收藏 分销(赏)

F5TMOSV11功能介绍.ppt

上传人:快乐****生活 文档编号:10298570 上传时间:2025-05-19 格式:PPT 页数:61 大小:10.66MB 下载积分:16 金币
下载 相关 举报
F5TMOSV11功能介绍.ppt_第1页
第1页 / 共61页
F5TMOSV11功能介绍.ppt_第2页
第2页 / 共61页


点击查看更多>>
资源描述
,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,F5 Networks,Inc.,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,F5 Networks,Inc.,*,TMOS V11,新功能展示,议程:,iApp,AVR,LTM,功能升级,GTM,功能升级,i,App,V11:iApp,革命,针对特定的应用来优化网络需要花费几个星期。且结果可能不尽如人意,F5,拥有独特的应用部署指南。现在仅需要几天即可,F5,新的,iApp,功能可将部署时间缩短至几小时或几分钟,就像虚拟机一样便利,统一的框架,简化制应用交付服务,以应用为中心和控,制,上下文关联的视角和高级的分析能力,快速可预见的部署,F5 iApp,建立人们与应用进程之间的桥梁,Business,IT,客户体验如何,?,应用使用程度如何,?,我的客户来自哪里,?,最终用户延迟多少,?,哪个应用占用最多的基础设设,?,我的用户来自哪,?,I,F5 iApp:,它是如何工作的,iApp,模板允许业务策略驱动配置和,IT,协作,iApp,驱动了自动化配置和功能划分,可以迅速地作出更改并重新应用,iApps,可在,F5,设备之间移植使快速迁移成为可能,每个服务都是可被重复使用的,BIG-IP V10,管理对象和服务,BIG-IP V11,管理应用服务,BIG-IP V11,管理应用服务,F5 iAPPs:,管理应用服务,.,而不是网络设备或对象,使用一个单一界面,:,了解,F5,应用服务的依存关系,迅速执行操作任务,快速查看整体的应用和健康,状况,查看可用性状态和每个服务对象的类型,快速启用或禁用资源池节点或服务器,从,“,应用的角度,”,看网络,AVR,(Application Visibility Report),应用分析,根据应用和用户分组进行统计,提供,业务智能,ROI,报告,容量规划,故障排除,性能,Creating A New Analytics Profile General Configuration Part 1,Creating A New Analytics Profile General Configuration Part 2,Creating A New Analytics Profile Choosing Statistics Gathering Configuration,Navigation Timing Information,W3C,Summarizing Article,Demo Application,(,for Internet Explorer,),Creating A New Analytics Profile Alerts and Notifications Configuration,Creating A New Analytics Profile Capture Filter Part 1,Creating A New Analytics Profile Capture Filter Part 2,Analytics Statics Overview,Analytics Statics Usage Overview,Analytics Statics Usage Main Metrics,Analytics Statics Usage Views and Filters,Analytics Statics Usage,LTM,功能升级,1,、,TCP Request queuing,Mostly intended for HTTP use but implemented at TCP level for more flexibility,dont drop if connection limit reached,essentially allows bursting,Gives parity with Citrix,Which connection limit?,Pool Member,Node Address,Support for connection limit on Virtuals may be added in a future release.,2,、,TCP Reset Cause,TCP packets with RESET bit set now indicates cause,TCP rfc doesnt state that a packet with RST bit set should be of zero data length(see discussion in rfc1122 4.2.2.12),Some other stacks do the same e.g.HP-UX and MacOS,Added for all TMM filters which could cause a TCP RST,HTTP,stream,FastL4,FastHTTP,etc.,Viewing Reset Cause,Reset cause can be written to TCP packets,disabled by default for security reasons,tmsh#modify sys db tm.rstcause.pkt value enable,Reset cause can be written to/var/log/ltm(disabled by default),tmsh#modify sys db tm.rstcause.log value enable,Show reset cause stats by type in TMSH,tmsh#show net rst-cause,Wireshark Natively Supports Reset Cause,TCP content=Reset cause text,Packet noise,Reset Cause:BIG-IP:0 x11bffa9:269 Internal Error(TMIREQLOG)tmi abort failed),3,、,Last Hop changes,Now possible to apply Auto Lasthop on chosen VLANs and/or Virtuals/NATs/SNATs,leaving default behavior for other traffic,previously only configurable globally,3 settings:enabled,disabled,default,Last Hop changes,4,、,New virtual type:Stateless,Caveats include:,requires default pool configured on the Virtual,No SNAT Automap(SNAT pool only),no iRules,no port translation,UDP only,Create a“stateless”UDP virtual,Configurable via TMUI,create ltm virtual mystateless destination 10.1.1.1:53,stateless,pool dns_servers,Setting stateless via the GUI,5,、,Request Logging