Category Archives: F5

F5 is committed to support candidates

The measures that local governments and businesses have made in response to COVID-19 have in many cases included restrictions to travel. F5 understands that this has greatly affected and limited our candidates’ ability to schedule and attend exam certification appointments.

We understand this global pandemic causes great stress and we don’t want to add any more stress to our candidates looking to renew their certifications. If you are unable to, or uncomfortable about, taking your re-certification exams, we do not want you to worry about the status of your F5 certification; please, simply take care of yourself and your family. Although we cannot provide an exact plan of action given the uncertainty about the scope and duration of the current situation, we want to assure you that no candidate will lose certification as a result of these extraordinary events.

In an effort to provide assurance during uncertain times, F5 is committed to support candidates’ careers through certification and contribute to their wellbeing. We are a strong community, and we will work together to get through this.

 

Please read here for more details https://devcentral.f5.com/s/articles/COVID-19-Response-F5-Certifications-Q-A

A Flashback and a New Busy Year!

Dear Reader,

Thanks to spend your time reading this post on the first day of the new year.

The 2017 was a busy year regards projects and a new area i’ve been exploring myself (Business Development), this is quite new for me but it’s going….

What i mean by Business Development? I’ve been focus only on Engineering (hands-on) which is by far what i really like to do, so i get the implementation plan and GO! Why not dive in the conversation with the customer and understand their challenges, advise what technologies are in the market that really suit them. Presenting cutting-edge technologies and advise the customer is also something i really like.

What do i have for this upcoming year? I’ve done some re-cert’s, like Juniper, VMware and Cisco.
I have do do some re-certs this year too, but i want to focus more on the CCDE than ever, so i’m starting officially today and i hope do the Written in 6 months. I will attend the Cisco Live Barcelona 2018, so i hope get good contacts to push this even further. This is the plan mentally but i know this might has to change a bit.

CCNA Cyber Ops is just around the corner :)

Happy New Year.

F5 REST API Resources

These are for me the best two resources if you want embrace Dev/Net/Sec Ops using F5 iControl

 

Just a sneak peak of what you can find:

  • Mesos Marathon Container Integration
  • Kubernetes Container Integration
  • RedHat OpenShift Container Integration
  • OpenStack Cloud Integration
  • F5 Application Services Proxy
  • Dockers

Really recommended

http://clouddocs.f5.com/

https://devcentral.f5.com/wiki/iControl.HomePage.ashx

F5 TMOS v13 is out!

F5 launched TMOS v13, What’s new?

  • New Built-in TCP Profiles
  • TCP Nagle “Auto mode”
  • Diameter High Availability
  • SIP and Diameter Connection Auto-Initialization
  • Diameter Election Process Support
  • Diameter In-Band Monitor
  • ECDH and ECDSA
  • DAG v2
  • Enhanced platform diagnostics for iSeries platforms
  • Global VLAN based SYN flood protection

You can read the full release notes here

BigIP Factory default in 3 steps

When you restore the BIG-IP configuration to factory default settings, the system performs the following tasks:

Retains:

  • the management IP address
  • BIG-IP license file
  • files in the /shared partition
  • manually-modified bigdb database variables
  • Flags the Setup utility to run when the next user logs in to the Configuration utility

Removes:

  • All BIG-IP local traffic configuration objects
  • All BIG-IP network configuration objects
  • All non-system maintenance user accounts
  • System maintenance user account passwords (root and admin)
  • BIG-IP module data and policies
  • Current host name
  • local trust domain

These are the steps:

  1. Go to TMS
  2. Load the default config
  3. Save the config

After execute the 3 steps the big-ip daemon will restart using the default config, and it is ready to go again.

This is a factory default for a 11.x and 12.x code to execute on 10.x use load sys default-config

[email protected](backend)(cfg-sync Standalone)(Active)(/Common)(tmos)# load sys config default

Reset the system configuration to factory defaults? (y/n) y
Loading system configuration…
/defaults/asm_base.conf
/defaults/config_base.conf
/defaults/ipfix_ie_base.conf
/defaults/ipfix_ie_f5base.conf
/defaults/low_profile_base.conf
/defaults/low_security_base.conf
/defaults/policy_base.conf
/defaults/wam_base.conf
/defaults/analytics_base.conf
/defaults/apm_base.conf
/defaults/apm_saml_base.conf
/defaults/app_template_base.conf
/defaults/classification_base.conf
/var/libdata/dpi/conf/classification_update.conf
/defaults/daemon.conf
/defaults/pem_base.conf
/defaults/profile_base.conf
/defaults/sandbox_base.conf
/defaults/security_base.conf
/defaults/urldb_base.conf
/usr/share/monitors/base_monitors.conf
/usr/local/gtm/include/gtm_base_region_isp.conf
/usr/share/monitors/gtm_base_monitors.conf
Loading configuration…
/defaults/defaults.scf
Resetting trust domain…
Setting flag to reset ASM data…

[email protected](localhost)(cfg-sync Standalone)(INOPERATIVE)(/Common)(tmos)# save /sys config

