《2022年F命令行配置配置手册 .pdf》由会员分享,可在线阅读,更多相关《2022年F命令行配置配置手册 .pdf(10页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、BIG-IP 系统命令bigstart Restarts the SNMP agent bigsnmpd. bigtop Displays real-time statistics. Config Configures the IP address, network mask, and gateway on the management (MGMT) port. Use this command at the BIG-IP system prompt prior to licensing the the BIG-IP system, and do not confuse it with the
2、 bigpipe config command or the BIG-IP Configuration utility. halt Shuts down the BIG-IP software application. hostname Displays the name you have given to the BIG-IP system. printdb Prints the values of one or more entries in the bigdbTM database. reboot Reboots the BIG-IP system. ssh and scp Access
3、 command line interfaces on other SSH-enabled devices, and copy files to or from a BIG-IP system. 自定义 Bigpipe shell 名称输入 bigpipe shell 进入 shell 模式,然后输入 : bp shell prompt bp shell prompt BIG-IP系统 Shell名称将变成 : BIG-IP Bigpipe Shell 逃避特性在 F5的 Bigpipe Shell Prompt模式下 ,无法执行 Linux 的命令集 ,这个时候可以使用此特性避开此限制 ,在
4、 Linux命令前加 ”! ”.BIG-IP!ls / 查看目录BIG-IP!ifconfig / 查看接口配置BIG-IP网络组件? Interfaces ? Routes ? Self IP addresses ? Packet Filters ? Trunks (802.3ad Link Aggregation) ? Spanning Tree Protocol (STP) ? VLANs and VLAN groups ? ARP 配置 Packet Filtering 命令: bigpipe packet filter 你可以定义一个包过滤规则来提供访问控制,速率 shaping,审
5、计. 配置路由命令:route ( | all | inet | inet6) 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 1 页,共 10 页 - - - - - - - - - F5的 Show Tech rootXXXX:Standby config # qkview Getting systemwide backup configuration files. Getting AOM information. Getting last 175 lines of log fi
6、les. Getting last 175 lines of gzipped log files. Getting md5 sum information. Getting core file list. Getting Public Certificate information. Getting tmctl information. completed. 6 of 161 checks produced no data Diagnostic information has been saved in file /var/tmp/XXXX.COM-tech.outPlease send th
7、is file to . BIP-IP帮助BIG-IPpool help / 查看 pool 帮助BIP-IP Bigtop 命令rootISAG-2:Standby config # bigtop conn bigtop - display real-time statistics -bytes display counts in bytes (vs bits) -pkts display counts in packets (vs bits) -reqs display counts in requests (vs connections) -vips number of virtual
8、servers to print -nodes number of nodes to print -once print once and exit -delay number of seconds between samples (default 4) -scroll disable full-screen mode -nosort disable sorting -conn sort by connection count (vs byte count) -delta sort by count since last sample (vs total) -n print IP addres
9、s and services in numeric format -vname display virtual servers by name (vs IP address) -help, -h print this message 日志文件系统To change the size of the log file 1. Access the BIG-IP system prompt.2. Stop the BIG-IP system or put the system into a safe condition such as standby mode using the bigstart s
10、top command. 3. Type the following command: resize-logFS This command prompts you for the desired file size in gigabytes. 4. At the prompt, type an integer.名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 2 页,共 10 页 - - - - - - - - - The minimum allowed value is 1, and
11、 the maximum allowed value is 10. A prompt appears that allows you to confirm the specified file size. 5. Type Y. A message appears, notifying you of the need for the BIG-IP system to perform a reboot, followed by a prompt, which allows you to permit the reboot operation. Note: Prior to rebooting, t
12、he BIG-IP system verifies that the integer you typed in step 3 is within the allowed range, and checks to ensure that enough disk space exists for the specified size. 6. Type Y. A confirmation prompt appears. 7. Type Y. The system displays messages indicating that the reboot operation is about to oc