Profile,Sends logs directly from TMM to logging server(s),rather than iRule log command(uses host syslog),configured via GUI or TMSH,functionality available in v10.x but only via HSL:iRule commands,HSL:iRules offer greater flexibility but do not cover all of the capability of this profile and the functionality behind it,Request Logging Profile,Implemented as a profile called,Request Logging,Intended for HTTP,but can be used with any character-oriented UDP or TCP protocol,non-HTTP:logging triggers are at connection creation and closure,HTTP:logging occurs after receipt of each HTTP request and serving of headers of each HTTP response,Request Logging Templates,Results in log messages of form:,Wed 04 May 11 10.1.1.1/myuri,Template:$DATE_DY$DATE_DD$DATE_MON$DATE_YY$CLIENT_IP$HTTP_URI,Request Logging Profile:Templates and Tokens,Templates are filled out with one or more tokens,previous screenshot shows 6 tokens used,Tokens supplied in GUI or TMSH using one of the following formats,$TOKEN,$TOKEN,$TOKEN:value-if-not-defined can be used to inject text strings(e.g.to inject“hello world”use$saythis:helloworld),-any string not starting with$is parsed as token none,Request Logging:Template Tokens,TOKEN,DESCRIPTION,BIGIP_BLADE_ID,The chassis slot of the blade that served the request;0 for non-chassis units.,BIGIP_HOSTNAME,The hostname of the BIGIP or chassis as a whole.,BIGIP_CACHED,Cached status:true if the response came from a BIGIP cache;false if it came from the server,CLIENT_IP,An entry for the IP address of a client,for example,192.168.74.164,CLIENT_PORT,An entry for the port of a client,for example,80,SERVER_IP,An entry for the IP address of a server,for example,10.10.0.1,SERVER_PORT,An entry for the port of a server,for example,80,VIRTUAL_IP,An entry for the IP address of the virtual server,for example,10.10.0.1,VIRTUAL_NAME,The name of the virtual server,VIRTUAL_POOL_NAME,The name of the pool containing the responding server,VIRTUAL_PORT,An entry for the port of the virtual server,for example,80,VIRTUAL_SNATPOOL_NAME,The name of the Network Address Translation pool associated with the virtual server,WAM_APPLICATION_NAME,The name of the web accelerator application that processed this request,WAM_X_WA_INFO,A diagnostic string describing how the web accelerator processed the request,Request Logging:Template Tokens,TOKEN,DESCRIPTION,DATE_D,A single-digit entry for the day of the week,ranging from 1 through 7,DATE_DAY,An entry that spells out the name of the day,DATE_DD,A two-digit entry for the day of the month,ranging from 01 through 31,DATE_DY,A three-letter entry for the day,for example,Mon,DATE_HTTP,A date and time entry in an HTTP format,for example,Tue,5 Apr 2011 02:15:31 GMT,DATE_MM,A two-digit month entry,ranging from 01 through 12,DATE_MON,A three-letter abbreviation for a month entry,for example,Apr,DATE_MONTH,An entry that spells out the name of the month,DATE_NCSA,A date and time entry in an NCSA format,ie dd/mm/yy:hh:mm:ss ZONE,DATE_YY,A two-digit year entry,ranging from 00 through 99,DATE_YYYY,A four-digit year entry,Request Logging:Template Tokens,TOKEN,DESCRIPTION,TIME_AMPM,The twelve-hour request-time qualifier:AM or PM,TIME_H12,A twelve-hour time entry for request-time hours,ranging from 1 to 12,TIME_HH12,A twelve hour entry for request-time hours,ranging from 01 to 12,TIME_HMS,A compact H:M:S request-time,TIME_HH24,A twenty-four hour entry