F5 Questions

 

1.Difference between least connection and fastest connection

they both look the same. the server who process request fast will also be the one with least connection, so how to differentiate between them.

Least connection doesn;t take into account the layer 7 request?

 

Ans:

Fastest is based on fewest outstanding L7 request - this is equivalent to HTTP_REQUEST (one way) only. Thats 1 count!

If the Server respond with HTTP_RESPONSE it will decrement to 0 because its not an outstanding request anymore. Its now a connection

 

Least Connection - based on few connection,  L7 - based on L7 request. Connections and request are two different things. It will only be considered a connection if Server has responded to the request.

 

For Least Connections - I used SSH application as the best example to test, because they are long lived applications. HTTP or Web based applications have connection but it tears down immediately.

 

Summary:

Least Connection is based on fewest number of CONNECTION which is a complete transaction between Cient-Server

Fastest is based on fewest OUTSTANDING L7 REQUEST which is half/one-way client-server transaction.

 

Note: No one uses Fastest because not too many people understand the concept :)

==== =====================   ===================   ======================  

 

2. Regarding Upgrade Topic

Do we any application which we can use to verify the configuration after upgrade like checksum or hash file which can tell us that older config and config after the upgrade is matching?

After the upgrade a few iRule may not work as expected, is it happen because with upgrade few syntaxes get change for iRules?

This query may sound stupid but got confused with HD concept as you said we need to upload a new image in new volume is it due to space constrain in the virtual environment or in regular envrioment also need to pick different volume for new image ?

 

Ans:- Based from experience and research there is no such tool.

Yes, iRule may not work after upgrade and I experienced this before. I opened a Case and we converted some iRule to a Local Traffic Policy and it went well.

 

The volume concept is more for segregation of software image and this is mandatory for both physical and virtual environments. Yes, you need to pick different volume per new image. You Activate software per volume. In the example below, you choose which volume to load the image upon boot up. Currently its using v13.1 but if you want to upgrade to v15.0, you would activate HD 1.3

 

HD 1.1 - v13.1 (ACTIVE)

HD 1.2 - v14.1

HD 1.3 - v15.0

 

===  ==================  ==================   =======

 

 

F5 questions

 1.You noticed that a specific client application request is only connecting only to the 1st Server.What may cause this issue?

1.Load Balancing is disabled

2.Persistence is enabled.

3.All pool members are offline

4.All nodes are offline

Ans:2 (Persistence is enabled)

================================================

2.What is the client on a server Side Connection in a FUll Proxy Architecture?

1.Client

2.Server

3.Application Delivery Controller

4.Virtual Server

Ans: 3(Application Delivery Controller)

===================================================

3.Which module do you configure and enable Device Service Cluster(DSC)

1.Local Traffic

2.Network

3.System

4.Device Management

Ans: 4(Device Management)

===============================================================

4.What feature of F5 BIG-IP enables data encryption on the client side and forwards un-encrypted data to server?

1.Compression

2.SSL Termination

3.Server Side SSL

4.Persistence

Ans:2(SSL Termination)

===========================================================

5.New SSL/TLS Certificates are already installed in your F5 BIG-IP.Where do associate this new certificates?

1.Virtual Server

2.HTTP Profile

3.Persistence Profile

4.Client SSL Profile

Ans:4(Client SSL Profile)

We didn't talk about much of the Client SSL Profile configuration because we used the system-defined Client SSL Profile but when you create a custom one. You can associate certificates under custom Certification Key Chain.

============================================================

6.What is a scrpting tool that executes against network traffic passing through an F% appliance.It is commonly use to customize configuration and manipulate network traffic?

1.iHealth

2.iRule

3.iControl

4.iScript

Ans:2(iRule)

===================================================

7.You are trying to associate Cookie persistence from Virtual Server configuration but its giving you an error.What is the possible issue?

1.Cookie persistence configuration is set to Selective

2.Cookie peristence only works in a virtual server listening to port 80

3.cookie persistence requires HTTP profile

4.This is common when using the system-defined cookie persistence.it is required to create a custom one.

Ans:3 (cookie persistence requires HTTP profile)

==============================================================================

8.what makes a Active/Active BIG=IP Pair?

1.Multiple BIG-IP and Multiple Virtual Servers

2.Multiple BIG-IP and Multiple Traffic Groups

3.Multiple BIG-IP and Multiple Virtual Addresses.

4.Multiple BIG-IP and Multiple Floating IP Addresses

Ans:2 (Multiple BIG-IP and Multiple Traffic Groups)

==========================================================

9.Where do you enable Load Balancing?

1.Pool Configuration

2.Virtual Server Configuration

3.Health Server Configuration

4.Pool Member Configuration

Ans: 1 (Pool Configuration)

=====================================================

10.You noticed that a single pool member is getting way more connection count than the other pool members.What may cause this issue?

1.Round Robin Load Balancing is configured

2.Ratio Load Balancing is configured

3.Least Connection Load Balancing is Configured

4.Predictive Load Balancing is configured

Ans: 2(Ratio Load Balancing is configured)

=======================================================================

11.You recently made configuration changes to the 1st device running in a Active/Standby BIG-IP pair.What should do next?

1.Copy the 1st device configuration to the group

2.Copy the group configuration to the 1st device

3.Copy the 2nd device configuration to the group.

4.Copy the group configuration to the 2nd device

Ans:1 (Copy the 1st device configuration to the group)

=========================================================================

12.What type of proxy acts as a single point of access and used to communicate to internet websites on behalf of the client?

