM). o IRule is a powerful & flexibl...