for request-time hours,ranging from 00 to 23,TIME_MM,The two-digit request-time minute,ranging from 00 to 59,TIME_MSECS,The request-time milliseconds fraction,TIME_OFFSET,The time-zone offset in hours from GMT,TIME_SS,The two-digit request-time seconds,from 00 to 59,TIME_UNIX,Unix time-number of seconds since the Unix epoch(00:00:00 UTC,January 1st,1970),TIME_USECS,The request-time microseconds fraction,TIME_ZONE,The current Olson database or tz database three-character time-zone,Request Logging:Template Tokens,TOKEN,DESCRIPTION,HTTP_CLASS,The name of the httpclass profile that matched this request;empty if none were associated with this request,HTTP_KEEPALIVE,A flag summarizing the HTTP1.1 keep-alive status for this request:Y if the HTTP1.1 keep-alive header was sent;empty if not,HTTP_METHOD,The HTTP request method,e.g.GET,PUT,HEAD,POST,DELETE,TRACE,or CONNECT,HTTP_PATH,An entry that defines the HTTP path(depends on HTTP_QUERY also being used),HTTP_QUERY,The text following the first?in the URI,HTTP_REQUEST,The complete text of the request,i.e.$HTTP_METHOD$HTTP_URI$HTTP_VERSION,HTTP_STATCODE,The numerical response status code;i.e.the status response code sans the following text,HTTP_STATUS,The complete status response,i.e.the number and any following text,HTTP_URI,An entry for the URI of the request,HTTP_VERSION,An entry that defines the HTTP version,Request Logging:Template Tokens,TOKEN,DESCRIPTION,NCSA_COMBINED,An NCSA Combined formatted log string,i.e.$NCSA_COMMON$Referer$User-agent$Cookie,NCSA_COMMON,An NCSA Common formatted log string,i.e.$CLIENT_IP-$DATE_NCSA$HTTP_REQUEST$HTTP_STATCODE$RESPONSE_SIZE,RESPONSE_MSECS,The elapsed time(in milliseconds)between receiving the request and sending the response,RESPONSE_SIZE,The size of the response in bytes,RESPONSE_USECS,The elapsed time(in microseconds)between receiving the request and sending the response,6,、,HTTP Profile Changes,HTTP profile simplified;focuses on core-HTTP functionality,Compression components moved to,http-compression,profile,Caching components moved to,web-acceleration,profile,Compression and caching profiles requires the http profile,allows WAM to accelerate other protocols in future releases,30 settings moved to dedicated profiles!,GTM,功能升级,Part One:DNS Express,Part Two:GTM CMP(inside TMM),Part Three:IP Anycast(RHI),Why DNS Express?,DNS Attacks=Financial Loss,45,High-speed,high response authoritative,DNS,server,Authoritative DNS serving out of RAM,Configuration size for tens of millions of records,Zone transfer and notify for updates,Scalable DNS Performance,DNS Express in TMOS,DNS Server,Answer,DNS,Query,Manage,DNS,Records,NIC,OS,Admin,Auth,Roles,Dynamic,DNS,DHCP,Answer,DNS,Query,Answer,DNS,Query,Answer,DNS,Query,Answer,DNS,Query,DNS Express,DNS Express Continued,TMOS,DNS Query:,=209.200.200.10,DNS Servers,F5 BIG-IP GTM,Matches WIP or zone definition?,YES,GTM responds with IP address 209.200.200.10,Check DNS Query against,WIP,Matches Zone definition?,ZONE Transfer Request,1,sdfjqsjidfqsoijdfioqsjdfoiqsjfdoijqsfdoijqsdofijqsodifjoqsidjfoqisjdfoiqjsdfoijqsdfoijqsodifjqosidfjqosijdfqoisjdfqoisjdfqsiodfjoqisjdfoiqsjdfoijqsdfjoqjsodfjioqsjdfjoqsjdfjqosidfjoiqsjdfioqjsdfoijqsdfoijqsdfoqsdfsdqfjoqisdfjqisqjdioqjsdoiqqisjdoiqjsdoiqjsdjoqsjdojqosijdoqjsodjqsjodjqjdojqsdjoiqjdsqosijdoiqjdoqijdoiqjdoiqsjdoiqjdoiqjdoisdjoiqsjdoiqjdqjdoiqjdoiqdsjqoidjoj,2,Performance,More cores-larger