Nov 14 02:54:37 localhost emerg logger: Re-starting bigd

Saving running configuration…
/config/bigip.conf
/config/bigip_base.conf
/config/bigip_user.conf
Saving Ethernet mapping…done

[email protected](localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)#quit

 

F5 BIG-IP iSeries more robust

F5 came out with new platforms called BIG-IP iSeries with the following features/innovations:

  • TurboFlex optimization technology that offloads specialized functions from the general CPU
  • Due the complexity of SSL offloading and traffic growing exponentially due IoT, this new platforms have more capacity (TPS) than their previous versions, in some cases 2.5 times more

Platforms Available:

f5-iseries

https://youtube.com/watch?v=Cmt-BFShy3c%3Fautoplay%3D1%26html5%3D1

The BIG-IP iSeries is the next generation of ADCs, with key innovations that enable customers to meet the challenges of rapidly shifting landscapes. Beyond a significant increase in capacity, the BIG-IP iSeries mixes the power of dedicated hardware with the flexibility of a programmable, updatable platform

References:

iSeries: Not Just a Better, Bigger, and Faster BIG-IP

BIG-IP System Hardware datasheet

F5 woke up!Official Study Guides Live

F5 folks was chasing F5 to provide Official Study Guides to their exams, and finally someone heard us!

They are not covering every cert , but it’s a good start. At the moment these are the guides available:

To get you in just need visit F5 Education and choose the cert (look at bottom for the study guide link), or you can to login on F5 University, and then click on Training Catalog!

Have fun!

F5 Getting Started Series now on 11.x

Good news from F5! F5 refreshed his WBTs on F5 University using 11.x code. They called this the “F5 Getting Started Series” and each section has interactive questions to do a check up of your knowledge. This Series covers the following products:

  • BIG-IP LTM
  • BIG-IP GTM
  • BIG-IP APM
  • BIG-IP ASM

Just click on the product and that will open automatic a new window.

F5_Started_Series
As before you can have hands-on on a virtual lab for 11.x code with the following topology. After you login on F5 University click on F5 Training Lab menu and get you Lab guide. Unfortunately you can´t play HA features on this lab but you can try the F5 BIG-IP LTM virtual edition (request a trial licence 90 days) for your own lab.

 

F5_LearnLab_v11

References:

F5 Certification Program

F5 University

I took the F5 101v2-Application Delivery Fundamentals beta exam

I was a guinea pig for F5 101v2 beta and i did it well i guess. After answer 140 questions in 150 minutes + extension of 30 minutes (not english native, but was not necessary) the hard part of this was review all my answers, yes again 140! I didn´t find this hard as mention by other guys who did the 101v1. After you submit the exam you can comment the questions (no chance to change answers at this point), personally i did it to give the F5 Team my understanding of what they can improve! But they could give the cert away for the guys who passed this exam, yes it´s Christmas! :)

And yes, against other exams you can go back and forwarded!

All 5 sections have the same score, so i got 75%

I wrote a post about my Study Notes for this exam so check it out!

This exam is one of the pre-requirements for the Exam 201 – TMOS Administration to achieve the F5 BIG-IP Certified Administrator

F5_CertificationTrainingTrack_2014

And even virtually i have my logo!

f5_101v2_ADF

Study Notes for F5 101v2-Application Delivery Fundamentals exam

As i said before i got an opportunity to test my knowledge (101v2 beta) and off course learn more about F5 ADC and other stuff. The information you need to learn is published in the official Blueprint Application Delivery Fundamentals. This new version will be available on Q1 2015.

F5 doesn´t have any guide (book,etc) like most of the vendors have, so you need to do it by your self. But i found a nice compilation did by Philip Jönsson (direct link) and another one by Rich Hill

A good tool is F5 University where you have free WBTs of LTM&APM (and more!!!), and hands-on on a virtual lab (code 10.x and 11.x). I think the most important are:

Getting Started with BIG-IP: Part 1 – Administration

Getting Started with BIG-IP: Part 2 – Application Delivery

Getting Started with BIG-IP Access Policy Manager (APM)

Getting Started with BIG-IP LTM: Part 1 – High Availability and Traffic Processing

Getting Started with BIG-IP LTM: Part 2 – iRules and Accelerating Traffic

Viprion Basics

HTTP Basics I

HTTP Basics II

A few facts:

  • The exam is based on 11.4.0 code
  • Exam cost 105 euros + VAT
  • The exam 101v2 will have 80 questions (70 scored and 10 unscored), and a minimum of 69% to pass it
  • Pre-requirement to go to the next level Exam 201 – TMOS Administration and be a F5 Certified BIG-IP Administrator (F5-CA)
  • All questions are scored equally
  • Passing the exam will be valid for 2 years
  • Most people agree that the v2 practice exam is much harder than the v1 production exam (mostly because of the number of questions).

I took the followed information from http://veritablenetworks.blogspot.pt/(Rich Hill) and change a few things for the renewed exam (101v2).

You can download my personal notes here.