13、cur. 8. Wait for the reboot operation to finish. When the system becomes available again, the newly-specified disk space for the log file will be in effect. WARNING Do not delete the files: /shared/.LoopbackLogFS and /shared/LogFS_README, because this action deletes all of your log files. 启用/禁用虚拟服务或
14、虚拟地To enable or disable a virtual server To enable or disable a virtual server, use the appropriate command syntax: bp virtual : enable | disable To enable or disable a virtual address, use the appropriate command syntax: bp virtual address enable | disable 从服务中移出单个的Node You can remove an individual
15、 node from service, or return an individual node to service from the bigpipe shell command line. To remove an individual node from service, use the following command: bp node : down To return an individual node to service, use this command: bp node : up 查看修改 F5系统配置文件BIG-IP系统包含许多配置文件 ,存放着必需的信息 .你可以使用
16、你喜爱的文件编辑器来编辑或者查看这些文件,当你没有条件使用浏览器时,有时候修改配置文件很有必要 .这就需要 F5的无浏览器配置模式和命令行配置模式Important: 在你编辑完bigip.conf or bigip_base.conf 重启 MCPD service之前, 你必须运行bigpipe load 确保 MCPD service 使用的是当前的配置数据BIG-IP system configuration 常用文件alert.conf Stores definitions of SNMP traps (system default alerts). 名师资料总结 - - -精品资料
17、欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 3 页,共 10 页 - - - - - - - - - user_alert.conf Stores definitions of SNMP traps (user-defined alerts). /config/bigip.conf Stores all configuration objects for managing local application traffic, such as virtual servers, load balancing poo
18、ls, profiles, and SNATs. Note that after you edit bigip.conf, and before you restart the MCPD service, you must run the bigpipe load command. /config/bigip_base.conf Stores BIG-IP self IP addresses and VLAN and interface configurations. Note that after you edit bigip_base.conf, and before you restar
19、t the MCPD service, you must run the bigpipe load command. /config/bigip.license Stores authorization information for the BIG-IP system. /etc/bigconf.conf Stores the user preferences for the Configuration utility. /config/bigconfig/openssl.conf Holds the configuration information for how the SSL lib
20、rary interacts with browsers, and how key information is generated. /config/user.db Holds various configuration information. This file is known as the bigdb database. /config/bigconfig/httpd.conf Holds configuration information for the web server. /config/bigconfig/users The web server password file
21、. Contains the user names and passwords of the people permitted to access whatever is provided by the webserver. /etc/hosts Stores the hosts table for the BIG-IP system. /etc/hosts.allow Stores the IP addresses of workstations that are allowed to make administrative shell connections to the BIG-IP s
22、ystem. /etc/hosts.deny Stores the IP addresses of workstations that are not allowed to make administrative shell connections to the BIG-IP system. /etc/rateclass.conf Stores rate class definitions. /etc/ipfwrate.conf Stores IP filter settings for filters that also use rate classes. /etc/snmpd.conf S
23、tores SNMP configuration settings. /etc/snmptrap.conf Stores SNMP trap configuration settings. /config/ssh Contains the SSH configuration and key files. /etc/sshd_config This is the configuration file for the secure shell server (SSH). It contains all the access information for people trying to get
24、into the system by using SSH. /config/routes Contains static route information. 查看系统 Lincenses rootISAG-2:Standby config # find_keys ISAG-2 koradsatn. omtitra eod ISAG-2 junl trig Cmi nevl5scnsdt md.6koradsatn. omtitra eod Found license key JTPBO-CHRSX-DGBIO-HOAHJ-MOZJEVA License file location is: /
25、sda.1/config/bigip.license Found license key JTPBO-CHRSX-DGBIO-HOAHJ-MOZJEVA Unmounting unneeded partitions. ISAG-2 junl trig Cmi nevl5scnsn Cmi nevl5scnsree aamd.junl trig Cmi nevl5scnsEXT3-fs: mounted filesystem with ordered data mode. ISAG-2 junl trig Cmi nevl5scnskjournald starting. Commit inter