1.Full proxy

2.Reverse Proxy

3.Forwarding Proxy

4.Super proxy

Ans:3 (Forwarding)

================================================

13.The pool and pool members are are all Unknown (Bluck Squar). What causes this status?

1.Health Monitor is not enabled on Nodes

2.Pool Members are unreachable

3.Health Monitor is not enabled on a single Pool Member

4.Health Monitors is not enabled on the Pool

Ans:4 (Health Monitors is not enabled on the Pool)

F5 Questions

 1.Which part of F5 configuration Utility/GUI where you verify status of application objects such as Virtual Servers,Pools,and Members?

1.Statistical Page

2.iHealth

3.Network Map

4.Virtual Servers

Ans:3 (Network Map)

====================================

2.Which one of the follow is correct?

1.Pool is offline is when two pool members are offline and one pool memeber is available

2.Pool is offline is when two pool members are offline and one pool member is unknown.

3.Pool is available is when two pool members are offline and one pool member is available.

4.Pool is offline is when two pool members are offline and one pool member is unknown.

Ans: 3

==============================================

3.What file is needed to collects configuration and diagnostic information from BIG-IP system?

1.bigip_conf

2.bigip_base.conf

3.qkview

4.i-health

Ans: 3 (qkview)

===================================================

4.What is the correct TMSH command use to enable interface and associate a tag ID 500?

1.Create /net vlan DMZ interfaces add { 1.3 { tagged } } tag 500

2.set /net vlan DMZ interfaces add { 1.3 { tagged 500 } }

3.add /net vlan DMZ interfaces create ( 1.3 { tagged } } tag 500

4.add /net vlan DMZ interfaces add { 1.3 [ tagged 500 ] }

Ans:1 

=============================================================

5.What is the TMSH command is used for displaying BIG-IP configuration

1.list

2.show

3.view

4.display

Ans:1(list)

=================================================================

6.What is the correct command is used when displaying BIG-IP local traffic log messages

1.show /var/log/ltm

2.cat/var/log/ltm

3.tmsh cat/var/log/ltm

4.tmsh show/log/ltm

5.tmsh cat/log/ltm

Ans:2(cat/var/log/ltm)

============================================

7.You are experiencing issues in BIG-IP device and later found out that is a cause by a bug thta exist in the software version that you are currently running.what is the simple way to resolve the issue?

1.Platform Upgrade

2.Software Upgrade

3.Enable Device Service Clustering

4.Enable iHealth

Ans: 2 (Software Upgrade)

=========================================================

8.You have a newly deployed F5 BIG-IP and reported that employees are unable to access the application thru virtual server IP address despite the application objects are available(green circle).You found out that the Application Server's default Gateway is not F5 BIG-IP Self IP Address but the router.What do you need to enable to resolve the issue?

1.Floating IP address

2.SNAT

3.NAT

4.Routing feature

Ans:2 (SNAT)

=====================================================================

9.You noticed that application request from clients is only connecting to only 1 out of 4 Servers.What may cause this issue?

1.All pool members are offline

2.All pool members are offline

3.One pool member is unknown and others are offline

4.One pool member is disabled and other are offline

Ans: 3 (One pool member is disabled and other are offline)

=======================================================================

10.Where do you verify the status and traffic distributed to Pool Members?

1.Pool Load Balancing Configuration

2.Virtual Server Load Balancing Configuration

3.Statistics Page

4.Network MAP

Ans:3(Statistics Page)

BIG-IP Questions

 1.Where do you enable MAC Masquerading?

1.Virtual Server

2.Self IP

3.Virtual Address

4.Traffic-Group

Ans:4(Traffic-Group)

===================================

2.What command line utility that allows you to capture and analyze network traffic going through system?

1.dig

2.tcpdump

3.analyzer

4.df

ans:2 (tcpdump)

======================================================

3.What is HTTP code 401?

1.Unauthorized

2.Bad Request

3.Not Found

4.Forbidden

Ans:-1 (Unauthorized)

========================================================

4.You need to configure a L2 switch interface to support multiple VLAN sending to another L2 interface.What do you need to enable?

1.Trunk

2.LACP

3.Tagging

4.802.1X

Ans:3 (Tagging)

================================================================

5.During BIG-IP Fail-over,the new active device sends IP-MAC mapping update to the connected switch.This message is called?

1.MAC Masquerade

2.ARP

3.Gratuitous ARP

4.Proxy ARP

Ans:3 (Gratuitous ARP)

================================================================

6.Which Commands performs DNS lookup and translates name to IP?

1.PIng

2.traceroute

3.lookup

4.dig

Ans: 4 (dig)

===========================================================

7.What causes network collison?

1.Speed mismatch

2.Half-duplex

3.Invalid interfcae media

4.VLAN related configuration

Ans:2 (Half-duplex)

===============================================================

8.What BIG-IP feature optimizes web request by reusing HTTP contents stored in BIG-IP system's memory to reduce traffic load on the web servers?

1.Compress

2.Persistence

3.HTTP Profile

4.Caching

Ans: 4 (Caching)

=========================================

9.What command line utility that allows you to display the amount of available disk space for file systems?

1.dm

2.dig

3.dp

4.df

Ans: 4(df)

===========================================================

10.Which feature of BIG-IP we can enable to optimize the flow of traffic during failover events?

1.Device Trust

2.MAC Masquerading

3.Enable Active/Active by creating multiple Traffic Groups

4.Enable Active/Active by creating multiple Virtual Addresses

Ans:2 (MAC Masquerading)