Section 1 – OSI

Most of this information is common knowledge in the networking industry, but you probably don´t a few things especially when you get to the application layer protocols (sorry if i undervalue you!). The Wikipedia articles play a big role here, and yes Wikipedia Rulez!

  • Objective 1.01 – Explain, compare and contrast the OSI layers

OSI Model Wiki
Another OSI Model Overview

  • Objective 1.02 – Explain protocols and technologies specific to the data-link layer

Explain the purpose of a switch’s forwarding database
ARP
ARP on F5
MAC Address
Broadcast Domain
VLANs
Link Aggregation Wiki
Big IP Link Aggregation

  • Objective 1.03 – Explain protocols and apply technologies specific to the network layer

Routing on F5
TCP/IP Overview
IP Addressing & Subnetting
Routing Protocols
IP Packet Fragmentation
IP TTL (Time to Live)

  • Objective 1.04 – Explain the features and functionality of protocols and technologies specific to the transport layer

MTU / MSS
TCP Functionality
UDP Functionality
TCP Connection Setup by Virtual Server Type
TCP Profile Settings (Tunables)
UDP Profile Settings (Tunables)
TCPDUMP on F5
Retransmissions
Functionality of ports in general
Process of a reset

  • Objective 1.05 – Explain the features and functionality of protocols and technologies specific to the application layer

Application Layer Traffic Managment on F5
HTTP Functionality
HTTP Status Codes
HTTP Headers
F5 HTTP White Paper
DNS Functionality
DNS Record Types
SIP Functionality
F5 SIP White Paper
FTP Functionality
SMTP Functionality
HTTP Cookies
My Name is URL

Section 2 – F5 Solutions and Technology

In this section, we get into the actual F5 Solutions. Most engineers taking this exam will be experienced with LTM and iRules, but little else. Hopefully, the familiarity gained from the F5 datasheets and white papers shown below will help you to understand the breadth of the F5 offerings. Prepare to take the first step into a larger world.

  • Objective 2.01 – Articulate the role of F5 products

Access Policy Manager (APM)
Application Security Manager (ASM)
Local Traffic Manager (LTM)
Global Traffic Manager (GTM)
Enterprise Manager
BIG-IQ and ADN Management
F5 White Papers
F5 Datasheets

  • Objective 2.02 – Explain the purpose, use and advantages of iRules

iRule Wiki (Requires Devcentral Login)

  • Objective 2.03 – Explain the purpose, use and advantages of iApps

iApp Wiki (Requires Devcentral Login)

  • Objective 2.05 – Explain the purpose of and use cases for full proxy and packet forwarding/packet based architectures

Full Proxy Architecture (Lori MacVittie rules!)
Packet-Based vs Full Proxy
SNAT
Virtual Server Types

  • Objective 2.06 – Explain the advantages and configurations of high availability (HA)

F5 HA Basics
Config Sync
Big IP HA Features
Mirroring
VLAN Failsafe

Section 3 – Load Balancing Essentials

This section is a short one compared to the previous two. If you’re going after an F5 certification, you’re probably already familiar with much of this material, so you probably won’t have to study as much for this section. It never hurts to brush up on the algorithms and persistence methods.

  • Objective 3.01 – Discuss the purpose of, use cases for, and key considerations related to load balancing

Load Balancing Wiki
Load Balancing 101
Load Balancing Algorithms (Devcentral)
More on Load Balancing Algorithms
Another Load Balancing Algorithm Article
Yet Another Load Balancing Algorithm Article
Persistence

  • Objective 3.02 – Differentiate between a client and a server

Client / Server on Wiki – Yes, I’m surprised this is even a question.

Section 4 – Security

  • Objective 4.01 – Compare and contrast positive and negative security models

Positive Security Model
Positive vs Negative Security

  • Objective 4.02 – Explain the purpose and cryptographic services

Cryptography
SSL Certificates (Devcentral)
Certificate Chains
Public-Key Cryptography
Symmetric vs Asymmetric Encryption
Client SSL Profiles
Server SSL Profiles
SSLDUMP Utility

  • Objective 4.03 – Describe the purpose and advantages of authentication

F5 Authentication 101
AAA
Single Sign On
Multi-factor Authentication

  • Objective 4.04 – Describe the purpose, advantages and use cases of IPsec and SSL VPN

SSL VPN
IPsec VPN
IPSEC vs SSL VPN

Section 5 – Application Delivery Platforms

  • Objective 5.01 – Describe the purpose, advantages, use cases, and challenges associated with hardware-based application delivery platforms and virtual machines

Virtualization
Virtualization Platforms

  • Objective 5.02 – Describe the purpose of the various types of advanced acceleration techniques.

Application Performance Optimization
TCP Optimization
Oneconnect
Caching
Compression
Pipelining
Acceleration 101

This is everything you need to know, but try learn deep something more!

References:

BIG-IP LTM 11.4.0 Documentation

Exam 101 – Application Delivery Fundamentals

Exam 201 – TMOS Administration

F5 Certification Program