26、val 5 seconds complete Above information can be found in /tmp/keys.out Managing Local Application Traffic 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 4 页,共 10 页 - - - - - - - - - ? Setting up load balancing ? Controlling HTTP traffic ? Implementing HTTP and TCP op
27、timization profiles ? Authenticating application traffic ? Implementing persistence ? Enhancing the performance of the BIG-IP system ? Managing health and performance monitors ? Implementing iRules 设置 VirtualServer负载均衡1. Decide what types of traffic you want the BIG-IP system to manage, as well as w
28、hether you want to implement session persistence, connection persistence, and remote authentication. 2. For each decision in step 1, decide whether you want to use the corresponding default profile that the BIG-IP system provides, or whether you want to create a custom profile. 3. Access the bigpipe
29、 shell . 4. If you want to create custom profiles, use the profile command, specifying the appropriate type of profile as an argument. If you do not want to create custom profiles, skip this step. 5. Create one or more load balancing pools, using the pool command. 6. Create a virtual server, using t
30、he virtual command, and assign to it any profiles and pools that you created. If you are using default profiles, some of those profiles might already be assigned to the virtual server by default. 配置克隆 Pool 克隆 Pool 设计是用于入侵检测,你可以针对一个VS设置一个克隆Pool,这个克隆的VS接收世的流量和普通Pool 一样 ,你就可以复制流量到入侵检测系统中. 1. Access the
31、 bigpipe shell . 2. Use the virtual command, to create or modify a virtual server, specifying a value for the clone pool argument. 配置最后一跳Pool 默认 ,BIG-IP系统自动启用最后一跳特性是,如果你想禁用这个特性.然后自己手工定义一个最后一跳路由器,你可以建立一个最后一跳pool 并且指定其属于某个VS当中 . 1. Access the bigpipe shell . 2. Use the pool command to create a last ho
32、p pool that contains the router inside addresses. 3. Use the lasthop pool argument with the virtual command to assign the last hop pool to a virtual server. If you have not assigned an SSL profile to the virtual server, use the profile argument with the virtual command to assign the profile to the v
33、irtual server. 配置 SNATs 这里有两种基础方法来建议一个SNAT, 你可以直接将一个转换地址委派给一个或多个源IP 地址 ,或者你可以配置一个 SNAT pool,然后委派这个SNAT pool到某个源 IP地址 ,在较新的版本中,BIG-IP自动从 SNAT Pool中选择一个转换地址Note that you can assign these types of mappings from within an iRule. 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - -
34、 - 第 5 页,共 10 页 - - - - - - - - - To map a single translation address to an original address 1. Access the bigpipe shell . 2. Designate an IP address as a translation address, using the snat translation command. 3. Map the translation address to one or more original IP addresses, using the snat comm
35、and or the rule command. To map a SNAT pool to an original address 1. Access the bigpipe shell . 2. Create a pool of translation addresses (that is, SNAT pool), using the snatpool command. 3. Map the SNAT pool to one or more original IP addresses, using either the snat command or the rule command. 配
36、置HTTP traffic 你可以配置BIG-IP来控制 HTTP流量 :配置 HTTP压缩 ,HTTP请求重定向 ,HTTP请求重写 ,插入和插除HTTP头,启用或者禁用cookie加密和 SYN cookie支持 ,配置 HTTP 类 Profile, HTTP响应数据组块控制. Configuring HTTP compression 配置 BIG-IP系统压缩HTTP 服务响应1. Access the bigpipe shell.2. Configure the compression-related settings of an HTTP profile,using the pro
37、file http command.3. Assign the HTTP profile to a virtual server, using the virtual command. Redirecting HTTP requests 你可以配置 HTTP Profile 来重定向 HTTP请求 ,并且在这个Profile 中定义一个Fallback主机1. Access the bigpipe shell.2. Using the profile http command, create or modify an HTTP profile, specifying a value for t