performance improvements,More CPU-intensive LB modes-larger performance improvements,iRules,Access to LTM iRules commands from GTM iRules(not including session commands),LB engine available for LTM iRules,Use with DNS64 to load-balance to NAT64,GTM CMP Benefits,GTM VE(1 TMM):up to 250k QPS,Scalable GTM Performance,Standalone GTM 1600(2 cores):500k QPS,Standalone GTM 3900(4 cores):1 M QPS,Standalone GTM 11050(12 cores):3 M QPS,GTM Viprion:8 M QPS,Configuration in MCP,Eliminate use of wideip.conf and“gtmparse”,Object level synchronization,No more downtime for configuration synchronization,Can handle very large configurations,Large Configuration Support,What is Anycast Addressing?,Assign same IP address to multiple servers,Dynamically advertise route,Standard L3 packet routing,Improved DNS Reliability,Geographically dispersed servers,Simple network-based failover during network/server outage,Improved Performance,DDoS Attack Resilience,Eases Management,Provides simple preference for close servers,Spreads global load across servers,Attacks tend to originate from distinct geographic regions,Fewer IPs used,Fewer IPs listed in root server,Anycast DNS Services Benefits,Network Topology,Server 1,Router B,Router C,Router D,Client,10.10.1.1,10.10.1.1,Server 2,Router A,Routing Table from Router A:,Destination Mask Next-Hop Distance,192.168.0.0 /29 127.0.0.1 0,10.10.1.1 /32 192.168.0.1 1,10.10.1.1 /32 192.168.0.2 2,192.168.0.1,192.168.0.2,192.168.0.3,Client Near Router“A”,Server 1,Router B,Router C,Router D,Client,10.10.1.1,10.10.1.1,Server 2,Router A,Routing Table from Router A:,Destination Mask Next-Hop Distance,10.10.1.1 /32 192.168.0.1 1,10.10.1.1 /32 192.168.0.2 2,192.168.0.1,192.168.0.2,192.168.0.3,192.168.1.1,Client Near Router“C”,Server 1,Router B,Router C,Router D,Client,10.10.1.1,10.10.1.1,Server 2,Router A,Routing Table from Router C:,Destination Mask Next-Hop Distance,10.10.1.1 /32 192.168.1.1 1,10.10.1.1 /32 192.168.0.3 2,192.168.0.1,192.168.0.2,192.168.1.1,192.168.0.3,Configuring GTM for IP Anycast,License:,Requires Routing Bundle,2.Configure ZebOS,Configuring GTM for IP Anycast Cont.,Configure Route Advertisement:,Enable Route Advertisement on listener,Note:Anycast listener address cannot be a self IP,Configuring GTM for IP Anycast Cont.,BIG-IP,平台产品线,400k L7 RPS,175K L4 CPS,4G L7/L4 TPUT,BIG-IP 3900,600k L7 RPS,220K L4 CPS,6G L7/L4 TPUT,BIG-IP 6900/,6900S,8950S,1.9M L7 RPS,800K L4 CPS,Up to 20G TPUT,BIG-IP 8900/8950/,2.5M L7 RPS,1M L4 CPS,Up to 24G TPUT,BIG-IP 11000,100k L7 RPS,60K L4 CPS,1G L7/L4 TPUT,BIG-IP 1600,135k L7 RPS,115K L4 CPS,2G L7/L4 TPUT,BIG-IP 3600,Application Switch,VIPRION 2400,4M L7 RPS,1.6M L4 CPS,72G/160G-L7/L4 TPUT,6.4M L7 RPS,2.8M L4 CPS,72G L7/L4 TPUT,VIPRION Chassis,Production,1 Gbps,Lab,200 Mbps,Virtual Editions,2.5M L7 RPS,1M L4 CPS,Up to 42G TPUT,BIG-IP 11050,Removed Basic/Advanced listener,Usability Enhancements,Internet,Route,Domain 1,Route,Domain 2,Route,Domain 0,GTM,GTM monitor support of Route Domains,Default certificate is now 10 yrs!,iQuery configuration in the GUI,
展开阅读全文

开通  VIP会员、SVIP会员  优惠大
下载10份以上建议开通VIP会员
下载20份以上建议开通SVIP会员


开通VIP      成为共赢上传

当前位置:首页 > 包罗万象 > 大杂烩

移动网页_全站_页脚广告1

关于我们      便捷服务       自信AI       AI导航        抽奖活动

©2010-2026 宁波自信网络信息技术有限公司  版权所有

客服电话:0574-28810668  投诉电话:18658249818

gongan.png浙公网安备33021202000488号   

icp.png浙ICP备2021020529号-1  |  浙B2-20240490  

关注我们 :微信公众号    抖音    微博    LOFTER 

客服