38、he fallback argument. You can specify either a URI or the default fallback host, or you can specify that you want no HTTP redirection. 3. Verify that the HTTP profile you created or modified is assigned to a virtual server. Rewriting HTTP redirections 你可以配置 HTTP Profile 来重写 HTTP的重定向规则1. Access the b
39、igpipe shell.2. Using the profile http command, create or modify an HTTP profile, specifying a value for the redirect rewriteargument. For example, to create a profile that only rewrites URIs matching the originally requested URI (minus an optional training slash), use the following syntax: profile
40、http myHTTPprofile redirect rewrite matching 3. Verify that the HTTP profile you created or modified is assigned to a virtual server. Inserting and erasing HTTP headers 你可以配置 HTTP Profile 来插入一个头文件到HTTP请求 ,或者从 HTTP请求中移出一个头文件1. Access the bigpipe shell . 2. Using the profile http command, create or mo
41、dify an HTTP profile, specifying a value for either the header insert, header erase, or insert xforwarded for options. 3. Verify that the HTTP or Fast HTTP profile you created or modified is assigned to a virtual server. 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第
42、 6 页,共 10 页 - - - - - - - - - Enabling or disabling cookie encryption 你可以使用 Profile http 中的两个选项来启用或者禁用cookie 加密1. Access the bigpipe shell.2. Using the profile http command, create or modify an HTTP profile, specifying a value for the encrypt cookieand cookie secret options. 3. Verify that the HTTP
43、profile you created or modified is assigned to a virtual server. Enabling or disabling SYN cookie support 为了管理 DOS攻击 ,你可以在一个Fast L4 Profile中配置 SYN Cookie选项启用或者禁用SYN Cookie支持功能如果 BIG-IP系统包含了Packet Velocity ASIC (PVA) 技术 ,使用 profile fastl4 命令 ,定义一个 hardware syncookie(enable | disable | default)选项 ,同样
44、,你可以根据需求设置以下的变量通过db 命令 . ? pva.SynCookies.Full.ConnectionThreshold (default : 500000) ? pva.SynCookies.Assist.ConnectionThreshold (default : 500000) ? pva.SynCookies.ClientWindow ( default : 0) 值得注意的是这个hardware syncookie 特性目前只可用于D84 和 D88 平台 .在其实平台设备这个特性无效.所以如果你在D84 和 D88 上设置 software syncookie 特性 ,
45、SYN Cookie只通过软件处理如果 BIG-IP系统不包含Packet Velocity ASIC(PVA) 技术 ,使用 profile fastl4 命令 ,指定为 software syncookie (enable | disable | default) option. Configuring the HTTP Class profile BIG-IP系统包含一种Profile 叫做 HTTP Class Profile, 你可以使用你定义的标准来用分类HTTP流量 ,当你分类流量的时候 ,你转地流量的原则是根据审查目标流量的头文件或者内容来定. 如果 BIG-IP系统包含 Ap
46、plication Security Manager (ASM) 或者 WebAcclerator 模块 ,你可以配置系统来先发送HTTP流量到那个模块 ,然后再发送到最终目标,例如 ,你可以使用HTTP Class Profile来对 Virtual Server 下命令 ,要求它发送流量先经过ASM 然后再转发到负载均衡Pool. Unchunking and rechunking HTTP response data 如果你想要监控内容你可以取消或者重新对HTTP响应进行组块操作 ,只需要配置HTTP Profile来启用unchunking 功能 . 1. Access the big
47、pipe shell . 2. Using the profile http command, create or modify an HTTP profile and specify the response argument. 3. Make sure that you have assigned the HTTP profile to a virtual server, using the virtual command. Implementing persistence 为了对进入 VS的连接实施会话保 ,访问 Bigpipe shell使用 Profile 和 Virtual 命令.
48、你能够设备的保持有以下几种: 实施 Session保持? Cookie ? Destination Address Affinity ? Microsoft Remote Desktop Protocol (MSRDP) ? Hash ? Session Initiation Protocol (SIP) 名师资料总结 - - -精品资料欢迎下载 - - - - - - - - - - - - - - - - - - 名师精心整理 - - - - - - - 第 7 页,共 10 页 - - - - - - - - - ? Source Address Affinity ? SSL ? Uni
49、versal 具体操作 : 1. Access the bigpipe shell.2. Create a persistence profile, using the profile command, that corresponds to the type of persistence you want to implement. 3. Assign the persistence profile to a virtual server, using the persist and fallback persist arguments with the virtual command. 实
50、施连接保持为了实施连接保持 ,你可以添加一个 Keep-Alive头文件到 HTTP /1.0头文件里 (如果不存在 ).(默认 HTTP/1.1连接包含 Keep-Alive支持),你同样可以启用 connection pooling 特性,它可以保持服务器端的连接打开,重新用来供其它客户端请求所使用.你可以通过修改 HTTP或者 Fast HTTP Profile 文件来启用 keep-alive支持和Connection pools.同样可以修改 OncConnect Profile来实现 . To add Keep-Alive headers into HTTP requests 1.